Lucene search
K
PtsecurityMost viewed

184321 matches found

Positive Technologies
Positive Technologies
•added 2026/04/19 12:0 a.m.•29 views

PT-2026-43391

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.2 Forgejo versions prior to 1.26.2 Description A critical access control issue in the container registry allows unauthenticated remote attackers to pull private container images without credentials. The system fail...

8.2CVSS5.8AI score0.40738EPSS
Exploits1References47
Positive Technologies
Positive Technologies
•added 2026/02/25 12:0 a.m.•29 views

PT-2026-21927

Name of the Vulnerable Software and Affected Versions MR9600 versions 1.0.4.205530 MX4200 version 1.0.13.210200 Description A flaw exists due to missing neutralization of special elements, allowing for OS command injection via the TLS-SRP connection handshake. Successful exploitation results in...

9.8CVSS6AI score0.0032EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/02/09 12:0 a.m.•29 views

PT-2026-7089

The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...

5.8CVSS5.6AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/02/02 12:0 a.m.•29 views

PT-2026-5603

Name of the Vulnerable Software and Affected Versions D-Link DSL-6641K N8.TR069.20131126 Description A security issue exists in D-Link DSL-6641K N8.TR069.20131126 related to the doSubmitPPP function within the sp pppoe user.js file. Manipulation of the Username argument can lead to cross site...

4.8CVSS3.3AI score0.00408EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/01/01 12:0 a.m.•29 views

PT-2026-7843

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A flaw exists in PostgreSQL due to improper validation of...

4.3CVSS5.3AI score0.00281EPSS
Exploits0References149
Positive Technologies
Positive Technologies
•added 2025/07/16 12:0 a.m.•29 views

PT-2025-29696 · Unknown · Access Point

Name of the Vulnerable Software and Affected Versions: Access point affected versions not specified Description: Successful exploitation of the issue could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity,...

9.8CVSS6.5AI score0.22535EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2023/10/24 12:0 a.m.•29 views

PT-2023-29722 · Libsyn · Libsyn Publisher Hub

Name of the Vulnerable Software and Affected Versions: Libsyn Libsyn Publisher Hub plugin versions 1.4.4 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...

7.1CVSS6AI score0.00437EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2023/07/04 12:0 a.m.•29 views

PT-2023-3559 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.19.0-35 Description: The issue is related to the nft byteorder function in the Linux Kernel's netfilter subsystem, which poorly handles vm register contents when CAP NET ADMIN is in any user or network...

10CVSS6.2AI score0.71737EPSS
Exploits101References1281
Positive Technologies
Positive Technologies
•added 2021/09/08 12:0 a.m.•29 views

PT-2021-7751 · Linux +9 · Linux +9

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being...

9.8CVSS7.7AI score0.93838EPSS
Exploits350References1892
Positive Technologies
Positive Technologies
•added 2026/06/23 12:0 a.m.•28 views

PT-2026-51499

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decode each/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•28 views

PT-2026-51210

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue exists in the SSO Authentication Flow component within the get redirect response from openid function of the litellm/proxy/management endpoints/ui sso.py file. Remote manipulation o...

6.5CVSS6.6AI score0.00358EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•28 views

PT-2026-50985

Name of the Vulnerable Software and Affected Versions Joomla J-CruisePortal version 6.0.4 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the "cruises" endpoint using crafted SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•28 views

PT-2026-50843

Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...

9.8CVSS6.2AI score0.00886EPSS
Exploits2References10
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•28 views

PT-2026-50260

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.3AI score0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•28 views

PT-2026-49892

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

9.9CVSS5.9AI score0.00411EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•28 views

PT-2026-48934

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An account takeover issue exists in the email change mechanism. An attacker with temporary authenticated session access can change the registered email address without requiring re-authentication,...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•28 views

PT-2026-48384

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

6.9CVSS5.4AI score0.00362EPSS
Exploits2References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•28 views

PT-2026-48383

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS5.3AI score0.0019EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•28 views

PT-2026-48091

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•28 views

PT-2026-47905

Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A race condition occurs in Windows Push Notifications due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges...

7.8CVSS5.4AI score0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•28 views

PT-2026-47350

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description An issue exists in the drm/imagination component of the Linux kernel that can lead to a segmentation fault when updating the ftrace mask. This is caused by invalid data access due to...

9.8CVSS5.3AI score0.00675EPSS
Exploits9References334
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•28 views

PT-2026-46313

Name of the Vulnerable Software and Affected Versions SQLite sqldiff.exe versions prior to 2025-12-26 Description The sqldiff.exe utility does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. An attacker can exploit this by using the...

9.8CVSS5.7AI score0.00384EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•28 views

PT-2026-46263

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description Improper Authentication allows for an authentication bypass due to the use of weak and predictable cookie values. An attacker can gain unauthorized access to administrative...

9.8CVSS5.5AI score0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•28 views

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress Kemp LoadMaster versions prior to 7.2.63.2 Progress Kemp LoadMaster LTSF versions prior to 7.2.54.17 Progress ECS Connection Manager affected versions not specified Progress Object Scale Connection Manager affected versions not...

9.6CVSS8.2AI score0.29641EPSS
Exploits2References48
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•28 views

PT-2026-46303

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description Axios constructs a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can...

7.5CVSS5.9AI score0.00645EPSS
Exploits1References13
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•28 views

PT-2026-46183

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•28 views

PT-2026-46168

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•28 views

PT-2026-45784

Name of the Vulnerable Software and Affected Versions mint versions 0.1.0 through 1.8.x Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Request Splitting and HTTP Request Smuggling. In the encode request line/2 function within...

2.1CVSS6AI score0.00166EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•28 views

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 2:48 p.m.•28 views

PT-2026-08: Local Privilege Escalation Vulnerabilities in the Linux Kernel (Dirty Frag)

This security advisory provides information regarding Linux kernel vulnerabilities: CVE-2026-43284 and CVE-2026-43500 , informally known as Dirty Frag. These vulnerabilities allow for local privilege escalation to the superuser root level and affect the Linux kernel modules: esp4 , esp6 and rxrpc...

8.8CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•28 views

PT-2026-45257

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...

5.8AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•28 views

PT-2026-45504

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS5.4AI score0.00295EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•28 views

PT-2026-45349

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•28 views

PT-2026-45564

Name of the Vulnerable Software and Affected Versions Dräger Infinity Delta affected versions not specified Dräger Infinity Delta XL affected versions not specified Dräger Infinity Kappa affected versions not specified Description A denial-of-service issue exists where remote attackers can cause...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•28 views

PT-2026-45528

Name of the Vulnerable Software and Affected Versions Nextcloud versions 1.3.6 through 8.3.x Description An improper check in the authentication process allows users provided by LDAP to continue authenticating via user OIDC even after they have been deleted. Recommendations Update to version 8.4....

8.8CVSS5.8AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•28 views

PT-2026-45156

Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...

3.3CVSS5.4AI score0.00139EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•28 views

PT-2026-44260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the Multipath TCP MPTCP implementation. The mptcp pm add timer helper function, which operates as a timer callback in softirq context, fails to properly hold the...

9.8CVSS5.8AI score0.00426EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•28 views

PT-2026-47091

Name of the Vulnerable Software and Affected Versions crun affected versions not specified Description Security issues were identified and subsequently resolved in the software. Recommendations Update to version 1.28-1.1...

5.2AI score0.00024EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•28 views

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•28 views

PT-2026-42956

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

10CVSS7AI score0.01732EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/22 12:0 a.m.•28 views

PT-2026-42823

Name of the Vulnerable Software and Affected Versions Amazon Braket SDK versions prior to 1.117.0 Description Insecure deserialization in the job results processing component may allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on...

7.5CVSS6.5AI score0.0038EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•28 views

PT-2026-40893

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub dir' and 'media items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•28 views

PT-2026-39957

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/11 12:0 a.m.•28 views

PT-2026-39572

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi set host/cgi set ntp/cgi fan control/cgi merge user of the file /cgi-bin/system mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/05/11 12:0 a.m.•28 views

PT-2026-39727

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection occurs when the cow cookie:cookie/1 function builds a client-side Cookie request header from name-value pairs without validating the fields. A...

3.2CVSS5.9AI score0.00145EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/05/07 12:0 a.m.•28 views

PT-2026-38424

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/07 12:0 a.m.•28 views

PT-2026-38379

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description HttpContentDecompressor and DelegatingDecompressorFrameListener used for HTTP/2 connections utilize a maxAllocation parameter to limit decompression buffer...

7.5CVSS5.9AI score0.00887EPSS
Exploits1References406
Positive Technologies
Positive Technologies
•added 2026/05/06 12:0 a.m.•28 views

PT-2026-38284

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.6 Description An authorization bypass exists in the reset user password and gym permissions user edit views. The system performs a gym-scope authorization check using a Python object comparison that evaluates None !=...

9.9CVSS5.8AI score0.00371EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/05/06 12:0 a.m.•28 views

PT-2026-38285

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0 through 4.17.11 Craft CMS versions 5.0.0 through 5.9.17 Description The GraphQL Address element resolver in src/gql/resolvers/elements/Address.php fails to perform schema scope filtering on top-level queries. While oth...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/05 12:0 a.m.•28 views

PT-2026-37278

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A stored Cross-Site Scripting XSS issue allows publisher-level accounts to execute arbitrary JavaScript. The problem is caused by a blacklist bypass in the detectXss function, which fails to...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References8
Total number of security vulnerabilities5000