Lucene search
K
PtsecurityMost viewed

184269 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48989

Name of the Vulnerable Software and Affected Versions IBM Qiskit SDK versions 0.43.0 through 2.5.0 Description Uncontrolled recursion in the parser can allow an attacker to trigger a segmentation fault, resulting in a denial of service. A segmentation fault occurs when a program attempts to acces...

7.5CVSS5.3AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48870

Name of the Vulnerable Software and Affected Versions remotion version 4.0.409 Description A remote code execution RCE issue was discovered, which allows an attacker to execute arbitrary code on the target system. Recommendations At the moment, there is no information about a newer version that...

9.8CVSS6.5AI score0.0081EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48865

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

1.8CVSS3.6AI score0.00106EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48980

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A flaw in the handling of replies to whisper posts allows authenticated use...

5.4CVSS5.2AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

4.8CVSS5.3AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48968

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A flaw allows a program capable of writing bytes to the terminal—such as a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, or an issue body in a TUI—to...

7.8CVSS5.8AI score0.00164EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

5.3CVSS5.3AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48948

Name of the Vulnerable Software and Affected Versions Camaleon CMS version 2.9.2 Description Improper authorization in the administrator draft autosave endpoint allows a low-privileged authenticated user to overwrite a draft associated with another user's post. This is achieved by sending an...

5.1CVSS5.3AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48875

⚠️ If you use hidden volumes in VeraCrypt: Versions 1.26.6 – 1.26.28 had a regression that could weaken plausible deniability of hidden volumes inside file containers CVE-2026-54073. Fixed in 1.26.29. If this applies to you, recreate the container + hidden volume with the new version and securely...

5.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48834

openSUSE released security advisories for CVE-2026-0183 in RoundcubeMail and CVE-2025-3548 in Assimp, addressing XSS/SQL injection and denial-of-service flaws in SLE-15-SP6 and SP7 backports, Linuxsecurity reported. https://t.co/mZCkbHBQjS...

5.3CVSS5.7AI score0.00245EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49042

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.27 Description A state mutation issue exists in the node pairing reconnection process. This allows paired nodes to confuse approval scope decisions, enabling attackers to exploit reconnection logic to restore ...

9.8CVSS5.2AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48924

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

7.5CVSS7.3AI score0.01008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48991

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.31.0 Description When the prettyUrls: true setting is enabled on the @apostrophecms/file module, the public pretty-URL handler constructs an upstream URL using the raw Host HTTP request header. This URL is the...

3.7CVSS5.3AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.3AI score0.01254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48996

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A path traversal issue exists in the getOrgLogo function of the OrganisationsController. The software constructs file paths for organization logos using fields controlled by the organization, su...

5.3CVSS5.4AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48971

MISP contains an insecure default configuration in which the Security.check sec fetch site header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS5.2AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49053

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description An authenticated administrator with access to the security system can provide arbitrary absolute file paths to the Master Password Dump web page to create files...

7.2CVSS8.2AI score0.00353EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49011

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25031700 AVG Antivirus versions prior to VPS 25031700 Norton Antivirus versions prior to VPS 25031700 Avast One versions prior to VPS 25031700 Avast Business Antivirus versions prior to VPS 25031700...

5.5CVSS5.2AI score0.00111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48953

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow platform affected versions not specified Description A flaw in the onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to...

8.8CVSS5.3AI score0.00312EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49012

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25022500 AVG Antivirus versions prior to VPS 25022500 Norton Antivirus versions prior to VPS 25022500 Avast One versions prior to VPS 25022500 Avast Business Antivirus versions prior to VPS 25022500...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48829

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS5.2AI score0.0035EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48917

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS5.1AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49024

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An exec denylist bypass exists in the bundle MCP loopback session-spawn path. This allows authenticated callers to bypass intended command restrictions and start sessions with broader command...

6.9CVSS5.2AI score0.00094EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48874

@0xmagic0 @Manifold ai sec CVE-2026-54052 assigned to this critical vulnerability...

5.3AI score0.00043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48841

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

8.1CVSS5.6AI score0.00401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48688

Name of the Vulnerable Software and Affected Versions netty-codec-http2 versions prior to 4.1.135.Final netty-codec-http2 versions prior to 4.2.15.Final Description The DelegatingDecompressorFrameListener class manages HTTP/2 decompression by using a per-stream EmbeddedChannel to run decompressio...

7.5CVSS5.3AI score0.00594EPSS
Exploits0References62
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48742

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An issue in browser control allows authenticated users to perform server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make request...

7.7CVSS5.2AI score0.00247EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48752

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48642

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

4.3CVSS7.7AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48627

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description The annotation detection mechanism for...

7.5CVSS5.5AI score0.00352EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48638

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.0 and later Description An Out-of-Memory OOM Denial of Service DoS issue exists due to unbounded frame count processing in the VideoMediaIO.load base64 function. When processing video/jpeg data URLs, the system splits the...

7.5CVSS7.4AI score0.00543EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48670

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48748

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.24 Description An authorization bypass exists in the MCP loopback feature. This allows non-owner callers to circumvent owner-only tool policies and before-tool-call hooks. When the feature is enabled and...

6.9CVSS6AI score0.00096EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48732

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48712

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS5.4AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48773

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description An inappropriate implementation in Headless mode allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page....

9.6CVSS5.3AI score0.00229EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48791

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progress video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been...

9.8CVSS5.7AI score0.00364EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48640

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS5.4AI score0.00113EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48807

Name of the Vulnerable Software and Affected Versions Arc versions prior to 26.06.1 Description Arc registers Go net/http/pprof handlers at the /debug/pprof/ endpoint. Due to a configuration where /debug/pprof is added to PublicPrefixes and the authentication middleware short-circuits before toke...

8.8CVSS6AI score0.0009EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48743

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A path traversal issue exists in the memory-core artifact loading process, where the workspace state affects how the local package root is resolved. This allows attackers with access to affected...

7.8CVSS5.5AI score0.00114EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-49052

Name of the Vulnerable Software and Affected Versions Allegra affected versions not specified Description A flaw in the downloadAttachment method allows remote attackers to execute arbitrary scripts on affected installations. This occurs due to insufficient validation of user-supplied data,...

4.6CVSS5.4AI score0.00225EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48701

Name of the Vulnerable Software and Affected Versions 389 Directory Server 389-ds-base affected versions not specified Description An integer overflow exists in the SASL I/O layer within the sasl io start packet function. When a crafted SASL packet length prefix of 0xFFFFFFFC is processed, adding...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References35
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48560

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash denial of service...

5.6CVSS5.9AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48404

Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop by providing a specially crafted ICNS image buffer. By supplying an ICNS buffer with valid magi...

8.7CVSS5.5AI score0.0043EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48679

Name of the Vulnerable Software and Affected Versions wicked versions prior to 0.6.79 Description An indirect remote shell command injection exists due to unsanitized DHCP options. The issue involves improper processing of posix-tz-dbname and tz-string options, as well as a failure to escape...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48432

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs during the serialization of objectclass definitions. The length of the oc superior SUP field is omitted from buffer size calculations within the rea...

6.5CVSS6.2AI score0.00349EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48400

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

8.4CVSS5.2AI score0.00122EPSS
Exploits1References7
Total number of security vulnerabilities5000