Lucene search
K
PtsecurityMost viewed

184334 matches found

Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

7.5CVSS5.5AI score0.00513EPSS
Exploits0References115
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47959

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code locally and remotely, potentially affecting the entire system. A heap-based buffer overflow...

8.4CVSS6.5AI score0.00364EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47938

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An integer underflow wrap or wraparound occurs in Microsoft Office Excel, which allows an unauthorized attacker to execute arbitrary code locally or remotely, affecting the...

7.8CVSS6.2AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47679

Name of the Vulnerable Software and Affected Versions FastPicker versions prior to 1.0.3 Description The FastPicker plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settingsPage function lacks proper nonce validation, which is a unique token used to verify th...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47680

Name of the Vulnerable Software and Affected Versions WP-Ultimate-Map versions prior to 1.2 Description The plugin is subject to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS. The issue occurs because the process init function, which is hooked to admin init, fails to validat...

6.1CVSS5.5AI score0.00119EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48053

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48071

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47642

Name of the Vulnerable Software and Affected Versions Micrometer versions 1.16.0 through 1.16.5 Micrometer versions 1.15.0 through 1.15.11 Description A user can send specially crafted gRPC requests to cause a denial-of-service DoS condition, which is a state where the system becomes unavailable ...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48222

Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to 2025-04-23 Description The course search functionality contains a stored cross-site scripting issue. Authenticated Banner ERP users with write access can inject malicious JavaScript into faculty a...

5.4CVSS5.3AI score0.00196EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47660

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48239

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48314

Name of the Vulnerable Software and Affected Versions Spring AMQP versions 4.0.0 through 4.0.3 Spring AMQP versions 3.2.0 through 3.2.10 Spring AMQP versions 3.1.0 through 3.1.15 Spring AMQP versions 2.4.0 through 2.4.17 Description Correlation IDs for replies in the sendAndReceive function of...

4.4CVSS5.8AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl recv event parses Content-Length with atol and passes the result straight to mallocle...

9.1CVSS5.4AI score0.0031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48240

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47989

Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48103

Name of the Vulnerable Software and Affected Versions Microsoft Windows Narrator Braille affected versions not specified Description An untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. This issue is related to an exposed dangerous...

7.8CVSS7AI score0.00432EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48082

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47817

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

6.8CVSS5.4AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48289

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A bug in the query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE causes...

7.1CVSS5.8AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48022

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.5AI score0.00622EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48290

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When OIDC OpenID Connect, an identity layer on top of the OAuth 2.0 protocol authentication is enabled in the configuration, unauthenticated clients can cause a...

8.2CVSS5.4AI score0.00347EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48035

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...

5.4CVSS6.8AI score0.0051EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47706

openSUSE issued new Chromium 149.0.7827.53 and Chromedriver builds fixing CVE-2026-0194 and CVE-2026-10958 for Backports SLE-15-SP7 and Tumbleweed, LinuxSecurity reported. https://t.co/OjsKRZMxHK...

8.8CVSS5.4AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47655

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A Spring MVC or Spring WebFlux application...

6.1CVSS5.4AI score0.00134EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48031

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description An issue in Microsoft Office, specifically affecting the Microsoft Outlook email client and Microsoft Word text editor, involves type confusion—where a resource is accessed using an...

8.4CVSS6AI score0.00333EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47724

Name of the Vulnerable Software and Affected Versions MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails versions prior to 2.0.5 Description Insufficient input sanitization and output escaping allow authenticated attackers with author-level access or higher to perfor...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48078

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48339

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

2.1CVSS5.3AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48227

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

6.3CVSS5.6AI score0.00137EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47771

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-47998

Name of the Vulnerable Software and Affected Versions Windows DHCP Server affected versions not specified Description An out-of-bounds read occurs in Windows DHCP Server, which allows an authorized attacker to disclose sensitive information locally. An out-of-bounds read is a condition where the...

5.5CVSS5AI score0.00362EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48147

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00085EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•18 views

PT-2026-48324

Name of the Vulnerable Software and Affected Versions Spring Data REST versions 3.7.0 through 3.7.19 Spring Data REST versions 4.3.0 through 4.3.16 Spring Data REST versions 4.4.0 through 4.4.14 Spring Data REST versions 4.5.0 through 4.5.11 Spring Data REST versions 5.0.0 through 5.0.5 Descripti...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47614

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-resolver-dns affected versions not specified Description Insufficient validation of the bailiwick of NS records in DnsResolveContext allows for DNS Cache Poisoning. An attacker controlling an authoritative name server for a...

10CVSS5.5AI score0.00292EPSS
Exploits0References63
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47269

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search staff for deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...

6.5CVSS6.4AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47250

Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...

7.5CVSS7.4AI score0.00275EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47257

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

6.5CVSS5.5AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47511

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An inappropriate implementation in MediaCapture allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References84
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47437

Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A security flaw in the Web Management Interface allows remote exploitation via OS command injection. The issue exists within the formWriteFacMac function located in the /goform/WriteFacMa...

9CVSS8AI score0.01614EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47307

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

9CVSS8.5AI score0.00466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47263

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47453

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description bz2.BZ2Decompressor objects can be reused following a decompression error. If an application catches the resulting OSError and attempts to retry using the same decompressor, specially crafted...

8.2CVSS5.4AI score0.00622EPSS
Exploits0References67
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47433

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import users.php. The manipulation of the argument raw password wit...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47238

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47305

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47301

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47488

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A type confusion issue in bindings allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusion occurs when a program...

9.6CVSS6.5AI score0.01654EPSS
Exploits4References85
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47500

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Guest View allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...

9.6CVSS6.7AI score0.01654EPSS
Exploits4References85
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•18 views

PT-2026-47304

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when it encounters a file via RRDP Router Role Distribution Protocol that uses a specifically crafted Document Type Definition DTD, which is a set of markup declarations...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References8
Total number of security vulnerabilities5000