Lucene search
K
PtsecurityMost viewed

184462 matches found

Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.20 views

PT-2026-7180

Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...

7.8CVSS6.2AI score0.00126EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.20 views

PT-2026-5847

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...

8.5CVSS6AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.20 views

PT-2026-5485

Name of the Vulnerable Software and Affected Versions Sistem Informasi Pengumuman Kelulusan Online version 1.0 Description The application contains a cross-site request forgery condition that permits attackers to add unauthorized admin users. This is achieved by exploiting the tambahuser.php...

5.3CVSS5.1AI score0.00179EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.20 views

PT-2026-4012

Name of the Vulnerable Software and Affected Versions merkulove Crumber versions through 1.0.10 Description An authorization issue exists in merkulove Crumber crumber-elementor due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendation...

5.2AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.20 views

PT-2026-3899

Name of the Vulnerable Software and Affected Versions HarbourJwt affected versions not specified Description A JWT authentication bypass exists in HarbourJwt due to an issue with algorithm handling. Specifically, unsupported algorithms can lead to an empty signature, allowing forged tokens to pas...

5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.20 views

PT-2026-3510

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.13.2 Description Arcane, an interface for managing Docker containers, images, networks, and volumes, had a flaw where unauthenticated requests could be forwarded to remote environment agents, granting access to remot...

9.8CVSS5.8AI score0.00445EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.20 views

PT-2026-2934

Name of the Vulnerable Software and Affected Versions Outray versions prior to 0.1.5 Description A flaw exists in Outray that allows a user, even those on a free plan, to obtain more subdomains than permitted due to missing database transaction locks. Specifically, the issue resides in the API...

5.9CVSS6AI score0.0021EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.20 views

PT-2026-2638

Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...

5.2CVSS7.1AI score0.00165EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.20 views

PT-2026-2291

Name of the Vulnerable Software and Affected Versions osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 Description osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 contain an arbitrary file read issue in the ticket PDF export functionality. An attacker can...

8.7CVSS6.1AI score0.73125EPSS
Exploits3References36
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.20 views

PT-2026-45472

Name of the Vulnerable Software and Affected Versions Nextcloud versions 0.3.0 through 3.0.x Nextcloud versions 5.0.0 through 5.0.x Nextcloud versions 6.0.0 through 6.3.x Description A missing signature verification in User OIDC allows a malicious ID4me authority to identify as any user. This...

9.4CVSS5.4AI score0.00329EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.20 views

PT-2026-1213

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A security issue has been identified in the software. The strcpy function within the /goform/formUser file is susceptible to a buffer overflow when handling the passwd1 argument. This manipulation c...

9CVSS6.7AI score0.00783EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.20 views

PT-2026-8163

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the flexible proportions code. A lockdep splat can occur due to a race condition within the fprop new period function. Specifically, the issue arises...

5.5CVSS6.4AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.20 views

PT-2026-5077

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 147.0.1 Thunderbird versions prior to 140.7.1 Description A flaw exists that could allow for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This could potential...

9.8CVSS7.4AI score0.09348EPSS
Exploits2References132
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.20 views

PT-2025-54120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DRM subsystem where the drm copy field function may attempt to copy a NULL pointer. This occurs when a driver has a bug and fails to set...

7.8CVSS7.2AI score0.00462EPSS
Exploits2References917
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.20 views

PT-2025-53946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading...

7.8CVSS6.8AI score0.00462EPSS
Exploits2References896
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.20 views

PT-2025-53343

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...

8.7CVSS7.3AI score0.0035EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.20 views

PT-2025-53199

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/msm/dpu subsystem. Specifically, a missing check for a null pointer after a kzalloc call can lead to a null pointer dereference within the drm...

7.8CVSS7.3AI score0.00462EPSS
Exploits2References896
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.20 views

PT-2025-53034

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ext4 subsystem related to inode eviction with dioread nolock. Specifically, a warning could occur when evicting an inode, potentially due to...

7.8CVSS6.2AI score0.00462EPSS
Exploits2References894
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.20 views

PT-2025-51969

Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...

6.1CVSS5.8AI score0.02256EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.20 views

PT-2025-51464

Name of the Vulnerable Software and Affected Versions Merkulove Buttoner for Elementor versions through 1.0.6 Description An incorrect access control configuration exists in Merkulove Buttoner for Elementor. This allows exploitation due to missing authorization. Recommendations Update Merkulove...

5.4CVSS6.5AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.20 views

PT-2025-45507

Name of the Vulnerable Software and Affected Versions Revenera InstallShield versions 2023 R2 through 2025 R1 Description A potential Denial of Service issue exists in Revenera InstallShield. When a local administrator performs an uninstall, a symbolic link may be followed during the removal of a...

5.6CVSS6.3AI score0.00149EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.20 views

PT-2025-45026

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 2400 Samsung Mobile Processor Exynos 1580 Samsung Mobile Processor Exynos 2500 Description A race condition exists in the HTS driver, which can lead to an out-of-bounds write. This condition results in a denial ...

7.5CVSS6.3AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.20 views

PT-2025-44633

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The equipment can be initially configured using the manufacturer's application, Wi-Fi, a web server, or the manufacturer’s software. Configuration via UDP using...

9.2CVSS6.5AI score0.00498EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.20 views

PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

5.3CVSS6.5AI score0.00287EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.20 views

PT-2025-42259

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue identified through syzbot reporting. The issue occurs after commit e6d5dbdd20aa, which added multi-buff support for XDP running in gener...

7.8CVSS6.4AI score0.08942EPSS
Exploits4References987
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.20 views

PT-2025-41116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where extra debug information is output if an inline backref cannot be found during a lookup operation. This was identified through reports from Syzbot...

7.8CVSS6.3AI score0.08942EPSS
Exploits4References992
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.20 views

PT-2025-34069 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

9.8CVSS7.7AI score0.01537EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.20 views

PT-2025-33742 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A weakness exists in Scada-LTS 2.7.8.1 related to the manipulation of the Name argument in the publisher edit.shtm file, leading to cross-site scripting. The attack can be initiated remotely, and the...

5.1CVSS6.6AI score0.00326EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.20 views

PT-2025-32252 · Akamai · Akamaighost

Name of the Vulnerable Software and Affected Versions: Akamai Ghost versions prior to 2025-03-26 Description: An issue exists in Akamai Ghost, used for the Akamai CDN platform. A client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can...

4CVSS6.4AI score0.00536EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.20 views

PT-2025-31874 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles versions prior to 4.1.2 support FTP SITE CHMOD for mode 6777 setuid and setgid. This allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature an...

9.9CVSS7.5AI score0.0052EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/08/03 12:0 a.m.20 views

PT-2025-31775 · Code Projects · Human Resource Integrated System

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A problematic vulnerability exists in code-projects Human Resource Integrated System 1.0. The issue affects an unknown function within the /insert-and-view/action.php fil...

5.4CVSS3.7AI score0.00354EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.20 views

PT-2025-31545 · Undefined · Undefined

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...

8.8CVSS6.2AI score0.02016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.20 views

PT-2025-27102 · Unknown · Smart Notification

Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS6.5AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.20 views

PT-2025-25467 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this...

6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.20 views

PT-2025-24045 · WordPress · Developer Formatter

Name of the Vulnerable Software and Affected Versions: Developer Formatter plugin for WordPress versions up to, and including, 2015.0.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom CSS, caused by insufficient input sanitization and output escaping. This allows...

5.5CVSS5.2AI score0.00248EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.20 views

PT-2025-23339

Name of the Vulnerable Software and Affected Versions Lenovo PC Manager affected versions not specified Description An improper default permissions issue was reported that could allow a local attacker to elevate privileges. Recommendations At the moment, there is no information about a newer...

8.5CVSS5.3AI score0.00175EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.20 views

PT-2025-21067 · Intel · Intel Server M50Fcp +1

Name of the Vulnerable Software and Affected Versions: IntelR Server D50DNP and M50FCP boards affected versions not specified Description: The issue is related to improper input validation in the UEFI firmware GenerationSetup module, which may allow a privileged user to potentially enable...

5.6CVSS5.7AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.20 views

PT-2025-18895 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns a server shutdown leak in the SUNRPC component of the Linux kernel. It involves a race condition where kthread stop may prevent threadfn from being called, resulting...

8.8CVSS5AI score0.0129EPSS
Exploits3References652
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.20 views

PT-2025-18539

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A connections leak issue has been resolved in the Linux kernel. The problem occurred when the tlink setup failed, causing a module reference count leak because the cifsd kthread did not...

8.8CVSS7.3AI score0.0129EPSS
Exploits3References1378
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.20 views

PT-2025-16358 · Joturl · Joturl

Name of the Vulnerable Software and Affected Versions: JotUrl version 2.0 Description: The issue allows bypassing security requirements during the password change process. Recommendations: For JotUrl version 2.0, at the moment, there is no information about a newer version that contains a fix for...

6.5CVSS6.4AI score0.00312EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/14 12:0 a.m.20 views

PT-2025-16206 · Phpshe · Phpshe

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...

6.5CVSS7AI score0.00458EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.20 views

PT-2025-12313

Name of the Vulnerable Software and Affected Versions berriai/litellm version 1.52.1 Description An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and langfus...

7.5CVSS7AI score0.00523EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2025/02/23 12:0 a.m.20 views

PT-2025-7654 · WordPress · Accept Donations With Paypal & Stripe

Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal & Stripe plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...

6.1CVSS8.6AI score0.00299EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.20 views

PT-2025-17285

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iio component. The issue involves an out-of-bounds access in the veml6075 read int time ms function, where the...

7.8CVSS7.2AI score0.28222EPSS
Exploits13References505
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.20 views

PT-2025-5511 · Unknown · Hasthemes Extensions For Cf7

Name of the Vulnerable Software and Affected Versions: HasThemes Extensions For CF7 versions 3.2.0 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to perform Server Side Request Forgery. Recommendations: For versions 3.2.0 and...

4.4CVSS6.9AI score0.00329EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.20 views

PT-2025-4787 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...

5.8CVSS7.2AI score0.00363EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.20 views

PT-2025-4561 · Brianmiyaji · Legacy Eplayer

Name of the Vulnerable Software and Affected Versions: brianmiyaji Legacy ePlayer versions 0.9.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.20 views

PT-2025-13206 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved by adding shadow buffering for deferred I/O in the drm/fbdev-dma module. This change addresses driver errors related to kernel NUL...

7.8CVSS7.8AI score0.13036EPSS
Exploits3References825
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.20 views

PT-2024-35146 · Docusign · Docusign

Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue is related to a User Interface UI Misrepresentation of Critical Information vulnerability, which allows Content Spoofing. This means that the displayed version of a document does not...

8.2CVSS6.8AI score0.00353EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.20 views

PT-2024-34684 · Unknown · Hdc Module

Name of the Vulnerable Software and Affected Versions: HDC module affected versions not specified Description: The issue is related to the lack of verification of input parameters in the HDC module. Successful exploitation of this vulnerability may affect availability. Recommendations: At the...

5.5CVSS6.8AI score0.00114EPSS
Exploits0References5
Total number of security vulnerabilities5000