Lucene search
K
PtsecurityRecent

184497 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-52021

In the Linux kernel, the following vulnerability has been resolved: block: fix zones cond memory leak on zone revalidation error paths When blk revalidate disk zones fails after disk revalidate zone resources has allocated args.zones cond, the memory is leaked because no error path frees it...

5.7AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51851

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where a null pointer dereference can occur in the decode choose args function. This happens when processing a CEPH MSG OSD MAP message containing...

7.8CVSS5.8AI score0.0053EPSS
Exploits1References379
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.28 views

PT-2026-52078

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52073

Name of the Vulnerable Software and Affected Versions Ghost versions 5.46.1 through 6.21.1 Description Validation applied to filters on public API endpoints could be partially bypassed, allowing the disclosure of private fields through a brute force attack. The impact varies by database: when usi...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52175

Name of the Vulnerable Software and Affected Versions Drupal Geolocation Field versions 0.0.0 through 3.15.0 Description An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs...

6.1AI score0.00157EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.21 views

PT-2026-51821

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52027

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.03.05.08.02.stable 00 through 0.2026.05.06.15.42.stable 01 Description Warp accepts non-inline OSC 1337;File payloads from terminal output and materializes the decoded payload as a local file without requiring an additiona...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51800

A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b 84449 and earlier allows attackers to overwrite the global job priority configuration...

5.8AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51716

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the checkpoint/restore sysctl path where the ipc idr alloc function forwards requests to idr alloc with an open-ended upper bound. When the valid SysV IPC id space is...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References402
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51849

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the libceph component allows a remote attacker to cause a system crash and a Denial of Service DoS by sending a specially crafted CEPH MSG OSD MAP message. The issue occurs in...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References89
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51840

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the send sigio and send sigurg functions when a process group receives a signal. This happens because these functions use read lock&tasklist lock to traverse the...

7.5CVSS5.8AI score0.00612EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51842

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the I2C TIMEOUT ioctl. The function accepts a user-provided timeout value in multiples of 10 ms. Although the argument is checked against INT MAX, it is...

5.9AI score0.00185EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipc/shm component where the shm destroy orphaned function iterates through the shm idr using shm idsns.rwsem, which fails to serialize all fields evaluated by shm...

5.9AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel due to a missing zerocopy reference in the pskb carve inside header and pskb carve inside nonlinear functions. Both functions copy the s...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References410
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51717

Name of the Vulnerable Software and Affected Versions Linux kernel version 7.1.0-rc1-00305-gbd3a4795d574 Description A use-after-free issue exists in the SCTP implementation of the Linux kernel. When a Stale Cookie ERROR is received, the association is rolled back from COOKIE ECHOED to COOKIE WAI...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References91
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51705

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the netfilter nf queue component. The br pass frame up function rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCAL ...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52179

Summary Description An Improper Authorization CWE-285 issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Discovery branch. This impacts...

9.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the DEVMAP HASH branch in the dev map redirect multi function uses hlist for each entry safe to iterate through hash buckets. This function is...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52113

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ALSA System on Chip ASoC sti driver, regmap field objects allocated during player initialization are not freed. This leads to a resource leak if the driver is removed. The issue i...

5.9AI score0.00172EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52047

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Web Authentication component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially exploit he...

7.5CVSS6AI score0.00149EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52070

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Ghost, a Node.js content management system, fails to restrict outbound HTTP requests when refetching missing image dimensions during post re-rendering. An authenticated staff user with permissio...

5.4CVSS5.8AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51648

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51999

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the mt7925 WiFi driver. The issue occurs in the mt7925 mac write txwi function, where the vif variable is accessed via ieee80211 vif is mldvif withou...

5.7CVSS6AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51792

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions prior to 6.6.1 Description An issue exists where the workspace directory name is not correctly escaped when embedded into a generated SSH wrapper script. This allows attackers who can control the name of a...

5CVSS6.1AI score0.00207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51823

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference document using a whitelisted write path and trigger script execution when users open the affected Auto...

4.6CVSS6AI score0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51982

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the bcmgenet put txcb function. The write ptr points to the next open tx cb, but the function must rewind the pointer before returning the tx cb to ensure i...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52034

Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...

4.3CVSS5.8AI score0.00278EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.21 views

PT-2026-51676

Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.35 Description An arbitrary code execution issue exists in the conditional configuration file processing of Java applications. An attacker can execute arbitrary code by compromising an existing logback...

7CVSS6.5AI score0.00122EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51848

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the decode choose args function fails to properly handle errors during rbtree insertion. When processing a CEPH MSG OSD MAP message...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References379
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the btrfs file system when the flushoncommit mount option is used. The issue arises during a reflink operation that copies an inline extent to an offset beyond th...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References377
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51726

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io poll get ownership function where a signed comparison is used to determine if poll refs has reached the threshold for the slowpath. Because atomic read returns ...

9.8CVSS5.7AI score0.93235EPSS
Exploits38References281
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51675

Name of the Vulnerable Software and Affected Versions SignUp & SignIn plugin for WordPress versions prior to 1.0.1 Description The SignUp & SignIn plugin for WordPress contains an authentication bypass that allows unauthenticated attackers to take over any account, including administrator account...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASOC qcom qdsp6 topology component where the system fails to verify the widget type before accessing private data. This can occur when a virtual widget is not...

9.8CVSS6AI score0.0053EPSS
Exploits4References376
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51711

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth subsystem where the bt sock poll function iterates through the accept q accept queue without proper synchronization. This lack of synchronization can lea...

9.8CVSS5.7AI score0.0049EPSS
Exploits0References407
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51947

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the clone alias function within the AMD IOMMU driver. The function incorrectly assumes that the first argument pdev is always the original device pointer. Because pci...

9.8CVSS5.7AI score0.0049EPSS
Exploits3References393
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51910

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the cryptographic coprocessor CCP driver. When processing AF ALG rfc3686-ctr-aes-ccp requests, the ccp aes complete function restores more data than the allocated buffer...

9.8CVSS6AI score0.0049EPSS
Exploits0References400
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51965

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth Logical Link Control and Adaptation Protocol L2CAP implementation. A remote Bluetooth Low Energy BLE device can trigger the issue by sending a specially...

9.8CVSS5.8AI score0.0049EPSS
Exploits3References401
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51919

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the greybus raw component. The problem occurs when a raw bundle is disconnected while its character device chardev remains open by an application. Becaus...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

9.1CVSS5.8AI score0.00649EPSS
Exploits1References29
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51958

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc7 Description In passthrough mode, a null pointer dereference occurs when dm-cache attempts to invalidate a cache entry while a concurrent write to the same cached block causes the bio prison cell lock to fail. In...

5.6CVSS6AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51649

Name of the Vulnerable Software and Affected Versions Xpro Addons — 140+ Widgets for Elementor versions prior to 1.7.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inject...

6.4CVSS6AI score0.00256EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52028

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...

8.6CVSS6AI score0.00145EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51813

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description The XML parser is not configured to prevent XML external entity XXE attacks. This allows attackers who can control the responses from the configured Assembla server to extract secrets...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52004

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the s390 BPF JIT Just-In-Time compiler, which is a component that translates BPF bytecode into native machine code for faster execution. The s390x ABI Application Bina...

7.8CVSS6AI score0.0012EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52031

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable 00 until 0.2026.05.06.15.42.stable 01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52065

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.9 Description A Cross-Site Scripting XSS issue exists where a non-privileged user can execute arbitrary Javascript within the session of a logged-in Administrative user. This occurs because the Client header us...

5.7CVSS6.1AI score0.00194EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52092

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS5.9AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51790

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description Sandboxed Groovy scripts fail to intercept implicit type casts applied to elements of typed for-each loops. This allows attackers who can provide such scripts to...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51738

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.6.2 Description Improper output neutralization for logs in upKeeper Instant Privilege Access on Windows enables Log Injection, Tampering, and Forging. This occurs when the application fails...

7.9CVSS5.8AI score0.00264EPSS
Exploits0References7
Total number of security vulnerabilities184497