Lucene search
K
PtsecurityMost viewed

184315 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

3.8CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39305

Name of the Vulnerable Software and Affected Versions eml parser version 3.0.0 Description A recursion denial of service exists in the get raw body text function within eml parser/parser.py. The function recurses unconditionally for every nested message/rfc822 attachment without a depth limit. An...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38670

Name of the Vulnerable Software and Affected Versions Control Web Panel CWP versions prior to 0.9.8.1209 Description Unauthenticated attackers can inject and execute arbitrary OS commands with root privileges on the web server. This occurs because user input provided through the key GET parameter...

7.3CVSS6.1AI score0.01186EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-after-Free UaF issue exists in the Linux kernel within the addrconf permanent addr function. This occurs because a warning message regarding an exceptional condition is delivered t...

7.8CVSS5.5AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38732

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

7.1CVSS5.9AI score0.06868EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38879

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

6.1CVSS5.8AI score0.00261EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38674

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.136.0.9 cPanel versions prior to 11.136.1.10 WP Squared cPanel versions prior to 11.134.0.25 cPanel versions prior to 11.132.0.31 cPanel versions prior to 11.130.0.22 cPanel versions prior to 11.126.0.58 cPanel...

8.8CVSS6.1AI score0.0083EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39092

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs when reading portli debugfs files. This happens when the number of port registers counted in xhci-max ports exceeds the ports reported by Supported...

5.8AI score0.00107EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38687

Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...

4.3CVSS6.1AI score0.03377EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39231

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.4.1 Description A user with permissions to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes automatically populates with a long-lived token for a specified...

4.9CVSS5.8AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38676

Name of the Vulnerable Software and Affected Versions OttoKit: All-in-One Automation Platform WordPress plugin versions prior to 1.1.23 Description Insufficient sanitization of user input used in a SQL statement allows unauthenticated attackers to perform SQL injection attacks. Recommendations...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38656

Name of the Vulnerable Software and Affected Versions zyx0814 FilePress versions prior to 2.2.1 Description An issue exists in the Shares Filelist API within the file 'dzz/shares/admin.php'. Manipulation of the argument order allows a remote attacker to perform SQL injection, which is a technique...

7.5CVSS7.3AI score0.00272EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39462

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.1 Description The computational complexity of attribute name collision checks allows a denial of service when processing moderately sized crafted XML input. Recommendations Update to version 2.8.1 or later...

7.8CVSS5.7AI score0.00428EPSS
Exploits1References58
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38342

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled original file deletion function in all versions up to, and including, 4.5.2...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38601

Name of the Vulnerable Software and Affected Versions huangjunsen0406 xiaozhi-mcphub versions prior to 1.0.4 Description A path traversal issue exists in the src/controllers/dxtController.ts file. A remote attacker can exploit this by manipulating the manifest.name argument, allowing unauthorized...

6.5CVSS6.6AI score0.00283EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38611

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2026 Description A sensitive information disclosure issue exists in the Library module of FacturaScripts. The application stores and serves uploaded images byte-for-byte without stripping EXIF, XMP, or IPTC...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38559

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow occurs in the GDnentries function within the frmts/hdf4/hdf-eos/GDapi.c file. This issue is triggered by manipulating the DataFieldName argument and requires the...

7.8CVSS6.2AI score0.00223EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38590

Name of the Vulnerable Software and Affected Versions code-projects Feedback System version 1.0 Description A SQL injection flaw exists in the /admin/checklogin.php file. Remote attackers can exploit this by manipulating the email argument. SQL injection is a technique where malicious SQL...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38587

Name of the Vulnerable Software and Affected Versions Azure DevOps affected versions not specified Description Exposure of sensitive information in Azure DevOps allows an unauthorized actor to disclose information over a network. Recommendations At the moment, there is no information about a newe...

10CVSS5.8AI score0.0084EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38619

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38418

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3 Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection SSTI, a flaw where an attacker can inject malicious templates into a server-side engine. This...

10CVSS6AI score0.0023EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38363

Name of the Vulnerable Software and Affected Versions Katalyst Koi versions prior to 5.6.0 Katalyst Koi versions prior to 4.20.0 Description Admin session cookies are not invalidated upon logout. This allows an attacker who has obtained a valid admin session cookie—through exposure, caching, or...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38546

Name of the Vulnerable Software and Affected Versions BentoPDF versions prior to 2.8.3 Description BentoPDF is a self-hostable client-side PDF toolkit. A cross-site scripting issue exists in the Markdown to PDF Tool, which allows an attacker to execute arbitrary JavaScript under certain...

7CVSS5.9AI score0.00356EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38419

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal...

7CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38408

Name of the Vulnerable Software and Affected Versions microsoft-kiota-http-okHttp versions 1.9.0 and earlier kiota-dotnet affected versions not specified kiota-java affected versions not specified kiota-python affected versions not specified kiota-typescript affected versions not specified...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References331
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38331

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS5.8AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37419

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 shadow stacks implementation where the shstk pop sigframe function fails to check for errors returned by mmap read lock killable. This occurs because the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37339

Name of the Vulnerable Software and Affected Versions Velocidex Velociraptor versions prior to 0.76.5 Description An authorization bypass in the 'GetUserRoles' gRPC API endpoint allows any authenticated low-privilege user to retrieve the complete Access Control List ACL policy, including roles an...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-38279

Name of the Vulnerable Software and Affected Versions Hatchet versions prior to 0.83.39 Description A missing authorization directive on the 'GET /api/v1/stable/dags/tasks' endpoint caused the tenant-membership check to be skipped. An authenticated user on a multi-tenant instance could query this...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-38247

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description OpenClaw fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files. This allows attackers to override critical runtime variables. For instance,...

8.5CVSS5.8AI score0.00129EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37730

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS5.8AI score0.0335EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37979

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

5.3CVSS5.8AI score0.00888EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37950

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

7.5CVSS6.8AI score0.04046EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37948

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS6.5AI score0.02541EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37718

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attack...

6.8CVSS5.8AI score0.027EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37970

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.8AI score0.01036EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37906

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.7AI score0.04948EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37345

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37983

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

8.8CVSS7.6AI score0.29179EPSS
Exploits3References10
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37925

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attack...

6.8CVSS7AI score0.027EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-38292

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-43251

Name of the Vulnerable Software and Affected Versions gix-submodule versions prior to 0.29.0 gitoxide versions prior to 0.5.21 gix versions prior to 0.84.0 Description Incorrect validation of the update field in .gitmodules allows attackers to bypass the CommandForbiddenInModulesConfiguration gua...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37038

Name of the Vulnerable Software and Affected Versions IObit Advanced SystemCare 19 Description A security flaw in the Service component's "ASC.exe" file allows for symlink following. A symbolic link symlink is a type of file that points to another file or directory. This issue requires local acce...

7.3CVSS7AI score0.00131EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37077

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 Description ASGI requests with a missing or understated Content-Length header can bypass the FILE UPLOAD MAX MEMORY SIZE limit. This allows large files to be loaded into...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References45
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37281

Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...

5.4CVSS6AI score0.0015EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37337

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.1 Description When a NodeVM is created with the nesting variable set to true, sandbox code can unconditionally use require'vm2' regardless of the outer VM's require configuration, including when require is set to...

9.9CVSS6.6AI score0.009EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37306

Name of the Vulnerable Software and Affected Versions ssrfcheck versions 1.3.0 and earlier Description ssrfcheck fails to block Server-Side Request Forgery SSRF attacks when a target private IP address is encoded as an IPv4-mapped IPv6 address e.g., 'http://::ffff:127.0.0.1/'. This occurs because...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-36763

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote denial of service can occur in the SRv6 L3 Service component. The issue exists within the SRv6L3ServiceAttribute.DecodeFromBytes function located in the pkg/packet/bgp/prefix sid.go file,...

7.5CVSS6.3AI score0.00464EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-36830

Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...

8.8CVSS6.7AI score0.00782EPSS
Exploits0References11
Total number of security vulnerabilities5000