Lucene search
K
PtsecurityMost viewed

184315 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.28 views

PT-2026-23162

Name of the Vulnerable Software and Affected Versions Mikado-Themes Eona versions through 1.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

5.8AI score0.00504EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.28 views

PT-2026-4581

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.28 views

PT-2026-2228

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling, a Python pickling decompiler and static analyzer, does not explicitly block the ctypes and pydoc modules in versions prior to 0.1.7. Combining these modules can lead to Remote Code Executi...

9.3CVSS7AI score0.00346EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.28 views

PT-2026-34072

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481 and 8u481-b50 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Hotspot component allows a low privileged attacker with logon access to the infrastructure to compromise the system...

6CVSS7.7AI score0.00101EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.28 views

PT-2025-33818 · Unknown · Screenshot-Desktop

Name of the Vulnerable Software and Affected Versions: screenshot-desktop versions prior to 1.15.2 Description: screenshot-desktop is susceptible to a command injection issue. User-controlled input provided to the format option of the screenshot function is interpolated into a shell command witho...

9.8CVSS8AI score0.01479EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.28 views

PT-2025-7475 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00284EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.28 views

PT-2025-8806

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential crash in the Linux kernel has been identified. The issue occurs when setting up a bsg queue fails, causing the bsg queue to be assigned a non-NULL value. As a result, the...

5.5CVSS7AI score0.00215EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.28 views

PT-2025-2989 · Lwip · Lwip

Name of the Vulnerable Software and Affected Versions: lwip affected versions not specified Description: The issue is related to a possible out of bounds write due to an integer overflow in the prepare response function of lwis periodic io.c. This could lead to local escalation of privilege with ...

7.8CVSS6.9AI score0.0008EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.28 views

PT-2024-41495

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.1 Description A permissions issue allowed a malicious application with root privileges to access private information. This was addressed with additional restrictions. Recommendations Update to macOS version 15.1 or...

7.5CVSS5.9AI score0.0034EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.28 views

PT-2024-30780

Name of the Vulnerable Software and Affected Versions Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress versions up to, and including, 13.3.1 Description The issue is related to Stored Cross-Site Scripting via the plugin's wpvideo shortcode due to insufficient input sanitization...

6.4CVSS5.6AI score0.00372EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.28 views

PT-2024-22733 · Woocommerce · Woocommerce Google Feed Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager versions n/a through 2.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

5.9CVSS9.2AI score0.00356EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.28 views

PT-2024-40: Readout protection level bypass in GigaDevice Semiconductor products

The vulnerability was identified in in series GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, GD32E50x of GigaDevice Semiconductor products. The vulnerability can be exploited by an attacker to run arbitrary shell code in SRAM. Vulnerability status: Confirmed by research Dat...

7.6CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.28 views

PT-2021-2559 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.3 Description: An issue was discovered in the Linux kernel when a webcam device exists, related to a memory leak in the video usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c for large arguments...

9.8CVSS7.4AI score0.89063EPSS
Exploits242References1516
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.27 views

PT-2026-52933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...

5.7AI score0.00129EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.27 views

PT-2026-52445

Name of the Vulnerable Software and Affected Versions Remote Keyless Entry System RKES using 433 MHz key fob FCC ID CWTR53R0 affected versions not specified Description The system is susceptible to a roll-back attack targeting its rolling-code authentication. An attacker within radio frequency...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.27 views

PT-2026-51308

Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.27 views

PT-2026-51135

Name of the Vulnerable Software and Affected Versions SP Page Builder extension for Joomla versions 1.0.0 through 6.6.1 Description A flaw allows unauthenticated users to upload arbitrary files, which can lead to the upload and execution of PHP code. This issue has been actively exploited in...

10CVSS6.1AI score0.01569EPSS
Exploits6References39
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.27 views

PT-2026-50899

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description Improper Authentication occurs when the cas-auth plugin is used in a route, potentially allowing an attacker to authenticate using credentials from a different source. Recommendations...

8.1CVSS5.9AI score0.0032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.27 views

PT-2026-50933

Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.27 views

PT-2026-51031

Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

10CVSS5.9AI score0.00562EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.27 views

PT-2026-50990

Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-50138

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...

8.1CVSS5.9AI score0.00343EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-49988

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-49952

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description A flaw in the Security Framework component of Oracle WebCenter Portal allows a low privileged attacker with network access via HTTPS to compromis...

9.9CVSS5.8AI score0.00411EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-49933

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Sites version 12.2.1.4.0 Oracle WebCenter Sites version 14.1.2.0.0 Description An issue in the Oracle WebCenter Sites component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to...

10CVSS5.2AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.27 views

PT-2026-49228

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS5.2AI score0.0029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.27 views

PT-2026-49561

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue exists in @angular/common when Server-Side Rendering SSR and hydration are enabled...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.27 views

PT-2026-48954

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.27 views

PT-2026-48352

Name of the Vulnerable Software and Affected Versions ESF-IDF version 5.2.6 ESF-IDF version 5.3.5 ESF-IDF version 5.4.4 ESF-IDF version 5.5.4 ESF-IDF version 6.0 Description A NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp http server component. During th...

7.5CVSS5.3AI score0.00439EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.27 views

PT-2026-48542

Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...

8.1CVSS5.5AI score0.0003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.27 views

PT-2026-47905

Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A race condition occurs in Windows Push Notifications due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges...

7.8CVSS5.4AI score0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.27 views

PT-2026-47678

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc options page function. This makes it possible for unauthenticated attackers to modify plugin settin...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.27 views

PT-2026-47606

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.5 Description An issue exists in the File::prohibitWrappers function where the use of parse url to detect stream wrappers can be bypassed. When an input contains three or more slashes after the scheme e.g....

9.2CVSS6.5AI score0.00351EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.27 views

PT-2026-47608

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description A file descriptor leak occurs in the netty unix socket recvFd function when a peer sends two file descriptors simultaneously via an SCM RIGHTS control message. The system allocates a control...

7.5CVSS5.7AI score0.00371EPSS
Exploits1References135
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.27 views

PT-2026-46130

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.27 views

PT-2026-46010

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash occurs when determining the GFX3D clock rate. This is caused by the passed parent map failing to provide the expected best parent hw clock after the removal of round rate in favo...

5.7CVSS5.2AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.27 views

PT-2026-45548

A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.27 views

PT-2026-45271

A vulnerability has been found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add user check.php of the component User Creation Handler. The manipulation of the argument role leads to sql...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.27 views

PT-2026-45515

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions prior to 3.2.16 Spring Cloud Function versions prior to 4.1.10 Spring Cloud Function versions prior to 4.2.6 Spring Cloud Function versions prior to 4.3.3 Spring Cloud Function versions prior to 5.0.2 Spring Clou...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.27 views

PT-2026-45526

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44218

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44280

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A data race exists in the ALSA PCM OSS component when accessing the runtime.oss.trigger field. Because this field is a bit field, concurrent access without protection can cause writes to...

7.8CVSS5.9AI score0.00099EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44298

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inconsistency occurs in the f2fs file system during Foreground Garbage Collection FGGC node block migration. The Garbage Collection process fails to clear the dentry and fsync marks...

9.8CVSS5.9AI score0.03663EPSS
Exploits17References279
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44236

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 shadow paging mechanism. The shadow MMU calculates Guest Frame Numbers GFNs for direct shadow pages by adding the SPTE index to sp-gfn. This...

8.8CVSS5.9AI score0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44289

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free error exists in the mac80211 wireless subsystem. The issue occurs during radar detect work when the ieee80211 dfs cac cancel function is called, which can cause the...

9.8CVSS5.9AI score0.03663EPSS
Exploits13References325
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44249

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the RDMA mana component where the mana destroy wq obj cleanup process in mana ib create qp rss is handled...

9.8CVSS6AI score0.00513EPSS
Exploits4References289
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.27 views

PT-2026-43792

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak occurs in the thermal of cm lookup function. The tr np variable is obtained through of parse phandle but is not released, leading to a memory leak. Recommendations At th...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.27 views

PT-2026-43786

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Real-Time RT load balancing mechanism where a CPU can enter an infinite self-Inter-Processor Interrupt IPI loop, leading to a CPU hardlockup. This occurs when a CP...

5.5CVSS5.8AI score0.0013EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.27 views

PT-2026-43291

Name of the Vulnerable Software and Affected Versions com users affected versions not specified Description Lack of Cross-Site Request Forgery CSRF token validation—a mechanism used to prevent unauthorized commands from being transmitted from a user the web application trusts—leads to a CSRF atta...

4.6CVSS5.8AI score0.00104EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.27 views

PT-2026-45146

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.25 MariaDB server versions 10.11.1 through 10.11.16 MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description During the...

9.1CVSS5.7AI score0.00967EPSS
Exploits0References55
Total number of security vulnerabilities5000