Lucene search
K
PtsecurityMost viewed

184424 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47052

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 10.0.3 Description An SQL injection allows an unauthenticated remote attacker to execute arbitrary SQL statements. This can result in the complete compromise of the underlying database. The issue requires no...

9.8CVSS6AI score0.00479EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46992

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description Public shared-view relation endpoints fail to verify if a caller-supplied column ID is visible in the shared view. This allows anyone with a share UUID to read links from any LTAR...

6.9CVSS5.8AI score0.00239EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-48567

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-48 ImageMagick versions prior to 7.1.2-24 Description Incorrect parsing of the filename allows a policy bypass, enabling the reading of files disallowed by a security policy through the use of a symlink a...

5.9CVSS5.5AI score0.00227EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47068

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.3 Description The plugin is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and determines the...

4.9CVSS5.6AI score0.00352EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47078

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47031

Name of the Vulnerable Software and Affected Versions HAX CMS PHP version versions prior to 26.0.0 Description The PHP version of HAX CMS contains an authenticated file overwrite issue. An attacker can exploit this to configure malicious Git filter commands, leading to code execution on the serve...

9.4CVSS6AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46959

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard page/forms/upload student data.php of the component Student Data...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46994

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The password-reset page renders the URL token directly into a JavaScript string literal within a server-rendered EJS template. Because EJS HTML-entity-encodes only a fixed set of characters and...

5.1CVSS6AI score0.00262EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47015

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms with hardware IPSec support and specific IPsec features enabled, the system may exhibit unexpected behavior. Physical interface flaps and certain agent restarts can trigger...

8.2CVSS5.4AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46974

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46367

Unauthenticated Local File Inclusion in WineShop = 3.17 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46225

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application verifies if a matching template exists but fai...

5.1CVSS5.5AI score0.00154EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46496

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue exists in SurfaceCapture. A remote attacker who has compromised the renderer process can potentially perform a sandbox escape by using a crafted HTML...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References440
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46329

Unauthenticated Local File Inclusion in Planty = 1.14.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46856

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46805

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in CustomTabs allows a local attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...

9.6CVSS5.5AI score0.00411EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46177

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The registration endpoint '/v1/account/register' lacks bot mitigation mechanisms. This allows malicious automated systems to perform account creation exhaustion,...

9.1CVSS5.4AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46797

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in the user interface allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that...

9.6CVSS5.5AI score0.00493EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46304

Name of the Vulnerable Software and Affected Versions WebOb versions prior to 1.8.10 Description An open redirect occurs when the software normalizes the HTTP Location header to include the request hostname. The process involves parsing the redirect URL using Python's urllib.parse and joining it ...

6.1CVSS5.3AI score0.00161EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46241

T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account...

5.8AI score0.00421EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46481

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in the browser allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a pointer after it has been...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References433
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46234

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument ef id leads to sql injection. The attack may be performed from remote. The exploit has been...

6.5CVSS6.4AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46297

Name of the Vulnerable Software and Affected Versions BarTender 2010 BarTender 2016 versions prior to R10 BarTender 2019 versions prior to R11 Description An unauthenticated remote code execution issue exists in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The...

9.8CVSS6.4AI score0.00729EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46111

Name of the Vulnerable Software and Affected Versions SP Project & Document Manager versions prior to 4.72 Description Unauthorized access is possible due to a missing capability check in the view file function. Unauthenticated attackers can read file metadata and obtain download links for...

7.5CVSS5.7AI score0.003EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46293

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description The SMS module contains a stored Cross-Site Scripting XSS issue, where the application fails to properly sanitize user input within SMS messages before they are stored and...

7.1CVSS5.5AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46317

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46226

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A URL validation flaw in the dashboard button widget allows a crafted relative-looking URL to be accepted as a local path while browsers interpret it as an external URL. The validation process...

6.1CVSS5.4AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46167

A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A hig...

3.6CVSS5.2AI score0.00075EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46243

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

5.8AI score0.0014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46309

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.22.Final Description The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When sun.misc.Unsafe is unavailable—such as when the JVM is started with...

9.1CVSS5.7AI score0.00174EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46319

Name of the Vulnerable Software and Affected Versions Bluetooth Mesh affected versions not specified Description An integer underflow occurs in the bt mesh sol recv function within the Bluetooth Mesh solicitation handling. When CONFIG BT MESH OD PRIV PROXY SRV is enabled, the function parses...

6.3CVSS5.7AI score0.00218EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46162

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device encrypts data using AES-CBC Advanced Encryption Standard in Cipher Block Chaining mode with static zero-filled Initialization Vectors IVs. This...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46812

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description An inappropriate implementation in Chrome for iOS allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...

9.6CVSS5.5AI score0.00456EPSS
Exploits0References436
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46829

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46164

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46295

Name of the Vulnerable Software and Affected Versions nvm versions prior to 0.40.5 Description Command injection occurs when the software executes arbitrary commands from version strings provided by a configured Node.js/io.js mirror. When commands like nvm install read available versions from the...

7.5CVSS5.7AI score0.00464EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46147

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The software lacks handler call depth tracking when specific functions are called from within handlers during a policy violation. This can lead to a use-after-free condition, which occurs when a...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46173

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f...

6.1CVSS5.9AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46405

Name of the Vulnerable Software and Affected Versions Azure HorizonDB affected versions not specified Description An authentication bypass via spoofing allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer versio...

10CVSS5.5AI score0.00973EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46335

Unauthenticated Local File Inclusion in CopyPress = 1.4.5 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46871

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

6.9CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46868

UserController::upsertUser writes user data in SYSTEM SCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

6.5CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46384

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.28 Description Iris is a web collaborative platform designed for incident responders to share technical details during investigations. The software contains an open redirect flaw that allows an attacker to redirect...

4.7CVSS5.5AI score0.00174EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46300

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description The Node.js HTTP adapter in Axios can leak proxy credentials to a redirect target. When a request is sent through an authenticated proxy, the Proxy-Authorization header ...

7.5CVSS5.4AI score0.00532EPSS
Exploits1References35
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46396

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This...

6.9CVSS5.4AI score0.00282EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46849

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

4.7CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46059

Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...

4.1CVSS5.5AI score0.00186EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46119

Name of the Vulnerable Software and Affected Versions EasyOCR versions prior to 2.91.0 Description The model download functionality extracts ZIP archives without validating member paths, which allows for Zip Slip attacks. Zip Slip is a form of path traversal that occurs when an application extrac...

7.5CVSS6.6AI score0.00478EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46009

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the pm8916 lbc supply driver. The problem occurs because the interrupt request IRQ is requested before the extcon handle is allocated using devm variants...

7.8CVSS5.8AI score0.00125EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46050

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description Multiple publicly accessible endpoints allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes a cryptographic hash function that produces a 160-bit...

5.8AI score0.00211EPSS
Exploits0References3
Total number of security vulnerabilities5000