Lucene search
K
PtsecurityMost viewed

184322 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-46030

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF condition exists in the Linux kernel's NFC HCI SHDLC implementation. The function llc shdlc deinit purges SHDLC skb queues and frees the llc shdlc structure while...

7.8CVSS5.8AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46834

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in PDFium allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted PDF file. Use after free is a memory corruption flaw th...

9.6CVSS6.4AI score0.00985EPSS
Exploits0References441
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46038

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.26 MariaDB server versions 10.11.1 through 10.11.17 MariaDB server versions 11.4.1 through 11.4.11 MariaDB server versions 11.8.1 through 11.8.7 MariaDB server version 12.3.1 Description A...

9.1CVSS5.4AI score0.00967EPSS
Exploits0References62
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. Recommendatio...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46616

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow exists in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker who has already compromise...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45800

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level view other topics authorization. As a result, in forums where users may enter the for...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45710

Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...

6.4CVSS6AI score0.00181EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45877

Name of the Vulnerable Software and Affected Versions openSeaChest version 25.05.3 Description An out-of-bounds write exists in the --showSupportedFormats command. This occurs when a maliciously crafted NVMe device provides a bogus value in the namespace FLBAS byte, allowing one extra byte to be...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45786

Name of the Vulnerable Software and Affected Versions mint versions 0.1.0 through 1.8.x Description An inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections. The iss...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45720

Missing Authorization vulnerability in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45840

Name of the Vulnerable Software and Affected Versions tesla versions 1.3.0 through 1.18.2 Description An issue in Tesla.Adapter.Mint allows for a denial of service via atom table exhaustion. The function open conn/2 converts the URL scheme of outgoing requests into a BEAM atom using String.to...

8.2CVSS6AI score0.00301EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46761

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Web Bluetooth allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...

9.6CVSS6.1AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46629

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Isolated Web Apps allows a remote attacker to execute arbitrary code inside a sandbox by using a malicious file. Recommendations Update to version...

9.6CVSS6.4AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46700

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in V8, the JavaScript and WebAssembly engine. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code with...

9.6CVSS6.4AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45745

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

5.9AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46474

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the PDF component. This allows a remote attacker to execute arbitrary code within a sandbox if a user is convinced to perform specific UI gestures while...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45735

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...

9.3CVSS5.8AI score0.00299EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46534

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read occurs in ANGLE on Windows. This allows a remote attacker who has already compromised the renderer process to access potentially sensitive information from the...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46571

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in Views, where a remote attacker could potentially exploit heap corruption—a condition where memory allocation on the heap is corrupted—via a crafted HTML...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46585

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Skia allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTML...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-51421

Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки XSS...

4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46619

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Dawn allows a remote attacker to potentially perform out of bounds memory access, which occurs when a program reads or writes data outside the intende...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45851

Name of the Vulnerable Software and Affected Versions sayan365 student-management-system versions prior to 7f3c9ce7d410332335c2affac93a385485051800 Description An issue in multiple endpoints allows for remote manipulation resulting in improper authentication. This occurs within an unknown functio...

7.5CVSS7AI score0.00498EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45844

Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An issue exists where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive information from the database. This occurs due to insufficient escapin...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

9.3CVSS5.6AI score0.00318EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45711

Name of the Vulnerable Software and Affected Versions JTL-Connector for WooCommerce versions prior to 2.4.2 Description The plugin contains missing authorization due to a lack of capability checks and nonce verification. This allows authenticated attackers with Subscriber-level access or higher t...

4.3CVSS5.6AI score0.00198EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46441

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Extensions allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanis...

9.6CVSS5.9AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46828

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the LiveCaption feature allows a remote attacker to potentially perform out of bounds memory access, which occurs when a program reads or writes data...

9.6CVSS5.8AI score0.00456EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45522

Name of the Vulnerable Software and Affected Versions Nextcloud versions prior to 2.7.2 Description Authenticated users can verify if arbitrary files are linked to specific approval workflows used for requesting approval. Recommendations Update to version 2.7.2...

3.3CVSS5.9AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45422

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45264

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45634

Memory corruption in diagnostic services due to absence of input validation...

6.7CVSS5.8AI score0.00079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45633

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.8AI score0.00056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45424

A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...

7.5CVSS5.6AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45267

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scan memory content of the file tools/memory tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be use...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45249

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts config.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45253

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compress context of the file run agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45411

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00157EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45347

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

5.8CVSS5.6AI score0.00262EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45381

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incorrect default permissions in Jolokia authorization settings allow authenticated low-privilege web-login accounts to access operations intende...

8.8CVSS5.9AI score0.00424EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45272

A vulnerability was found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission form check.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00199EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45255

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791...

5.8AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45266

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitize env lines of the file hermes cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.5AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45488

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspace id/issues/issue id/comments and GET .../comments gate access on require workspace memberworkspace id only, then call CommentService.createissue id=issue id, ... and CommentService.list for issueissue ...

8.1CVSS5.9AI score0.00032EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45388

A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.1AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45430

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2 SETUP REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 364...

5.8AI score0.00347EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45376

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

8.8CVSS6AI score0.00577EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45240

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login user of the file login 1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45398

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45466

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References2
Total number of security vulnerabilities5000