Lucene search
K
PtsecurityMost viewed

184424 matches found

Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43556

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24confi getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-44154

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.26.0 Description An issue exists in the date filter's strftime implementation where width specifiers, such as %9999999d, are parsed and passed unchecked into the pad and padStart functions. In the...

7.5CVSS5.2AI score0.00385EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-47211

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.31 Symfony versions prior to 6.4.11 Description SymfonyComponentHttpClientNoPrivateNetworkHttpClient is a decorator designed to block requests to private networks. However, the list of blocked subnets omits severa...

6.3CVSS5.2AI score0.00029EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-47207

Name of the Vulnerable Software and Affected Versions Twig PHP templating engine affected versions not specified Description An allow-list bypass exists within the Sandbox filter, tag, and function mechanisms, which could allow an attacker to execute unauthorized actions by circumventing the...

6AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel network subsystem. The functions seg6 input core and rpl input call ip6 route input, which assigns a NOREF destination dst to the socket...

8.1CVSS6.2AI score0.00321EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43625

Name of the Vulnerable Software and Affected Versions dotCMS Core versions 25.11.04-1 through 26.04.28-02 Description Improper neutralization of special elements used in an SQL command allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The issue exists...

10CVSS6AI score0.01584EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-44025

Name of the Vulnerable Software and Affected Versions DearFlip versions prior to 2.4.28 Description A missing authorization issue in DearHive DearFlip allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails ...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43892

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the damon call and damos walk functions and the kdamond fn termination process. Because the registration of requests in damon call and the unsetting of...

4.7CVSS5.9AI score0.00088EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-44004

Name of the Vulnerable Software and Affected Versions LibVNCClient versions prior to 0.9.16 Description The Tight encoding decoder in LibVNCClient uses fixed-size 2048-pixel scratch buffers for the Gradient filter but fails to reject Tight rectangles with a width exceeding 2048 pixels. A maliciou...

8.8CVSS6AI score0.00242EPSS
Exploits0References29
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43551

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43984

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.1 Description Improper validation of symbolic links during archive extraction could allow remote code execution. This occurs when the software fails to correctly verify symbolic links shortcuts that...

9.8CVSS6.7AI score0.00624EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43560

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-44002

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 4.2.0 through 4.2.3 Description The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^client id-sensors$ to restrict access,...

8.1CVSS5.8AI score0.0025EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43454

Name of the Vulnerable Software and Affected Versions CarrierWave versions prior to 2.2.7 CarrierWave versions prior to 3.1.3 Description CarrierWave is a framework used to upload files from Ruby applications. The content type denylist check fails to escape regex metacharacters in string entries,...

4.7CVSS5.3AI score0.00223EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where a double decrement of the dirty clusters counter occurs during file system shutdown. This happens in the error path between the ext4 mb mark...

7.8CVSS5.4AI score0.00146EPSS
Exploits0References142
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43883

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A NULL pointer dereference issue exists in the remoteproc xlnx component. The system may crash if the receive callback does...

5.5CVSS6.2AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43815

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the ext4 ext shift extents function. When the extent is NULL within the while loop, the function returns immediately without releasing the path acquired through t...

5.5CVSS5.4AI score0.0016EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43783

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the power supply changed function. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating or...

7.8CVSS5.4AI score0.0016EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-44667

Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 148.0.7778.216 Description A race condition in WebRTC allows a remote attacker to leak cross-origin data by using a crafted HTML page. WebRTC Web Real-Time Communication is a technology that enables...

9.6CVSS5.9AI score0.00368EPSS
Exploits0References156
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43932

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the fbdev: defio component where deferred I/O was tied to the lifetime of struct fb info. This created a condition where a device hot-unplug could occur while user space...

7.8CVSS6AI score0.00129EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM nSVM component, an issue exists where the current RIP Instruction Pointer is incorrectly used as the NextRIP in vmcb02 after the first L2 VMRUN. For guests with NRIPS disabled...

5.5CVSS5.9AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the EROFS Enhanced Read-Only File System implementation where out-of-bounds handling occurs for trailing...

7.1CVSS5.9AI score0.00131EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43862

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the io uring/zcrx component. The function io free rbuf ring utilizes a struct user struct, but io zcrx ifq free releases this structure before the ring i...

7.8CVSS6AI score0.0012EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the caif connect function where a client is torn down after a remote shutdown by calling caif disconnect client and caif free client. The caif free client function...

5.5CVSS6AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43860

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the LoongArch architecture, the syscall number is directly controlled by userspace. The system lacks an array index nospec boundary, which is a mechanism used to prevent speculative...

9.8CVSS6.2AI score0.03663EPSS
Exploits20References291
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43884

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the deferred split queue during migration. The migrate folio move function records the deferred split queue state from the source and replays it on the...

9.8CVSS5.9AI score0.03663EPSS
Exploits17References278
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43922

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A string buffer overrun occurs in the AppArmor module due to missing termination. This issue manifests as a slab-out-of-bounds read within the aa dfa match function, specifically when...

9.8CVSS6.2AI score0.03663EPSS
Exploits17References278
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43494

Name of the Vulnerable Software and Affected Versions HTTP::Daemon versions prior to 6.17 Description OS command injection is possible through the send file function. This occurs because send file utilizes Perl's 2-arg open function, which interprets magic prefixes. Specifically, prefixes like '|...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References38
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-44164

Name of the Vulnerable Software and Affected Versions Basket versions prior to 2.1.17 Description The Basket module, which provides e-commerce and checkout functionality for Drupal sites, fails to sufficiently sanitize user-supplied data before it is processed by the PHP unserialize function. Thi...

5.9AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43930

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur during the shadow stack signal frame pop process in the sigreturn operation. The kernel attempts to verify that it is reading actual shadow stack memory by holding t...

5.5CVSS6AI score0.00094EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43953

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A flaw exists in the bridge component of the Linux kernel where local Forwarding Database FDB entries can be rewritten in place by the fdb delete local function. This process updates the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•19 views

PT-2026-43870

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The nameserver in the Qualcomm Router qrtr network subsystem does not limit the number of nodes it handles. A malicious clie...

5.5CVSS6AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-45148

Name of the Vulnerable Software and Affected Versions MariaDB versions 10.6.1 through 10.6.25 MariaDB versions 10.11.1 through 10.11.16 MariaDB versions 11.4.1 through 11.4.10 MariaDB versions 11.8.1 through 11.8.6 MariaDB version 12.3.1 Description On Windows, when the CONNECT engine is installe...

9.9CVSS5.5AI score0.00797EPSS
Exploits0References60
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-47113

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaG traceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

5.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43195

Name of the Vulnerable Software and Affected Versions Mayosis Core versions prior to 5.4.7 Description Missing Authorization in TeconceTheme Mayosis Core allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version later than 5.4.7...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43402

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

9.9CVSS6.3AI score0.00377EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43353

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS5.7AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43306

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.0 Description Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists in the issue list view, which supports bulk actions such as resolving or muting selected issues. The system...

3.1CVSS5.5AI score0.00147EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43412

There is a mitigation bypass / incomplete fix for CVE-2025-62582 Unauthenticated Remote Database Access An unauthenticated remote attacker can access configured databases in a DIAView project...

9.8CVSS5.8AI score0.00053EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43255

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43239

Name of the Vulnerable Software and Affected Versions Check Point affected versions not specified Description A Check Point HTTP-based service incorrectly handles malformed HTTP requests due to issues in HTTP request parsing and validation. Recommendations At the moment, there is no information...

5.3CVSS5.8AI score0.02607EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43364

Name of the Vulnerable Software and Affected Versions IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 through 9.0 Description Remote code execution is possible in the Web Server Plug-ins when processing a specially crafted request. This issue allows an...

9.8CVSS6.5AI score0.00847EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43366

Name of the Vulnerable Software and Affected Versions IBM HTTP Server version 8.5 IBM HTTP Server version 9.0 Description An invalid pointer dereference occurs in the Administration Server. A privileged, authenticated user can exploit this issue to cause a denial of service or expose sensitive...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43327

A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view patient. Performing a manipulation of the argument Remarks results in cross site scripting. Remote exploitation...

4.8CVSS4.4AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43423

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

5.8AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43163

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. The function make special file passes the tar header's linkname to...

7.5CVSS5.4AI score0.00417EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43417

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43368

Name of the Vulnerable Software and Affected Versions IBM HTTP Server version 8.5 IBM HTTP Server version 9.0 Description Remote code execution and denial of service are possible in configurations that utilize TLS mutual authentication, also known as client authentication, which is a process wher...

9.8CVSS6.2AI score0.00456EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43356

🚨 CVE-2026-48696 FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. šŸŽ–@cveNotify...

6.2CVSS6AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•19 views

PT-2026-43205

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References1
Total number of security vulnerabilities5000