Lucene search
K
PtsecurityMost viewed

184427 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50201

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in DigitalCredentials. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote attack...

9.6CVSS6.3AI score0.00601EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50456

Name of the Vulnerable Software and Affected Versions undici versions 6.17.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The WebSocket client fails to limit the number of fragments in a message, only enforcing the maxPayloadSize on the...

7.5CVSS5.3AI score0.00759EPSS
Exploits0References136
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50190

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...

9.6CVSS6.1AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50340

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50123

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

7.1CVSS5.2AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50059

Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A high privileged attacker with...

7.2CVSS5.8AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49985

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50180

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49832

CVE-2026-38194 in the pocket ! Driver expose insecure IOCTLs allowing memory access from a standard user. Rapido = https://t.co/lWzOOGLK8g PoC for the read primitive only. I'm not releasing the arbitrary write, but the clever ones will figure it out easily...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49755

Name of the Vulnerable Software and Affected Versions LangGraph SQLite Checkpoint versions prior to 4.1.1 Description The JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. If an unauthorized party modifies checkpoint bytes at rest in the backing store, the...

6.8CVSS6.4AI score0.00232EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49610

On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...

6.3CVSS5.5AI score0.00164EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49873

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. This flaw allows an unauthenticated attacker...

8.3CVSS5.9AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49978

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via multiple protocols to compromise the software. Although the fl...

8.5CVSS5.8AI score0.00311EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50089

Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49790

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in the decodePacket function of RtpPacket can lead to out-of-bounds access. This issue may allow a local escalation of privilege without...

7.3CVSS6AI score0.00072EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49977

Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.4.0 through 8.4.9 MySQL Shell versions 9.0.0 through 9.7.0 Description An issue exists in the Shell: Dump and Load component of Oracle MySQL. An unauthenticated attacker with network access via multiple protocols can...

6.5CVSS5.9AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49698

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12 Firefox ESR versions prior to 140.12 Description A memory safety bug exists in the software, which could lead to instability or unexpected behavior when handling memory operations. Recommendations Update to...

9.1CVSS5.8AI score0.00476EPSS
Exploits0References217
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50176

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...

9.9CVSS6.2AI score0.00394EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50135

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An issue exists in the token public-only scope enforcement where a public-only scoped API token can access private organization data. This occurs due to two flaws: the endpoint '/user/orgs' is...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50164

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...

10CVSS6AI score0.0045EPSS
Exploits2References15
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49972

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49718

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...

6.3CVSS5.2AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50114

Unauthenticated PHP Object Injection in TechLink = 1.3 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49899

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Composer component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker with...

9.9CVSS5.9AI score0.00402EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49931

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Sites version 12.2.1.4.0 Oracle WebCenter Sites version 14.1.2.0.0 Description An issue in the Oracle WebCenter Sites component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to...

10CVSS5.8AI score0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

4.2CVSS5.9AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49653

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50084

Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...

8.5CVSS6.2AI score0.02787EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49967

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM version 9.3.6 Description An issue in the Security component of the Oracle Agile PLM product allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can result in a...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49765

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An exec allowlist bypass exists where authenticated operators can execute wrapper-level side effects outside the intended allowlisted command. This occurs because a command request reaching the...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49831

Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...

7.5CVSS6.1AI score0.00387EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49862

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue exists in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. This flaw allows an unauthenticated...

8.1CVSS5.8AI score0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49780

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An input validation issue exists in tool group policy callers that accept unvalidated group IDs. An attacker capable of supplying a group ID to the policy resolver could trigger incorrect...

7.1CVSS5.3AI score0.00169EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49647

Unauthenticated Cross Site Scripting XSS in Pods = 3.3.8 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49894

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

9.9CVSS5.9AI score0.00411EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49758

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description Exported session HTML preserves unsafe javascript: and data: links in generated content. This allows for the execution of browser-side scripts if a trusted operator opens the exported file and...

6.1CVSS5.5AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49990

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49859

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description A flaw in the Client Bundle component allows a low privileged attacker with network access via T3 and IIOP protocols to...

9.9CVSS5.7AI score0.00411EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49934

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS5.3AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50051

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Quality versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Quality product. A low privileged attacker with network access via HTTP can exploit this flaw...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49735

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description The Body Limit Middleware trusts the Content-Length header to determine if a request body is within the allowed limit. In environments such as AWS Lambda including API Gateway v1/v2, ALB, VPC Lattice,...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49893

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49904

Name of the Vulnerable Software and Affected Versions Oracle Application Development Framework ADF version 12.2.1.4.0 Oracle Application Development Framework ADF version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle Application Development Framework ADF...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49200

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.2AI score0.0012EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49354

Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49320

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49186

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.3AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49483

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49279

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A heap buffer overflow occurs in the Opus audio stream parser component. This issue allows attackers to cause a Denial of Service DoS, which is a condition where a system or service becomes unavailable to it...

5.5CVSS6.1AI score0.00202EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49265

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References2
Total number of security vulnerabilities5000