Lucene search
K
PtsecurityRecent

184484 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52112

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Lute's HTML sanitizer fails to remove elements. When combined with the permissive security configuration of the SiYuan Electron client, this allows an attacker to embed a malicious within a Bazaar...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52079

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description When using Ruby versions older than 3.4, the PrivateAddressCheck.private address? function incorrectly returns false for...

8.6CVSS6AI score0.00232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51809

Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions prior to 3.12 Description Missing permission checks allow users with Overall/Read permission to enumerate the names of configured Contrast metadata. Recommendations Update Jenkin...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51833

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs in the Number Card component when user-controlled data is unsafely evaluated. This happens specifically within the filters config variable, where th...

4.6CVSS6.2AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51977

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-13195-g967e8def1100 Description An issue exists in the Linux kernel where the bpf fd array map clear function fails to yield the processor during its execution loop. For PROG ARRAY maps containing a large...

6.8CVSS6.1AI score0.00156EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51672

Name of the Vulnerable Software and Affected Versions Kargo Takip versions prior to 1.3 Description The Kargo Takip plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web applicatio...

7.2CVSS5.9AI score0.0029EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52177

Name of the Vulnerable Software and Affected Versions Tealium iQ Tag Management versions 0.0.0 through 2.4.0 Description Improperly controlled modification of dynamically-determined object attributes in the Tealium iQ Tag Management module allows for Object Injection. This occurs because the...

6.1AI score0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52167

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module and...

6.2AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52164

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description Stored Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize administrator-configured response messages. Specifically, the "Yes response", "No...

6AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52170

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description An incorrect authorization issue allows forceful browsing. Under certain conditions, the agen...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52166

Name of the Vulnerable Software and Affected Versions Drupal OpenAI Provider versions 0.0.0 through 1.1.1 Drupal OpenAI Provider versions 1.2.0 through 1.2.2 Description Insufficient sanitization of user-supplied URLs leads to a Server-Side Request Forgery SSRF, a flaw where an attacker can induc...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52174

Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module fails to sufficiently restrict access to direct child paragraphs of library items...

6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52169

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description Missing authorization allows forceful browsing within the module that provides the entity typ...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52173

Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module does not sufficiently restrict access to unpublished library items within lists. Th...

6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52165

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description An incorrect authorization issue in the Advanced Content Feedback module allows forceful browsing. The module fails to sufficiently verify authorization over the targete...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52171

Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...

6.1AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52172

Name of the Vulnerable Software and Affected Versions WissKI versions 0.0.0 through 4.2.0 Description A missing authorization issue in the wisski mirador submodule allows forceful browsing and access bypass. The module fails to sufficiently validate parameters submitted via a route before writing...

6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52091

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51794

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52003

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the powerpc architecture's page table fragment management. The system uses pt frag refcount to track page table fragments. When pte free defer is called during madvise...

4.8CVSS6AI score0.00161EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52114

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description An authenticated user can craft outbound requests that reach loopback-bound services inside the container. This occurs because the outbound HTTP host filter applied by WebClientUtils used by the REST...

9.1CVSS5.8AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-52021

In the Linux kernel, the following vulnerability has been resolved: block: fix zones cond memory leak on zone revalidation error paths When blk revalidate disk zones fails after disk revalidate zone resources has allocated args.zones cond, the memory is leaked because no error path frees it...

5.7AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51851

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where a null pointer dereference can occur in the decode choose args function. This happens when processing a CEPH MSG OSD MAP message containing...

7.8CVSS5.8AI score0.0053EPSS
Exploits1References379
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52034

Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...

4.3CVSS5.8AI score0.00278EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.28 views

PT-2026-52078

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52073

Name of the Vulnerable Software and Affected Versions Ghost versions 5.46.1 through 6.21.1 Description Validation applied to filters on public API endpoints could be partially bypassed, allowing the disclosure of private fields through a brute force attack. The impact varies by database: when usi...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52175

Name of the Vulnerable Software and Affected Versions Drupal Geolocation Field versions 0.0.0 through 3.15.0 Description An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs...

6.1AI score0.00157EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.21 views

PT-2026-51821

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52027

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.03.05.08.02.stable 00 through 0.2026.05.06.15.42.stable 01 Description Warp accepts non-inline OSC 1337;File payloads from terminal output and materializes the decoded payload as a local file without requiring an additiona...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51800

A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b 84449 and earlier allows attackers to overwrite the global job priority configuration...

5.8AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51716

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the checkpoint/restore sysctl path where the ipc idr alloc function forwards requests to idr alloc with an open-ended upper bound. When the valid SysV IPC id space is...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References402
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51849

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the libceph component allows a remote attacker to cause a system crash and a Denial of Service DoS by sending a specially crafted CEPH MSG OSD MAP message. The issue occurs in...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References89
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51840

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the send sigio and send sigurg functions when a process group receives a signal. This happens because these functions use read lock&tasklist lock to traverse the...

7.5CVSS5.8AI score0.00612EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51842

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the I2C TIMEOUT ioctl. The function accepts a user-provided timeout value in multiples of 10 ms. Although the argument is checked against INT MAX, it is...

5.9AI score0.00185EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipc/shm component where the shm destroy orphaned function iterates through the shm idr using shm idsns.rwsem, which fails to serialize all fields evaluated by shm...

5.9AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel due to a missing zerocopy reference in the pskb carve inside header and pskb carve inside nonlinear functions. Both functions copy the s...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References410
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51717

Name of the Vulnerable Software and Affected Versions Linux kernel version 7.1.0-rc1-00305-gbd3a4795d574 Description A use-after-free issue exists in the SCTP implementation of the Linux kernel. When a Stale Cookie ERROR is received, the association is rolled back from COOKIE ECHOED to COOKIE WAI...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References91
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51706

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the batman-adv module. When a batadv hard iface is disabled, its mesh iface pointer is set to NULL. The function batadv v ogm send meshif may still...

6AI score0.00122EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51705

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the netfilter nf queue component. The br pass frame up function rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCAL ...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52179

Summary Description An Improper Authorization CWE-285 issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Discovery branch. This impacts...

9.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.3 views

PT-2026-54575

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код...

7.1CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the DEVMAP HASH branch in the dev map redirect multi function uses hlist for each entry safe to iterate through hash buckets. This function is...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52113

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ALSA System on Chip ASoC sti driver, regmap field objects allocated during player initialization are not freed. This leads to a resource leak if the driver is removed. The issue i...

5.9AI score0.00172EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52047

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Web Authentication component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially exploit he...

7.5CVSS6AI score0.00149EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52070

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Ghost, a Node.js content management system, fails to restrict outbound HTTP requests when refetching missing image dimensions during post re-rendering. An authenticated staff user with permissio...

5.4CVSS5.8AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51648

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51999

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the mt7925 WiFi driver. The issue occurs in the mt7925 mac write txwi function, where the vif variable is accessed via ieee80211 vif is mldvif withou...

5.7CVSS6AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51919

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the greybus raw component. The problem occurs when a raw bundle is disconnected while its character device chardev remains open by an application. Becaus...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References4
Total number of security vulnerabilities184484