Lucene search
K
PtsecurityRecent

184321 matches found

Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51904

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2 open during durable reconnect In smb2 open, the call to ksmbd put durable fdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52001

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libertas wifi driver where the system attempts to kill USB Request Blocks URBs within an interrupt context. Serialization for the transmission path was previously...

4.1CVSS6AI score0.00155EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52140

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference occurs in the gf filter in parent chain function located in /filter core/filter pid.c. This issue allows an attacker to trigger a Denial of Service DoS by...

5.5CVSS5.8AI score0.00141EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51828

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the Desk desktop icon renderer. Stored XSS is a type of vulnerability where a malicio...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52077

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The software fails to include a specific IP address...

8.7CVSS5.8AI score0.00337EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•21 views

PT-2026-51794

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-52039

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An inappropriate implementation in DeviceBoundSessionCredentials allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document ...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51850

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds memory access exists in the ceph x decrypt function within libceph. The issue occurs because a portion of buffer p is interpreted as a ceph x encrypt header and its magi...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52028

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...

8.6CVSS6AI score0.00145EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52105

Name of the Vulnerable Software and Affected Versions Sentry versions 24.4.0 through 26.5.1 Description A Regular Expression Denial of Service ReDoS exists in the event ingestion pipeline. This occurs when a regular expression is applied to attacker-controlled fields on incoming events, allowing...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51846

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. This occurs during device recovery when multiple memor...

8.8CVSS5.9AI score0.00131EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52003

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the powerpc architecture's page table fragment management. The system uses pt frag refcount to track page table fragments. When pte free defer is called during madvise...

4.8CVSS6AI score0.00161EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52080

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

6.5CVSS6AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•26 views

PT-2026-52078

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•4 views

PT-2026-52171

Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52148

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURemovableMedia JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51680

Name of the Vulnerable Software and Affected Versions Assistio versions prior to 1.1.3 Description The Assistio plugin for WordPress allows authenticated users with Subscriber-level access and above to perform unauthorized data modification. This occurs because the assistio plugin delete assistio...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52150

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibrarySlot JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51764

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS5.8AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51798

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51805

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a 81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.8AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51806

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

6.3AI score0.00595EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51701

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

5.8AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51683

Name of the Vulnerable Software and Affected Versions EntreDroppers versions prior to 1.1.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Reflected Cross-Site Scripting. This occurs when the PHP SELF parameter reflects attacker-controll...

6.1CVSS6AI score0.00205EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52149

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibraryPort JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51822

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51845

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the drm/xe/dma-buf subsystem involving race conditions when handling the invalidate mappings hook during buffer object initialization and attachment. These races occur...

7.8CVSS5.9AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52114

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description An authenticated user can craft outbound requests that reach loopback-bound services inside the container. This occurs because the outbound HTTP host filter applied by WebClientUtils used by the REST...

9.1CVSS5.8AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52094

🚨 CVE-2026-45689 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single...

9.1CVSS6AI score0.00308EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51961

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pci epf alloc doorbell function where the allocated doorbell message array is stored in epf-db msg and epf-num db before MSI vectors are requested. If the MSI...

6AI score0.00154EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter subsystem where the arena alloc pages function accepts an integer node id and forwards it through the allocation chain without performin...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51922

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An error pointer dereference exists in the USB Type-C subsystem. The cd321x update work function checks if the tps-partner variable is an error pointer; however, if an error is detected,...

6.1AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-51924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Renesas I3C master driver. The xfer structure allocated by the renesas i3c alloc xfer function is not properly freed within the renesas i3c i3c xfers function...

6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51843

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/ttm component where a backup failure can lead to an infinite LRU Least Recently Used walk within the ttm bo shrink function. This occurs because the del bulk...

5.9AI score0.00162EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-52034

Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...

4.3CVSS5.8AI score0.00278EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52008

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the perf allow kernel function is called from the IBS NMI handler. Calling this function within the NMI Non-Maskable Interrupt context is unsafe...

6.8CVSS6AI score0.00154EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51771

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52096

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...

9.3CVSS5.7AI score0.00149EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52117

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51973

In the Linux kernel, the following vulnerability has been resolved: net sched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdisc run end, it operates on the root qdisc. If the root qdisc do not implement the TCQ F DEQUEUE DROPS flag the packe...

5.7AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51911

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data loss issue exists in the f2fs file system when fsync is performed on a newly created file concurrently with a checkpoint operation. The problem occurs because the f2fs need inode...

6AI score0.00162EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51913

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inverted condition exists in the ccu mix trigger fc function. This flaw causes the system to skip the frequency change trigger, which can lead to kernel panics during cpufreq scaling,...

6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-52036

Name of the Vulnerable Software and Affected Versions AnythingLLM versions 1.11.1 through 1.14.0 Description An issue exists where the application fails to perform ownership checks when deleting parsed files. Specifically, the 'POST /api/workspace/:slug/embed-parsed-file/:fileId' endpoint deletes...

5.8AI score0.00236EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52074

Name of the Vulnerable Software and Affected Versions @tryghost/activitypub versions prior to 3.1.0 Description The ActivityPub client in Ghost is susceptible to JavaScript injection. This occurs when the client processes posts shared by a maliciously customized ActivityPub server, allowing the...

7.5CVSS6.1AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51768

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51780

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51765

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51769

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Total number of security vulnerabilities184321