Lucene search
K
PtsecurityMost viewed

184298 matches found

Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.18 views

PT-2026-22558

Name of the Vulnerable Software and Affected Versions Linksys Wlan AP affected versions not specified Description The WLAN AP firmware contains a flaw where an incorrect bounds check can lead to an out-of-bounds write. This condition could allow for remote proximal/adjacent escalation of privileg...

8.8CVSS6.2AI score0.00225EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.18 views

PT-2026-22642

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue exists when processing IOCTL calls. This occurs due to accessing a buffer after it has been freed. The issue involves a memory corruption vulnerability that could potentiall...

7.8CVSS6AI score0.00071EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.18 views

PT-2026-22389

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.18 Description The WebAuthn prepare endpoint, /api/webauthn/prepare, in versions prior to 4.0.18 lacks authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.18 views

PT-2026-22107

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the CSV Agent node, the variable allow dangerous code is hardcoded to True, which automatically exposes LangChain's...

9.8CVSS8AI score0.33694EPSS
Exploits4References27
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.18 views

PT-2026-21554

Name of the Vulnerable Software and Affected Versions ElementsKit Lite WordPress plugin versions prior to 3.7.9 Description The ElementsKit Lite WordPress plugin versions prior to 3.7.9 exposes the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoi...

10CVSS5.3AI score0.00384EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.18 views

PT-2026-21506

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user avatar upload controller of the file /backend/app/api/v1/module system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launch...

6.5CVSS5.2AI score0.00294EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.18 views

PT-2026-21442

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

8.8CVSS5.9AI score0.00397EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.18 views

PT-2026-20209

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System versions 2.3.3.6 through 2.3.5.0 Description The software contains improper access controls, potentially allowing an authenticated user to perform unauthorized tasks. Recommendations IBM Cloud Pak System version 2.3.3.6...

4.3CVSS5.4AI score0.00207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.18 views

PT-2026-8246

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough networks parameter in vpn ipsec settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough networks parameter to...

6.1CVSS5.7AI score0.00319EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.18 views

PT-2026-8047

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.18 views

PT-2026-7260

Name of the Vulnerable Software and Affected Versions Artifex MuPDF versions up to 1.26.1 Description A flaw exists in Artifex MuPDF up to version 1.26.1 on Windows. The issue is related to uncontrolled search path manipulation caused by the get system dpi function within the platform/x11/win...

7.3CVSS5.2AI score0.00115EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.18 views

PT-2026-7389

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that...

5.5CVSS5.4AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.18 views

PT-2026-6988

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in D-Link DIR-823X version 250416. The sub 4175CC function within the /goform/set static route table file is susceptible to OS command injection. Manipulation of the interface,...

8.6CVSS5.5AI score0.03916EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.18 views

PT-2026-6910

Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in SourceCodester Online Class Record System 1.0 that allows for SQL injection. The issue is located in the file /admin/subject/controller.php. Manipulating the ID...

9.8CVSS5.4AI score0.00312EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.18 views

PT-2026-6559

Name of the Vulnerable Software and Affected Versions phpMyChat Plus version 1.98 Description The software contains a SQL injection issue in the 'deluser.php' page. This allows manipulation of database queries through the pmc username parameter. Attackers can use boolean-based, error-based, and...

8.8CVSS5.6AI score0.00383EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.18 views

PT-2026-6267

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.1.0 Description apko is a tool that enables users to build and publish OCI container images from apk packages. A path traversal issue exists in apko’s dirFS filesystem abstraction between versions 0.14.8 and 1.1....

7.5CVSS5.5AI score0.00369EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.18 views

PT-2026-5617

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

6.9CVSS5.3AI score0.00404EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.18 views

PT-2026-6281

Name of the Vulnerable Software and Affected Versions Fastify versions prior to 5.7.2 Description Fastify is a web framework for Node.js. A validation bypass exists where request body validation schemas specified by Content-Type can be circumvented. Appending a tab character t followed by arbitra...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.18 views

PT-2026-4605

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.5AI score0.0016EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.18 views

PT-2026-4321

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator discord user mapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and...

6.4CVSS5.8AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.18 views

PT-2026-4608

CVE-2023-32719 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2023-32719 Published : Jan. 22, 2026, 10:16 a.m. | 50 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. Severity: 0.0 | NA Visit the link for more details, such as CVSS...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.18 views

PT-2026-3947

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

6.5CVSS5.7AI score0.00887EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.18 views

PT-2026-3701

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists in the Integration Broker component of Oracle PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise the system...

6.1CVSS7.3AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.18 views

PT-2026-3582

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.18 views

PT-2026-2837

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set stopwords for comments' and 'delete stopwords for comments' functions. This makes it possible for...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.18 views

PT-2026-2103

Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to 02 January 2025 Description The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability exists in the toast notification...

9.3CVSS5.8AI score0.00202EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.18 views

PT-2026-1932

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.2-rc2 Description LibreChat, a ChatGPT clone, does not properly control access when uploading files to an agent's file context or during file searches in version 0.8.1-rc2. An authenticated attacker who knows an...

7.1CVSS6.4AI score0.00282EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.18 views

PT-2026-1213

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A security issue has been identified in the software. The strcpy function within the /goform/formUser file is susceptible to a buffer overflow when handling the passwd1 argument. This manipulation c...

9CVSS6.7AI score0.00783EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.18 views

PT-2026-4318

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description An error in QEMU’s KVM Xen guest support allows a malicious guest to cause out-of-bounds heap accesses within the QEMU process. This is triggered through the emulated Xen physdev hypercall...

6.5CVSS5.5AI score0.00165EPSS
Exploits0References58
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.18 views

PT-2026-50454

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.33 Description The software fails to block the ctypes module, which is a foreign function interface library used to call C functions directly, load DLLs, and manipulate raw memory pointers. This allows attacker...

9.8CVSS6.8AI score0.00757EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.18 views

PT-2025-52932

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a potential memory leak within the vdpa sim module, specifically in the vdpasim net init and vdpasim blk init functions. The issue arises when a device...

7.8CVSS6.3AI score0.00462EPSS
Exploits2References893
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.18 views

PT-2025-49671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The irdma driver within the Linux kernel could use a number of MSIX vectors exceeding the number of online CPUs plus one. This resulted in a kernel warning when attempting to update the...

7.8CVSS6.8AI score0.00462EPSS
Exploits2References898
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.18 views

PT-2025-50139

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesTo parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesTo value...

6.1CVSS5.8AI score0.00336EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.18 views

PT-2025-47041

Name of the Vulnerable Software and Affected Versions All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic versions prior to 4.8.10 Description The All in One SEO plugin for WordPress has a flaw that allows unauthorized deletion of media attachments. The issue stems from ...

4.3CVSS6.3AI score0.0021EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.18 views

PT-2025-46861

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...

6.3CVSS6.9AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.18 views

PT-2025-44487

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0 Description Nagios Fusion versions prior to 4.2.0 have a reflected cross-site scripting XSS issue in the license key configuration process. This allows an attacker to execute scripts in a user's browser by...

6CVSS5.9AI score0.00807EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.18 views

PT-2025-41408

Name of the Vulnerable Software and Affected Versions Juniper Security Director versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation issue exists in Juniper Security Director, allowing an attacker to inject malicious scripts into the application. The...

9.3CVSS5.8AI score0.00354EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.18 views

PT-2025-39631

Name of the Vulnerable Software and Affected Versions libucl versions up to 0.9.2 Description A flaw exists in the ucl include common function within the /src/ucl util.c file. This can lead to a heap-based buffer overflow. Local access is needed for exploitation. The exploit details have been...

5.3CVSS5.3AI score0.00147EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.18 views

PT-2025-44111

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to insufficient input validation in the NFC Near Field Communication subsystem. Specifically, the nci init req function had limited validation,...

4.6CVSS5.8AI score0.00202EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.18 views

PT-2025-39261

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in the tasks/orqa/unsupervised/nq.py component that could allow an attacker to inject code. Exploitation of this issue may result in code execution,...

7.8CVSS6.6AI score0.0022EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.18 views

PT-2025-44117

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Squashfs file system related to uninitialized values in the squashfs get parent function. This issue arises when open by handle at is invoked...

4.6CVSS5.8AI score0.00207EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.18 views

PT-2025-38510

Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...

8.1CVSS6.9AI score0.00407EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.18 views

PT-2025-36731

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An open database issue exists due to an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and...

8.8CVSS6AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.18 views

PT-2025-36458

Name of the Vulnerable Software and Affected Versions: WebWork affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists in WebWork, potentially enabling remote attackers to execute arbitrary code. The vulnerability is triggered through the q and engine reques...

5.1CVSS5.9AI score0.0048EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.18 views

PT-2025-33675 · Genealogy · Genealogy

Name of the Vulnerable Software and Affected Versions: Genealogy versions prior to 4.4.0 Description: Genealogy is a family tree PHP application susceptible to an authenticated reflected cross-site scripting XSS issue. An attacker with valid credentials can execute arbitrary JavaScript code withi...

5.5CVSS6.3AI score0.00272EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.18 views

PT-2025-32605 · Sap · Sap Gui For Windows

Name of the Vulnerable Software and Affected Versions: SAP GUI for Windows affected versions not specified Description: SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. A successful attack requires developer authorization in a...

4.5CVSS7.2AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.18 views

PT-2025-32406 · Unknown · Simple Web Server

Name of the Vulnerable Software and Affected Versions: Simple Web Server version 2.2 rc2 Description: Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, th...

9.3CVSS8.1AI score0.01205EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/08/03 12:0 a.m.18 views

PT-2025-32410

Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 25.01 Description An issue exists in 7-Zip where symbolic links are not always properly handled during the extraction of archives. This flaw allows a remote attacker to use a specially crafted archive to perform arbitra...

3.6CVSS7.4AI score0.00692EPSS
Exploits2References61
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.18 views

PT-2025-31150

Name of the Vulnerable Software and Affected Versions copyparty versions up to and including 1.18.4 Description copyparty is a portable file server susceptible to cross-site scripting XSS. An unauthenticated attacker can execute arbitrary JavaScript code in a victim’s browser due to improper...

6.1CVSS6AI score0.00395EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.18 views

PT-2025-30486

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Description Setting a nameless cookie with an equals sign in the value shadowed other cookies. This occurre...

9.8CVSS7.6AI score0.09348EPSS
Exploits2References190
Total number of security vulnerabilities5000