Lucene search
K
PtsecurityMost viewed

184462 matches found

Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.20 views

PT-2022-3992 · Nginx · Nginx Ingress Controller

Name of the Vulnerable Software and Affected Versions: NGINX Ingress Controller versions 1.x and earlier NGINX Ingress Controller versions 2.x before 2.3.0 Description: The issue is related to insufficient input validation, allowing an authorized attacker to obtain secrets available to the NGINX...

6.8CVSS6.2AI score0.00607EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/08/03 12:0 a.m.20 views

PT-2022-3986 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: The issue exists due to insufficient protection of the web page structure in the web interface of Cisco Webex Meetings. This could allow a remote attacker to conduct a cross-si...

5.5CVSS5.2AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/05 12:0 a.m.20 views

PT-2022-20959 · Unknown · Newsletter Module

Name of the Vulnerable Software and Affected Versions: Newsletter Module versions 3.x Description: The issue is related to a SQL injection vulnerability. It can be exploited via the zemez newsletter email parameter at the "/index.php" API endpoint. Recommendations: For Newsletter Module version...

9.8CVSS9.6AI score0.01424EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/03/30 12:0 a.m.20 views

PT-2022-8695 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP version 1.5.beta5.20120707 Description: The issue is related to incorrect access control, allowing unauthorized attackers to access published content. Recommendations: For NexusPHP version 1.5.beta5.20120707, consider restricting...

7.5CVSS7.2AI score0.02015EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/01/28 12:0 a.m.20 views

PT-2022-12079 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetIrLights...

8.6CVSS7.9AI score0.01145EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/01/25 12:0 a.m.20 views

PT-2022-1608 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.5 Description: An issue was discovered in the Linux kernel, which is related to a memory leak in the yam siocdevprivate function in drivers/net/hamradio/yam.c. This issue can be exploited to cause a denial ...

9.8CVSS7.3AI score0.89063EPSS
Exploits296References1215
Positive Technologies
Positive Technologies
added 2021/09/23 12:0 a.m.20 views

PT-2021-20654 · Cisco · Cisco Aironet Access Point

Name of the Vulnerable Software and Affected Versions: Cisco Aironet Access Point AP software affected versions not specified Description: A vulnerability in the WLAN Control Protocol WCP implementation could allow an unauthenticated, adjacent attacker to cause a reload of an affected device,...

7.4CVSS7.3AI score0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/24 12:0 a.m.20 views

PT-2021-3958 · Apache · Apache Directory Studio

Name of the Vulnerable Software and Affected Versions: Apache Directory Studio versions prior to 2.0.0.v20210213-M16 Description: The issue is related to the absence of protection for service data. An attacker could exploit this to disclose protected information. The problem arises when configure...

7.8CVSS7.4AI score0.00793EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/04/30 12:0 a.m.20 views

PT-2021-7379

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the USB redirector device of QEMU, where small USB packets are combined into a single, large transfer request to improve performance. The combined size of the bulk transfer i...

8.1CVSS7.2AI score0.60631EPSS
Exploits3References307
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.20 views

PT-2021-7977 · Oracle +4 · Java +4

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http versions prior to 4.1.77.Final Description: The issue is related to insufficient fix for a vulnerability in Netty's multipart decoders, which can lead to local information disclosure via the local system temporary...

7.5CVSS6.3AI score0.99999EPSS
Exploits25References116
Positive Technologies
Positive Technologies
added 2021/02/01 12:0 a.m.20 views

PT-2021-2217 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.13 Description: A local privilege escalation issue is present in the Linux kernel due to multiple race conditions in the AF VSOCK implementation. These conditions are caused by incorrect locking in the...

10CVSS6.4AI score0.98745EPSS
Exploits292References349
Positive Technologies
Positive Technologies
added 2020/10/06 12:0 a.m.20 views

PT-2020-6177 · Linux +8 · Linux +8

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. This issue allows a local user to increase their privileges to that of a running kernel on a...

9.8CVSS7.5AI score0.78684EPSS
Exploits172References2248
Positive Technologies
Positive Technologies
added 2020/04/12 12:0 a.m.20 views

PT-2020-6008 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.3 Description: The issue is related to the function snd ctl elem add in the Linux kernel, specifically with the line count = info-owner, which can lead to errors when multiplying private size count. This coul...

9.8CVSS7AI score0.78684EPSS
Exploits153References789
Positive Technologies
Positive Technologies
added 2020/02/25 12:0 a.m.20 views

PT-2020-6587

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...

9.1CVSS8.2AI score0.99999EPSS
Exploits28References832
Positive Technologies
Positive Technologies
added 2020/02/17 12:0 a.m.20 views

PT-2020-5322 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.27 PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2 Description: The issue is related to a null pointer dereference when using file upload functionality in PHP. If upload progress tracking is...

10CVSS6.6AI score0.99998EPSS
Exploits287References489
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.20 views

PT-2019-12021 · Npm · Assign-Deep

Name of the Vulnerable Software and Affected Versions: assign-deep versions prior to 0.4.8 assign-deep versions prior to 1.0.1 Description: The issue allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. This is due to the...

7.5CVSS7.3AI score0.01142EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2017/06/01 12:0 a.m.20 views

PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS

The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...

5.4CVSS5.7AI score0.00891EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/05/19 12:0 a.m.20 views

PT-2017-2221 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue exists due to insufficient input validation in the tcp v6 syn recv sock function. This can be exploited by a local user to cause a denial of service or possibly have other unspecifi...

10CVSS7.7AI score0.60631EPSS
Exploits104References927
Positive Technologies
Positive Technologies
added 2017/01/26 12:0 a.m.20 views

PT-2017-3944

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2k OpenSSL versions 1.1.0 through 1.1.0d MySQL Server versions 5.6.35 and earlier MySQL Server versions 5.7.18 and earlier Description The issue is related to an out-of-bounds read in the OpenSSL library when...

10CVSS8.5AI score0.99999EPSS
Exploits190References229
Positive Technologies
Positive Technologies
added 2016/06/09 12:0 a.m.20 views

PT-2016-6001 · Trihedral · Vtscada

Name of the Vulnerable Software and Affected Versions: Trihedral VTScada formerly VTS versions 8.x through 11.x before 11.2.02 Description: The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via unspecified vectors. This affec...

7.5CVSS7.1AI score0.31392EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2016/03/17 12:0 a.m.20 views

PT-2021-3057

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Check Point GAiA affected versions not specified Description The issue concerns a flaw in the authentication procedure of the 802.11 standard, which underlies Wi-Fi Protected Access WPA, WPA2, an...

10CVSS7.2AI score0.98745EPSS
Exploits357References1333
Positive Technologies
Positive Technologies
added 2015/06/03 12:0 a.m.20 views

PT-2018-2681 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Linux kernel's NFS41+ subsystem. This vulnerability can be exploited when NFS41+ shares are mounted in different network...

10CVSS7.8AI score0.93838EPSS
Exploits116References1104
Positive Technologies
Positive Technologies
added 2013/03/13 12:0 a.m.20 views

PT-2013-2093 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 10 Description: The issue is related to a use-after-free vulnerability that allows remote attackers to execute arbitrary code via a crafted web site. This is achieved by triggering access to a...

9.3CVSS7.1AI score0.18477EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.19 views

PT-2026-54981

Name of the Vulnerable Software and Affected Versions Motors versions prior to 5.6.81 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 5.6.80...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.19 views

PT-2026-55198

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the do image upload function where user-supplied input from the acceptFileTypes PO...

9.8CVSS6AI score0.00542EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.19 views

PT-2026-55246

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.19 views

PT-2026-54935

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.14.0 Description When authentication is enabled, the trace API endpoints lack proper authorization validators. This occurs because the before request handler fails to register authorization validators for these...

8.1CVSS7.2AI score0.00348EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.19 views

PT-2026-54495

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...

5.8AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.19 views

PT-2026-54694

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A heap buffer overflow exists in Skia, a graphics library used by the browser. This issue allows a remote attacker who has already compromised the renderer process to potentially achiev...

9.6CVSS6.2AI score0.00479EPSS
Exploits0References452
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53615

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syft function for remote execution on the server. While a...

9.8CVSS6.6AI score0.00631EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53170

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS5.4AI score0.00133EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53529

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.5AI score0.01183EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53349

Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...

9.9CVSS5.8AI score0.00851EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53545

Summary OAuthManager.validate token returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. Details...

9.1CVSS5.9AI score0.00375EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53251

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description An OS command injection flaw exists in the POST Request Handler component. A remote attacker can exploit this by manipulating the submit-url argument within the formAccept function of the...

6.5CVSS7AI score0.01158EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53328

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53443

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53394

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode read only=True into the ...

10CVSS6.2AI score0.00289EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53462

langchain experimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...

9.8CVSS6.1AI score0.01387EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52694

Name of the Vulnerable Software and Affected Versions libnfs versions prior to 6.0.2 Description An integer underflow occurs in the READ IOVEC section of the rpc read from socket function within lib/socket.c. This issue is triggered during a connection to a crafted NFS server when the expected PD...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52776

Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52449

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description Nokogiri contains a bug occurring when certain methods are called on native wrapper classes that inherit from Nokogiri::XML::Node and have been allocated but not initialized. This leads to a NULL...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52616

Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...

10CVSS6.7AI score0.00639EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52598

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifie...

7.3CVSS5.7AI score0.00246EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52200

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.5 Description The parse function finalizes parsed tokens using Array.prototype.concat as a reduce accumulator, causing the entire growing array to be reallocated and copied during every iteration. This results...

8.7CVSS6.2AI score0.0036EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52406

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52618

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.201 Description An integer overflow exists in Mojo, a Chromium IPC Inter-Process Communication framework. This issue allows a remote attacker who has already compromised the renderer process to...

8.3CVSS5.9AI score0.00177EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-52151

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51986

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter verifier regarding linked register delta tracking. When the source register src reg and destination register dst reg are pointers to the...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-51627

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Password-reset tokens are generated using the account-activation lifetime conf.Auth.ActivateCodeLives instead of the intended password-reset lifetime conf.Auth.ResetPasswordCodeLives. Because the token...

6.8CVSS5.9AI score0.00202EPSS
Exploits0References10
Total number of security vulnerabilities5000