Lucene search
K
PtsecurityMost viewed

184427 matches found

Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48283

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47725

Name of the Vulnerable Software and Affected Versions Prime Elementor Addons versions prior to 1.3.4 Description Insufficient input sanitization and output escaping in the Widget HTML Tag Settings allow authenticated attackers with contributor-level access or higher to perform Stored Cross-Site...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47868

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.4AI score0.0063EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48073

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48240

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47776

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the LDIF parser where it reads past the end of a heap buffer when processing attribute types that contain trailing semicolons during a database import. This...

6.5CVSS5.5AI score0.0016EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47826

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS5.5AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47532

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47800

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS5.8AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48247

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the Multimedia Rendition component, which could lead to arbitrary code execution in the context of the current user. This occurs when a user...

7.8CVSS7.8AI score0.00285EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47643

Name of the Vulnerable Software and Affected Versions micrometer-core versions 1.16.0 through 1.16.5 micrometer-core versions 1.15.0 through 1.15.11 micrometer-core versions 1.14.0 through 1.14.15 micrometer-core versions 1.13.0 through 1.13.18 micrometer-core versions 1.9.0 through 1.9.17...

7.5CVSS5.8AI score0.00623EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47839

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An error in the callback used to verify certificates during a Root CA key update in the Certificate Management Protocol CMP renders certificate validation ineffectual. Specifically, a typo in...

9.1CVSS5.8AI score0.00684EPSS
Exploits0References100
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47845

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48215

Name of the Vulnerable Software and Affected Versions Dell Client Platform BIOS affected versions not specified Latitude E7250 Latitude 7490 XPS 15 9560 Wyse 5070 Description An unauthenticated attacker with physical access to the SPI flash can exploit weak encoding of BIOS admin and user...

5.7CVSS6AI score0.00119EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48227

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

6.3CVSS5.6AI score0.00137EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47959

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code locally and remotely, potentially affecting the entire system. A heap-based buffer overflow...

8.4CVSS6.5AI score0.00364EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48008

Name of the Vulnerable Software and Affected Versions Microsoft Live Share Canvas SDK affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to elevate privileges over a network...

9CVSS5.2AI score0.00554EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47541

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS5.6AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-47651

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring WebFlux applications are susceptible ...

5.9CVSS5.8AI score0.00247EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•19 views

PT-2026-48324

Name of the Vulnerable Software and Affected Versions Spring Data REST versions 3.7.0 through 3.7.19 Spring Data REST versions 4.3.0 through 4.3.16 Spring Data REST versions 4.4.0 through 4.4.14 Spring Data REST versions 4.5.0 through 4.5.11 Spring Data REST versions 5.0.0 through 5.0.5 Descripti...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47450

Name of the Vulnerable Software and Affected Versions WACRM versions prior to commit 73041bf Description An authorization bypass exists in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants. By providing an arbitrary contact id in th...

7.1CVSS5.6AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47342

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS6.7AI score0.0057EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47310

A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub 45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely...

9CVSS6.1AI score0.00466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47624

Name of the Vulnerable Software and Affected Versions Arc versions prior to 2026.06.1 Description An authenticated user can read arbitrary local files by bypassing the user-SQL validator and RBAC table-reference extraction. The validator in internal/api/query.go:ValidateSQLRequest used a regex...

7.1CVSS6AI score0.00029EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47237

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...

6.5CVSS6.4AI score0.00133EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47262

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47311

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read resource of the file src/mysql mcp server/server.py of the component mysql URI Handler. This manipulation of the argument uri str causes sql injection. Remote exploitation of t...

6.5CVSS6.3AI score0.00205EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47267

Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A stack-based buffer overflow can be triggered remotely via the Wi-Fi Schedule Configuration Endpoint. The issue exists within the setSchedWifi function located in the /goform/openSchedWifi file. Thi...

9CVSS8.3AI score0.00466EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47312

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

5.4AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47261

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

8CVSS5.2AI score0.00313EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47590

Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge dest size. When dulwich ingested it via add thin pack / apply delta, it would...

5.7CVSS5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47336

A weakness has been identified in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be...

6.5CVSS6.1AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47306

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/vkms component where the vblank timer implementation differs from the standard DRM implementation. The vblank timer utilizes the handle vblank timeout function...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47233

Name of the Vulnerable Software and Affected Versions Sonaar Music Plugin version 4.7 Description A stored cross-site scripting issue exists in the comment functionality. Unauthenticated attackers can inject malicious scripts by submitting JavaScript payloads via the comment parameter to the...

7.2CVSS5.2AI score0.00184EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47340

Name of the Vulnerable Software and Affected Versions OpenBullet2 versions prior to 0.3.3 Description An authentication bypass exists in the API key authentication middleware. Unauthenticated attackers can gain administrative access to the admin console and all API endpoints by providing an empty...

9.8CVSS5.3AI score0.01509EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47288

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47270

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete leave type.php. The manipulation of the argument leave type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be us...

6.5CVSS6.4AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47487

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free i...

9.6CVSS6.1AI score0.01654EPSS
Exploits4References85
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47301

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47303

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the '/api/v1/origins' endpoint. This issue specifically impacts users who permi...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47437

Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A security flaw in the Web Management Interface allows remote exploitation via OS command injection. The issue exists within the formWriteFacMac function located in the /goform/WriteFacMa...

9CVSS8AI score0.01614EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47305

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47314

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A cross-site scripting issue exists in the HTML directory list generation of mod proxy ftp when listing FTP directory contents through forward or reverse proxy configurations...

9.8CVSS5.2AI score0.97108EPSS
Exploits22References131
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47367

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A race condition exists in the KVM x86 component between vmx sync pir to irr on a target vCPU and vmx deliver posted interru...

8.2CVSS5.4AI score0.00389EPSS
Exploits1References75
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47359

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description An RTNL assertion warning occurs in the txgbe driver for copper NICs with an external PHY during module removal. This happens because the phylink disconnect phy function is called without t...

9.8CVSS5.2AI score0.03663EPSS
Exploits27References340
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47353

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow exists in the vrealloc node align function. When a request is made to shrink an allocation size old size and a new allocation is required due to NUMA node or alignment...

9.8CVSS5.6AI score0.03663EPSS
Exploits17References337
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47382

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amdgpu/userq component where stale wptr mapping is accessed. This occurs when the wptr obj is unmapped while queue creation is in progress, allowing another...

9.1CVSS5.4AI score0.00457EPSS
Exploits1References62
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•19 views

PT-2026-47356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A crash can occur during early boot if the kernel command line parameters hugepages, hugepagesz, or default hugepagesz are...

9.8CVSS5.2AI score0.03663EPSS
Exploits21References337
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•19 views

PT-2026-47199

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

4.8CVSS3.9AI score0.00214EPSS
Exploits0References7
Total number of security vulnerabilities5000