Lucene search
K
PtsecurityRecent

184382 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51737

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in get directory by hash that allows any post to be used as a member directo...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51786

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51812

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

5.9AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51800

A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b 84449 and earlier allows attackers to overwrite the global job priority configuration...

5.8AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51803

An incorrect permission check in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

5.9AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51808

A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

5.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51811

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

6.3AI score0.0042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52143

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description An authentication bypass issue exists within the 'viewclient' webpage due to improper validation of user-supplied data. This allows remote attackers to inject arbitrary scripts,...

8.8CVSS7.5AI score0.0067EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51802

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52124

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the restoreDB function allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a user-supplied...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51778

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited to orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image url, role, and is tmp...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bcmgenet network driver where free bds buffer descriptors are leaked. During the reclamation of the tx queue, the write pointer is fast-forwarded to drop data in...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52087

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the safepath package used by virt-handler. The OpenAtNoFollow function utilizes O PATH|O NOFOLLOW to obtain a file descriptor for a path leaf; however, subsequent operations...

7.3CVSS6AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-52088

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the KubeVirt virt-handler domain notify server. The gRPC handlers HandleDomainEvent and HandleK8SEvent determine the VMI identity namespace/name based only on the request...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51654

Name of the Vulnerable Software and Affected Versions GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes a UDP message and performs an unsafe...

10CVSS6.8AI score0.00436EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51656

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description Memory corruption occurs within the GV-Cloud functionality. A remote attacker can trigger a denial of service by sending a specially crafted network request while impersonating the legitimate...

6.2CVSS5.8AI score0.00197EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-55714

Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51905

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the advance sched function within the taprio component. When should change schedules returns true, the switch schedules function is called to promote the...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51661

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.0172EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51889

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the functions rds for each conn info and rds walk conn path info pass a caller-allocated on-stack u64 buffer to a per-connection visitor. The...

6.2AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51826

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the frappe.get avatar function during image rendering. Stored XSS is a type of...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52034

Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...

4.3CVSS5.8AI score0.00278EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51692

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...

7.5CVSS6AI score0.00347EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51612

Name of the Vulnerable Software and Affected Versions Style Dictionary versions 4.3.0 through 5.4.3 Description Style Dictionary contains a prototype pollution issue within the convertTokenData function. Prototype pollution occurs when an attacker manipulates the proto property of a JavaScript...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.20 views

PT-2026-51894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component of the Linux kernel, specifically within the Network Address Translation NAT subsystem. The issue stems from improper memory management when...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-52151

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A CBB Control Backbone timeout occurs in the tegra194 PCI implementation when PERST is deasserted twice. This issue arises because the functions pci epc deinit notify and dw pcie ep...

5.1CVSS6AI score0.00175EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51831

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the MultiSelectDialog component. Stored XSS is a type of vulnerability where a...

4.8CVSS6AI score0.00239EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51814

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A missing permission check allows users with Overall/Read permission to force the system to connect to an arbitrary URL using a specified username and password. Recommendations Update...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51649

Name of the Vulnerable Software and Affected Versions Xpro Addons — 140+ Widgets for Elementor versions prior to 1.7.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inject...

6.4CVSS6AI score0.00256EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51829

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the File View breadcrumb renderer. Stored XSS is a type of vulnerability where a...

4.6CVSS6AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51685

Name of the Vulnerable Software and Affected Versions RentMy Real-Time Rental Management Plugin versions prior to 4.0.4.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attacke...

5.3CVSS5.9AI score0.00255EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52045

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the FileSystem component. This flaw allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a...

8.8CVSS5.8AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52049

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code within a sandbox by inducing the victim to open a specially crafted HTML page. Use after free is a...

8.8CVSS6.2AI score0.00233EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52053

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Bluetooth component on Mac. This occurs when the system continues to use a memory location after it has been freed, which can be triggered by a...

8.8CVSS6.1AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51832

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51694

Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows authenticated users with contributor-level access or higher to extract sensitive third-party account credentials. The issue occurs because the lb24 block...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51810

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb 2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

5.9AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52123

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the writeFileToHttpServletResponse function. The issue is caused by insufficient validation of a user-supplied path before it is used in file...

7.5CVSS7AI score0.0158EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lock ordering problem exists in the BPF subsystem when using the task vma iterator. Holding the per-VMA lock across the BPF program body can lead to a deadlock when helpers attempt to...

6AI score0.00156EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51912

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the kernel may incorrectly initiate I/O to read pages that have already been updated during Garbage Collection GC. This occurs when a page i...

6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52031

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable 00 until 0.2026.05.06.15.42.stable 01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51998

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mt76 WiFi driver during device destruction. All MT76 rx queues possess an associated page pool, including those not linked to a NAPI, such as WED RRO queues...

6.1AI score0.00166EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51787

Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52101

Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...

6.5CVSS6AI score0.00185EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51942

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during the unmount process in the gfs2 file system. When flushing outstanding glock work, the function gfs2 log flush may be called after sdp-sd jdesc h...

5.8AI score0.00172EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51902

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the ice free tx tstamp ring and ice tx map functions. The ice free tx tstamp ring function clears the ICE TX FLAGS TXTIME flag after setting the tstamp ri...

6AI score0.00155EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51881

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free flaw exists in the drm/amdgpu component within the userq validate function. The issue occurs when amdgpu userq vm validate calls the drm exec fini function on an execution...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...

6AI score0.00175EPSS
Exploits0References14
Total number of security vulnerabilities184382