Lucene search
K
PtsecurityMost viewed

184484 matches found

Positive Technologies
Positive Technologies
added 2025/08/03 12:0 a.m.20 views

PT-2025-31775 · Code Projects · Human Resource Integrated System

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A problematic vulnerability exists in code-projects Human Resource Integrated System 1.0. The issue affects an unknown function within the /insert-and-view/action.php fil...

5.4CVSS3.7AI score0.00354EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.20 views

PT-2025-31545 · Undefined · Undefined

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...

8.8CVSS6.2AI score0.02016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.20 views

PT-2025-27102 · Unknown · Smart Notification

Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS6.5AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.20 views

PT-2025-25467 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this...

6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.20 views

PT-2025-24045 · WordPress · Developer Formatter

Name of the Vulnerable Software and Affected Versions: Developer Formatter plugin for WordPress versions up to, and including, 2015.0.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom CSS, caused by insufficient input sanitization and output escaping. This allows...

5.5CVSS5.2AI score0.00248EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.20 views

PT-2025-23339

Name of the Vulnerable Software and Affected Versions Lenovo PC Manager affected versions not specified Description An improper default permissions issue was reported that could allow a local attacker to elevate privileges. Recommendations At the moment, there is no information about a newer...

8.5CVSS5.3AI score0.00175EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.20 views

PT-2025-21067 · Intel · Intel Server M50Fcp +1

Name of the Vulnerable Software and Affected Versions: IntelR Server D50DNP and M50FCP boards affected versions not specified Description: The issue is related to improper input validation in the UEFI firmware GenerationSetup module, which may allow a privileged user to potentially enable...

5.6CVSS5.7AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.20 views

PT-2025-18495 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc3+ Description: The issue arises from the incorrect handling of file map count for non-leaf pmd/pud in the Linux kernel, specifically when collapsing hugepages. This triggers an unexpected BUG ON due to...

9.8CVSS7.5AI score0.01483EPSS
Exploits4References699
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.20 views

PT-2025-18539

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A connections leak issue has been resolved in the Linux kernel. The problem occurred when the tlink setup failed, causing a module reference count leak because the cifsd kthread did not...

8.8CVSS7.3AI score0.0129EPSS
Exploits3References1378
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.20 views

PT-2025-16582 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11 Description: A vulnerability in the Linux kernel's xhci driver has been resolved. The issue occurred when handling Stoppend and Stopped - Length Invalid events, where the driver did not skip missed...

7.8CVSS5.8AI score0.28222EPSS
Exploits3References949
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.20 views

PT-2025-16358 · Joturl · Joturl

Name of the Vulnerable Software and Affected Versions: JotUrl version 2.0 Description: The issue allows bypassing security requirements during the password change process. Recommendations: For JotUrl version 2.0, at the moment, there is no information about a newer version that contains a fix for...

6.5CVSS6.4AI score0.00312EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/14 12:0 a.m.20 views

PT-2025-16206 · Phpshe · Phpshe

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...

6.5CVSS7AI score0.00458EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.20 views

PT-2025-12313

Name of the Vulnerable Software and Affected Versions berriai/litellm version 1.52.1 Description An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and langfus...

7.5CVSS7AI score0.00523EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2025/02/23 12:0 a.m.20 views

PT-2025-7654 · WordPress · Accept Donations With Paypal & Stripe

Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal & Stripe plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...

6.1CVSS8.6AI score0.00299EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.20 views

PT-2025-5511 · Unknown · Hasthemes Extensions For Cf7

Name of the Vulnerable Software and Affected Versions: HasThemes Extensions For CF7 versions 3.2.0 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to perform Server Side Request Forgery. Recommendations: For versions 3.2.0 and...

4.4CVSS6.9AI score0.00329EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.20 views

PT-2025-4787 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...

5.8CVSS7.2AI score0.00363EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.20 views

PT-2025-4561 · Brianmiyaji · Legacy Eplayer

Name of the Vulnerable Software and Affected Versions: brianmiyaji Legacy ePlayer versions 0.9.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.20 views

PT-2024-35146 · Docusign · Docusign

Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue is related to a User Interface UI Misrepresentation of Critical Information vulnerability, which allows Content Spoofing. This means that the displayed version of a document does not...

8.2CVSS6.8AI score0.00353EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.20 views

PT-2024-34684 · Unknown · Hdc Module

Name of the Vulnerable Software and Affected Versions: HDC module affected versions not specified Description: The issue is related to the lack of verification of input parameters in the HDC module. Successful exploitation of this vulnerability may affect availability. Recommendations: At the...

5.5CVSS6.8AI score0.00114EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.20 views

PT-2024-11872 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the hwmon: asus-ec-sensors module. The issue arises because the devm kcalloc function may return NULL, and without prop...

5.5CVSS6.5AI score0.002EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.20 views

PT-2024-7388 · Mitsubishi · M800/M80/E80 Series +5

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric M800V/M80V Series versions affected versions not specified Mitsubishi Electric M800/M80/E80 Series versions affected versions not specified Mitsubishi Electric C80 Series versions affected versions not specified Mitsubishi...

5.9CVSS7.1AI score0.0054EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.20 views

PT-2024-39774

Name of the Vulnerable Software and Affected Versions Hunk Companion plugin for WordPress versions prior to 1.9.0 WP Query Console versions affected versions not specified Description The Hunk Companion plugin for WordPress has a flaw allowing unauthorized plugin installation and activation. This...

9.8CVSS9.8AI score0.09137EPSS
Exploits2References25
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.20 views

PT-2024-7151 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 21.2R3-S8-EVO Juniper Networks Junos OS Evolved versions from 21.4-EVO prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2-EVO prior to 22.2R3-S4-EVO Juniper Networks...

8.4CVSS7.4AI score0.00208EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.20 views

PT-2024-6855

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52 Description The vulnerability is related to a use-after-free issue in the smb2 set path size function. When smb2 compound op is called with a valid @cfile and returns -EINVAL, the reference to @cfile is...

7.8CVSS7.4AI score0.13036EPSS
Exploits7References1114
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.20 views

PT-2024-5919 · Google +4 · Skia +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...

10CVSS8.7AI score0.19272EPSS
Exploits39References296
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.20 views

PT-2024-37789 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: A SQL Injection issue allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This can be exploited by altering a privileg...

8.8CVSS8.7AI score0.00714EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.20 views

PT-2024-6337 · Google +4 · Skia +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...

9.6CVSS8.7AI score0.19272EPSS
Exploits27References264
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.20 views

PT-2024-37812 · WordPress · Reglevel

Name of the Vulnerable Software and Affected Versions: RegLevel plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages due to insufficient input...

5.5CVSS6.9AI score0.00341EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.20 views

PT-2024-17997 · WordPress · Wp-Stateless

Name of the Vulnerable Software and Affected Versions: WP-Stateless – Google Cloud Storage plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to a missing capability check on the dismiss notices function, which allows authenticated attackers with...

7.1CVSS9.1AI score0.00409EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.20 views

PT-2024-23100

Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2 Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send ...

9.8CVSS5.6AI score0.00825EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.20 views

PT-2024-5245 · National Instruments · Ni I/O Trace Tool

Name of the Vulnerable Software and Affected Versions: NI I/O Trace Tool affected versions not specified Description: A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an...

7.8CVSS8AI score0.00306EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.20 views

PT-2024-18194

Name of the Vulnerable Software and Affected Versions Pyhtml2pdf version 0.0.6 Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. Recommendations For Pyhtml2pd...

7.5CVSS7.2AI score0.00695EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.20 views

PT-2024-12393 · Audio · Audio

Name of the Vulnerable Software and Affected Versions: Audio affected versions not specified Description: The issue is related to memory corruption in the Audio component when processing IIR config data from the AFE calibration block. Recommendations: At the moment, there is no information about ...

7.8CVSS7.7AI score0.00109EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.20 views

PT-2024-15732 · 10Web · The Form Maker

Name of the Vulnerable Software and Affected Versions: The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress versions up to, and including, 1.15.21 Description: The issue is due to missing or incorrect nonce validation on the execute function, making it...

6.3CVSS7.1AI score0.00229EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.20 views

PT-2024-1597

Name of the Vulnerable Software and Affected Versions: kernel versions prior to 6.1.77-alt1 kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, kernel-uek-tools versions prior to 6.1.77-alt1 kernel versions 5.10.206 through 5.10.209 Debian 10 buster kernel...

7.8CVSS8.9AI score0.28058EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.20 views

PT-2024-4877 · Solarwinds · Solarwinds Access Rights Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager ARM affected versions not specified Description: The issue is related to a Directory Traversal Remote Code Execution vulnerability in the Connect method of SolarWinds Access Rights Manager ARM. This...

9.6CVSS8.4AI score0.02539EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.20 views

PT-2024-10887 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor WordPress plugin version 1.2.6 and earlier Description: The issue is related to an authenticated blind SQL injection problem. It occurs because the plugin does not properly sanitise or validate its setting fields, allowing an...

7.2CVSS7.2AI score0.00771EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.20 views

PT-2024-13983 · Unknown · Travel Website

Name of the Vulnerable Software and Affected Versions: Travel Website version 1.0 Description: The issue affects the login functionality, specifically the username parameter of the "loginAction.php" resource, which does not validate input characters. These characters are sent unfiltered to the...

9.8CVSS9.9AI score0.00672EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.20 views

PT-2023-31942 · Kantega +1 · Kantega Saml Sso Oidc Kerberos Single Sign-On +4

Name of the Vulnerable Software and Affected Versions: Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos...

6.1CVSS6.1AI score0.00495EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/12/23 12:0 a.m.20 views

PT-2023-10355 · Unknown · Deis Workflow Manager

Name of the Vulnerable Software and Affected Versions: Deis Workflow Manager versions up to 2.3.2 Description: A vulnerability was found in Deis Workflow Manager, which has been classified as problematic. This issue affects an unknown part of the system and leads to a race condition. The complexi...

7.5CVSS7.1AI score0.00396EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.20 views

PT-2024-12: SQL Injection in Cacti

The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...

8.8CVSS7.9AI score0.84628EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.20 views

PT-2023-7786

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 libssh2 versions through 1.11.0 Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17....

7.1CVSS8.5AI score0.93305EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.20 views

PT-2025-26009 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where adding an xattr to an inode does not ensure that the inode size is not less than EXT4 GOOD OLD INODE SIZE + extra isize + pad,...

8.8CVSS5.8AI score0.12746EPSS
Exploits24References935
Positive Technologies
Positive Technologies
added 2023/10/13 12:0 a.m.20 views

PT-2023-27199 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 4.1 through 4.1.38 WordPress versions 4.2 through 4.2.35 WordPress versions 4.3 through 4.3.31 WordPress versions 4.4 through 4.4.30 WordPress versions 4.5 through 4.5.29 WordPress versions 4.6 through 4.6.26 WordPress...

7.6CVSS7.1AI score0.79527EPSS
Exploits13References34
Positive Technologies
Positive Technologies
added 2023/07/08 12:0 a.m.20 views

PT-2023-25233 · Gz Scripts · Gz E Learning Platform

Name of the Vulnerable Software and Affected Versions: GZ Scripts GZ E Learning Platform version 1.8 Description: A problem was found in the processing of the component URL Parameter Handler, which can lead to cross site scripting. The issue can be exploited remotely. Recommendations: For GZ...

6.1CVSS6.3AI score0.00506EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/24 12:0 a.m.20 views

PT-2023-7510 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...

9.8CVSS6.2AI score0.99735EPSS
Exploits128References1112
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.20 views

PT-2025-40694

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/i915 subsystem related to handling requests for GuC virtual engines. Specifically, references to i915 requests could be held indefinitely acro...

7.8CVSS6.8AI score0.08942EPSS
Exploits4References1004
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.20 views

PT-2023-2733 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, whi...

10CVSS6.7AI score0.71737EPSS
Exploits87References2241
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.20 views

PT-2023-2512 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the Cisco Industrial Network Director could allow an authenticated, local attacker to read application data due to insufficient default file...

10CVSS6.1AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.20 views

PT-2023-23726 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions 24.0.0 through 24.0.10 Nextcloud server versions 25.0.0 through 25.0.4 Nextcloud server versions prior to 26.0.0 Description: The issue is related to missing brute-force protection on the WebDAV endpoints via the bas...

9.8CVSS6.3AI score0.04176EPSS
Exploits10References78
Total number of security vulnerabilities5000