Lucene search
K
PtsecurityRecent

184424 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51677

Name of the Vulnerable Software and Affected Versions Welcome Software Publishing versions prior to 0.0.32 Description The plugin is subject to an Arbitrary Options Update issue caused by a missing capability check in the nc setOption function, which is exposed through the 'nc.setOption' XML-RPC...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52025

‼️ Erlang Plug: disponibile in rete PoC per lo sfruttamento della CVE-2026-54982 Rischio: 🟠 Tipologia: 🔸 Denial of Service 🔗 https://www.acn.gov.it/portale/w/rilevata-nuova-vulnerabilita-in-erlang-plug 🔄 Aggiornamenti disponibili 🔄...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51918

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the greybus raw component. If a user performs a write operation to the chardev after a disconnect has been initiated, the kernel may panic due to a NULL...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the handling of Generic Segmentation Offload GSO packet headers. The qdisc pkt len segs init function fails to properly pull headers into the expected memory location,...

8.4CVSS5.8AI score0.00123EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51707

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the running payload length for queued fragments can be truncated during updates. This allows malformed fragment chains to bypass validation...

9.8CVSS5.7AI score0.00519EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52097

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Description The ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. While the LinkSpan component utilizes sanitizeUrl t...

4.4CVSS6AI score0.00118EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52112

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Lute's HTML sanitizer fails to remove elements. When combined with the permissive security configuration of the SiYuan Electron client, this allows an attacker to embed a malicious within a Bazaar...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52079

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description When using Ruby versions older than 3.4, the PrivateAddressCheck.private address? function incorrectly returns false for...

8.6CVSS6AI score0.00232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51809

Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions prior to 3.12 Description Missing permission checks allow users with Overall/Read permission to enumerate the names of configured Contrast metadata. Recommendations Update Jenkin...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51833

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs in the Number Card component when user-controlled data is unsafely evaluated. This happens specifically within the filters config variable, where th...

4.6CVSS6.2AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51977

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-13195-g967e8def1100 Description An issue exists in the Linux kernel where the bpf fd array map clear function fails to yield the processor during its execution loop. For PROG ARRAY maps containing a large...

6.8CVSS6.1AI score0.00156EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51672

Name of the Vulnerable Software and Affected Versions Kargo Takip versions prior to 1.3 Description The Kargo Takip plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web applicatio...

7.2CVSS5.9AI score0.0029EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52177

Name of the Vulnerable Software and Affected Versions Tealium iQ Tag Management versions 0.0.0 through 2.4.0 Description Improperly controlled modification of dynamically-determined object attributes in the Tealium iQ Tag Management module allows for Object Injection. This occurs because the...

6.1AI score0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52167

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module and...

6.2AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52164

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description Stored Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize administrator-configured response messages. Specifically, the "Yes response", "No...

6AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52170

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description An incorrect authorization issue allows forceful browsing. Under certain conditions, the agen...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52166

Name of the Vulnerable Software and Affected Versions Drupal OpenAI Provider versions 0.0.0 through 1.1.1 Drupal OpenAI Provider versions 1.2.0 through 1.2.2 Description Insufficient sanitization of user-supplied URLs leads to a Server-Side Request Forgery SSRF, a flaw where an attacker can induc...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52174

Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module fails to sufficiently restrict access to direct child paragraphs of library items...

6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52175

Name of the Vulnerable Software and Affected Versions Drupal Geolocation Field versions 0.0.0 through 3.15.0 Description An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs...

6.1AI score0.00157EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52169

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description Missing authorization allows forceful browsing within the module that provides the entity typ...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52173

Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module does not sufficiently restrict access to unpublished library items within lists. Th...

6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52165

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description An incorrect authorization issue in the Advanced Content Feedback module allows forceful browsing. The module fails to sufficiently verify authorization over the targete...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52171

Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...

6.1AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52172

Name of the Vulnerable Software and Affected Versions WissKI versions 0.0.0 through 4.2.0 Description A missing authorization issue in the wisski mirador submodule allows forceful browsing and access bypass. The module fails to sufficiently validate parameters submitted via a route before writing...

6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52091

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51794

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51697

Name of the Vulnerable Software and Affected Versions Generate Security.txt plugin for WordPress versions prior to 1.0.13 Description The plugin fails to properly verify user authorization for specific actions. This allows authenticated attackers with subscriber-level access or higher to delete t...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51847

Content removed...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-55748

This update for sg3 utils fixes the following issue - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-55690

Root has patched GHSA-64g7-mvw6-v9qj in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-55665

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=526758819 Crash type: Bad-cast Crash state: Bad-cast to Ogre::HardwareBuffer from invalid vptr Ogre::HardwareBuffer::unlockImpl Ogre::HardwareBuffer::unlock...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52873

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51830

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Cross-Site Scripting XSS issue occurs due to improper neutralization of untrusted input within the Form Dashboard headline renderer. This allows for stored XSS, where malicious scripts are...

4.6CVSS6AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-55715

Root has patched GHSA-cjmm-f4jc-qw8r in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-55713

Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-55716

Root has patched GHSA-h8r8-wccr-v5f2 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52998

CVE ID :CVE-2026-56119 Published : June 24, 2026, 3:12 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51949

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hisilicon/sec2 crypto component. Under heavy load during packet transmission, the hardware may complete packet processing and free the request memory...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51801

Missing permission checks in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.8AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52076

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Servicecustom Client API's call method accepts an order id parameter and retrieves the associated order without verifying if the authenticated client owns it. This allows an authenticated...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-54578

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

4.9CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-52142

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Command Injection occurs due to insufficient sanitization in the escape command function located at lib/rrd.php, which acts as a no-op by returning the $command unchanged. The command line constructed...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51714

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where specific hash set variants—hash:ip,mark, hash:ip,port, hash:ip,port,ip, and hash:ip,port,net—iterate IPv4 ranges using a 32-bit...

6AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52037

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid reconfigure task discard function located in /filter core/filter pid.c. A use-after-free occurs when a program continues to use a...

5.5CVSS5.7AI score0.00136EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52056

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Autofill component on Windows. This occurs when a remote attacker induces the browser to process a specially crafted HTML page, which can lead to...

8.8CVSS6.1AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.25 views

PT-2026-51901

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the error path of the ice set ringparam function. The issue occurs because ice set ringparam nullifies the tstamp ring of temporary tx ring...

6AI score0.00155EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.20 views

PT-2026-52038

Name of the Vulnerable Software and Affected Versions Tapo C200 v3 Description A denial-of-service DoS issue exists in the network packet handling logic due to improper processing of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.20 views

PT-2026-51657

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...

10CVSS6.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52136

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains an unauthenticated Local File Inclusion LFI, which occurs through the graph theme parameter and rrdtool IPC...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References10
Total number of security vulnerabilities184424