Lucene search
K
PtsecurityMost viewed

184321 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43601

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44034

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44094

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43910

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA/rxe component where the rxe rcv function fails to properly validate the incoming packet length before calculating the payload size. The payload size calculation...

9.3CVSS6AI score0.00514EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43853

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak exists in the cc mac digest function within the ccree crypto component. This occurs when cc map hash request...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43536

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl off options function. This makes it possible for unauthenticated attackers to update the plugin's setting...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43618

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality...

7.2CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-47219

Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description An issue exists where the sandbox visitor fails to wrap mapping keys in ArrayExpression with CheckToStringNode. When a dynamic key expression resolves to a Stringable object, the ArrayExpression::compi...

5.8AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43981

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 12.1.0 through 12.1.4 Description An authorization bypass occurs when uploading to a remote object storage path using a special query. Recommendations At the moment, there is no information about a newer version that contains ...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43577

Name of the Vulnerable Software and Affected Versions Synology BeeDrive for desktop versions prior to 1.3.2-13814 Description A flaw in the redis-server component allows local users to perform denial-of-service attacks, which occur when a system is overwhelmed to the point of becoming unavailable...

6.8CVSS5.4AI score0.00112EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43625

Name of the Vulnerable Software and Affected Versions dotCMS Core versions 25.11.04-1 through 26.04.28-02 Description Improper neutralization of special elements used in an SQL command allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The issue exists...

10CVSS6AI score0.01584EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43949

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM SVM component, the INVLPGA instruction fails to trigger an invalid opcode exception UD when the EFER.SVME variable is not set. This occurs because the system does not properly...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44667

Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 148.0.7778.216 Description A race condition in WebRTC allows a remote attacker to leak cross-origin data by using a crafted HTML page. WebRTC Web Real-Time Communication is a technology that enables...

9.6CVSS5.9AI score0.00368EPSS
Exploits0References156
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44011

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

5.8AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43498

Name of the Vulnerable Software and Affected Versions faq shortocde versions prior to 1.1 Description The faq shortocde plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the color attribute within the 'faq' shortcode does not have sufficient input sanitization...

6.4CVSS6AI score0.00187EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

7.5CVSS5.9AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43685

Name of the Vulnerable Software and Affected Versions IBM QRadar versions 7.5.0 through 7.5.0 UP15 Interim Fix 002 Description A privileged user can upload a malicious backup archive. When this archive is restored, it can be used to gain unauthorized access to the underlying operating system...

8.8CVSS5.4AI score0.00463EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43621

Impact An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet. Note: this issue primarily affects synchronous...

7.5CVSS5.8AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the DAMON core where the damos quota goal-nid value for node memcg used bp and node memcg free bp is not validated before being used in the NODE-DATA macro. This allow...

7.1CVSS6AI score0.00117EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the EROFS Enhanced Read-Only File System implementation where out-of-bounds handling occurs for trailing...

7.1CVSS5.9AI score0.00131EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43944

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the atmel-tdes crypto component where the DMA output dma addr out is synced using dma sync single for...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43908

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the greybus gb-beagleplay component where the hdlc append function calls usleep range while the tx producer...

5.5CVSS6.2AI score0.00135EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44028

Name of the Vulnerable Software and Affected Versions ElementsKit Elementor addons Lite versions prior to 3.9.7 Description A missing authorization issue in Wpmet ElementsKit Elementor addons Lite allows for the exploitation of incorrectly configured access control security levels. This is a brok...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43993

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated user with low privileges can achieve privilege escalation by sending an oversized JSON Web Token JWT, which is a compact, URL-safe means of representing claims to be...

8.8CVSS5.8AI score0.0032EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44084

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined a...

5.1CVSS5.8AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43796

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ovpn net xmit function. When building the skb list, the skb share check function frees the original skb socket buffer if it is shared. The system the...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43816

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the hardware random number generator hwrng core. The hwrng fill pointer is not cleared until the hwrng fillfn thread exits. Because hwrng unregister reads hwrn...

4.7CVSS5.5AI score0.00088EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43721

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the inside-secure/eip93 crypto component where the system attempts to unregister all crypto algorithms regardless of whether they are implemented in the hardware...

5.8AI score0.00153EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43791

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the function ksmbd vfs kern path end removing is not called on certain error paths. This failure to balance the corresponding ksmbd vfs kern pat...

5.4AI score0.0012EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43925

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A race condition exists in the amphion VPU driver within the Linux kernel. This occurs when v4l2 m2m ctx release frees the m2m ctx context while v4l2 m2m try run is attempting to call devic...

7.8CVSS5.9AI score0.00097EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Landlock security module where the LOG SUBDOMAINS OFF setting is not correctly inherited across fork. The hook cred transfer function only copies the Landlock...

3.3CVSS5.9AI score0.00118EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the jbd2 journal cancel revoke function due to an incorrect lock ordering folio - buffer. This happens when the filesystem blocksize is smaller than the pagesize,...

5.5CVSS6.1AI score0.00094EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory corruption issue exists in the Linux kernel crypto acomp component. The function acomp save req incorrectly stores the address of the chain member &req-chain in req-base.data...

7.8CVSS6.1AI score0.00166EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43950

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs during device setup failure in the SPI Serial Peripheral Interface subsystem. Specifically, if the spi setup function fails while registering a device, the...

5.5CVSS6AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lifetime bookkeeping error exists in the ucan driver within the CAN subsystem. USB drivers bind to USB interfaces, and device managed resources must have their lifetime tied to the...

5.5CVSS5.9AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43494

Name of the Vulnerable Software and Affected Versions HTTP::Daemon versions prior to 6.17 Description OS command injection is possible through the send file function. This occurs because send file utilizes Perl's 2-arg open function, which interprets magic prefixes. Specifically, prefixes like '|...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43663

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through = 1.0.5.1...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43729

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu/vt-d component where the address of a freshly allocated zero-initialized PASID table is written to a PASID directory entry before the CPU cache flush occurs...

7.8CVSS5.4AI score0.00149EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43345

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-46875

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv 422sp to 420p ihevcd fmt conv ihevcd decode...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-51015

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.0 through 3.0.8 Description The MySQL frontend incorrectly processes the PROXY UNKNOWN r PP1 frame of the PROXY protocol v1. According to the specification, when the protocol token is UNKNOWN, the receiver must ignore...

10CVSS5.9AI score0.00185EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43160

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

7.5CVSS6.8AI score0.0039EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43434

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A server-side request forgery SSRF issue exists where an unauthenticated attacker can send crafted requests to internal services due to insufficient input validation in an upload...

9.2CVSS5.8AI score0.06552EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43290

Name of the Vulnerable Software and Affected Versions com content affected versions not specified Description Lack of output escaping in the readmore links for com content allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an attacker can inject malicious scripts into web pages...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43411

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43440

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.3 Description The Client API contains a logic flaw allowing users to bypass assigned limits for database allocations. This occurs because the database locking mechanism within the controllers is ineffective...

2.3CVSS5.9AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43378

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43194

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43407

Name of the Vulnerable Software and Affected Versions oban web versions 2.12.0 through 2.12.4 Description A missing authorization issue in the Elixir.Oban.Web.Jobs.DetailComponent module allows unauthorized job worker substitution. The handle event"save-job", ... handler fails to perform...

5.3CVSS6AI score0.0041EPSS
Exploits0References8
Total number of security vulnerabilities5000