Lucene search
K
PtsecurityRecent

184379 matches found

Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51692

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...

7.5CVSS6AI score0.00347EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•17 views

PT-2026-51612

Name of the Vulnerable Software and Affected Versions Style Dictionary versions 4.3.0 through 5.4.3 Description Style Dictionary contains a prototype pollution issue within the convertTokenData function. Prototype pollution occurs when an attacker manipulates the proto property of a JavaScript...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•20 views

PT-2026-51894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component of the Linux kernel, specifically within the Network Address Translation NAT subsystem. The issue stems from improper memory management when...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•18 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•19 views

PT-2026-52151

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A CBB Control Backbone timeout occurs in the tegra194 PCI implementation when PERST is deasserted twice. This issue arises because the functions pci epc deinit notify and dw pcie ep...

5.1CVSS6AI score0.00175EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51831

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the MultiSelectDialog component. Stored XSS is a type of vulnerability where a...

4.8CVSS6AI score0.00239EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51890

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the ksmbd component of the Linux kernel during the durable v2 open process. When the parse durable handle context function handles a DURABLE REQ V2 request, it...

5.9AI score0.00188EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51814

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A missing permission check allows users with Overall/Read permission to force the system to connect to an arbitrary URL using a specified username and password. Recommendations Update...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•16 views

PT-2026-51649

Name of the Vulnerable Software and Affected Versions Xpro Addons — 140+ Widgets for Elementor versions prior to 1.7.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inject...

6.4CVSS6AI score0.00256EPSS
Exploits0References23
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51829

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the File View breadcrumb renderer. Stored XSS is a type of vulnerability where a...

4.6CVSS6AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51685

Name of the Vulnerable Software and Affected Versions RentMy Real-Time Rental Management Plugin versions prior to 4.0.4.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attacke...

5.3CVSS5.9AI score0.00255EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51693

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52045

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the FileSystem component. This flaw allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a...

8.8CVSS5.8AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52049

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code within a sandbox by inducing the victim to open a specially crafted HTML page. Use after free is a...

8.8CVSS6.2AI score0.00233EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52053

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Bluetooth component on Mac. This occurs when the system continues to use a memory location after it has been freed, which can be triggered by a...

8.8CVSS6.1AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51832

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51694

Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows authenticated users with contributor-level access or higher to extract sensitive third-party account credentials. The issue occurs because the lb24 block...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51810

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb 2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

5.9AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52123

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the writeFileToHttpServletResponse function. The issue is caused by insufficient validation of a user-supplied path before it is used in file...

7.5CVSS7AI score0.0158EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lock ordering problem exists in the BPF subsystem when using the task vma iterator. Holding the per-VMA lock across the BPF program body can lead to a deadlock when helpers attempt to...

6AI score0.00156EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51912

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the kernel may incorrectly initiate I/O to read pages that have already been updated during Garbage Collection GC. This occurs when a page i...

6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52031

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable 00 until 0.2026.05.06.15.42.stable 01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51998

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mt76 WiFi driver during device destruction. All MT76 rx queues possess an associated page pool, including those not linked to a NAPI, such as WED RRO queues...

6.1AI score0.00166EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51787

Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-52101

Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...

6.5CVSS6AI score0.00185EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51942

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during the unmount process in the gfs2 file system. When flushing outstanding glock work, the function gfs2 log flush may be called after sdp-sd jdesc h...

5.8AI score0.00172EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during Translation Lookaside Buffer TLB synchronization, which is a process used to maintain consistency between the CPU cache and the main memory page tables. Th...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51902

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the ice free tx tstamp ring and ice tx map functions. The ice free tx tstamp ring function clears the ICE TX FLAGS TXTIME flag after setting the tstamp ri...

6AI score0.00155EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51881

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free flaw exists in the drm/amdgpu component within the userq validate function. The issue occurs when amdgpu userq vm validate calls the drm exec fini function on an execution...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...

6AI score0.00175EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52035

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable 01 until 0.2026.05.06.15.42.stable 01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

7.7CVSS5.9AI score0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52014

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the PCI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...

5.9AI score0.00157EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52009

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the fsl-mc bus. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This lead...

5.9AI score0.00157EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52081

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 2.9.0 Description An insecure direct object reference IDOR exists in the AI agent monitor's AgentTurnResolver and the agent-turn-grader.service.ts file. The agentTurnsagentId query and the evaluateAgentTurnturnId...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51984

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the Linux kernel regarding the analysis of failure paths for ld abs and ld ind instructions within subprograms. These instructions are permitted in subprograms that ar...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ALSA System on Chip ASoC sti driver, regmap field objects allocated during player initialization are not freed. This leads to a resource leak if the driver is removed. The issue i...

5.9AI score0.00172EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where Bottom Half BH processing is not disabled before calling the udp tunnel xmit skb and udp tunnel6 xmit skb functions. These functions are...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51899

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc7 Description An issue exists in the af unix component where SOCKMAP can hide inflight file descriptors from the AF UNIX Garbage Collector GC. When a socket in SOCKMAP receives a socket buffer skb with an...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51994

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the mt76 wireless driver during remain-on-channel operations. The functions mt76 remain on channel and mt76 roc complete call mt76 set channel while already holding...

5.9AI score0.00166EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52099

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.2 Rocket.Chat versions prior to 8.3.4 Rocket.Chat versions prior to 8.2.4 Rocket.Chat versions prior to 8.1.5 Rocket.Chat versions prior to 8.0.6 Rocket.Chat versions prior ...

6.7CVSS5.8AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52132

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid inst swap delete task function located in /filter core/filter pid.c. This flaw allows an attacker to trigger a Denial of Service DoS b...

7.5CVSS5.7AI score0.0051EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the dlm match regions function, the qr numregions field from a DLM QUERY REGION network message is used to control loops over the qr regions buffer without adequate validation. A...

9.1CVSS5.9AI score0.00521EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the Linux kernel when deleting local storage within a Non-Maskable Interrupt NMI or reentrant context. This happens when freeing storage elements through kfree rc...

6AI score0.00145EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52010

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driver override infrastructure When the AP masks are updated via apmask store or aqmask store, ap bus revise bindings is called after ap attr mutex has been released. This calls ap revise reserved, which...

5.7AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51791

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description The plugin fails to reject Groovy AST Abstract Syntax Tree transformation annotations that contain an extensions member. This allows attackers with the ability to...

8.5CVSS6AI score0.00594EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51760

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52070

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Ghost, a Node.js content management system, fails to restrict outbound HTTP requests when refetching missing image dimensions during post re-rendering. An authenticated staff user with permissio...

5.4CVSS5.8AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipc/shm component where the shm destroy orphaned function iterates through the shm idr using shm idsns.rwsem, which fails to serialize all fields evaluated by shm...

5.9AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51705

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the netfilter nf queue component. The br pass frame up function rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCAL ...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References11
Total number of security vulnerabilities184379