Lucene search
K
PtsecurityRecent

184496 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51494

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51504

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit logs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51584

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.21 through 0.7.2 Description An Insecure Direct Object Reference IDOR exists in the support ticket creation workflow. An authenticated client can create a support ticket that references an order belonging to another...

5.1CVSS5.8AI score0.00265EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51474

Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...

9.8CVSS6.2AI score0.00469EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51578

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.185.0 Description The daemon's git clone implementation disables TLS certificate verification. When a clone request includes Git credentials, the daemon transmits the HTTP Basic Authorization header to the remote...

5.9CVSS5.9AI score0.00117EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51521

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.4 through 0.7.x Description An authorization bypass in the API role handling allows unauthenticated access to privileged '/api/system/' endpoints. Because system resolves to the cron admin identity, attackers can invok...

10CVSS5.9AI score0.00408EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51512

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A memory leak exists in coders/txt.c during the processing of TXT files containing texture attributes. The issue occurs because the texture object...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References86
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.52 views

PT-2026-51626

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51653

Name of the Vulnerable Software and Affected Versions Hoppscotch affected versions not specified Description Four independent weaknesses allow an unauthenticated request to lead to full server compromise. Recommendations At the moment, there is no information about a newer version that contains a...

10CVSS5.9AI score0.0059EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.2 views

PT-2026-54572

Уязвимость архиватора 7-Zip связана с нарушением механизма защиты данных Mark of the Web MOTW. Эксплуатация уязвимости может позволить нарушителю обойти существующие механизмы безопасности и проводить спуфинг-атаки...

2.1CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51638

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.1 Description The HTTP backend in mise improperly handles version strings for non-latest versions when creating install symlinks. Instead of using a sanitized version pathname, it uses the raw resolved version...

5.5CVSS6AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51651

Name of the Vulnerable Software and Affected Versions Hubbell Aclara Metrum affected versions not specified Description The Cellular Web Interface contains a flaw where missing authentication allows unauthenticated attackers to manipulate critical device settings and disrupt operations. This issu...

8.7CVSS5.8AI score0.00726EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51576

Name of the Vulnerable Software and Affected Versions immich versions 4ffa26c9 through 4eb1003 Description A reflected cross-site scripting XSS issue exists on the '/auth/login' page. The continue query parameter is processed by SvelteKit's redirect function without proper scheme or origin...

9.6CVSS6AI score0.00235EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-55519

Mumble is prone to an out-of-bounds array access, which may result in denial of service client crash...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51611

Name of the Vulnerable Software and Affected Versions Anthropic Claude Desktop Cowork VM versions 1.1348.0 through 1.2278.0 Description The Cowork VM image handling process validates only the presence of the file and a version marker string before booting rootfs.img, failing to verify the integri...

8.7CVSS6.4AI score0.00103EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51610

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...

5.1CVSS5.7AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-55663

Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal Summary Myself and others have reported several RCE vulnerabilities to this project. However, due to the nature of the app, these are largely not of all that much value, as there is built-in functionality to...

10CVSS6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51586

Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description The plugins/modules/keyring info.py module retrieves passphrases from native operating system keyrings, such as GNOME Keyring, macOS Keychain, and Windows Credential Manager. The issue occurs...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51599

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description An issue exists in the POJOPropertiesCollector. renameProperties function where a property with @JsonProperty"renamed" on the getter and...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51636

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description A cross-tenant data injection issue exists in the Accessories API when Full Multiple Companies Support is enabled. A low-privileged authenticated user can create accessory records belonging to a...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51621

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An open redirect issue exists where attacker-controlled redirect to parameters can bypass validation, allowing redirection to arbitrary external sites. This occurs in all redirects validated via the...

5.4CVSS6AI score0.00554EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.45 views

PT-2026-51514

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A command injection issue exists in the SVG decoder. This allows attackers to inject arbitrary Magick Vector Graphics MVG drawing commands by crafting...

9.2CVSS6AI score0.00895EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51562

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51509

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...

6.8CVSS5.9AI score0.00103EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51598

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.8.0 through 2.18.8 jackson-databind versions 2.21.0 through 2.21.4 jackson-databind versions 3.0.0 through 3.1.3 Description In the createContextual function of BeanDeserializerBase, per-property @JsonIgnoreProperti...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.32 views

PT-2026-51596

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray function allowlists any...

8.1CVSS5.7AI score0.00695EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51595

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description An issue exists in the PolymorphicTypeValidator PTV, the primary safety mechanism for...

8.1CVSS6.5AI score0.00617EPSS
Exploits1References33
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51534

OpenHarness /issue and /pr comments slash commands lack remote invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr...

5.4CVSS6AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51553

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

6.1CVSS6.2AI score0.00217EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51605

Name of the Vulnerable Software and Affected Versions Fortra File Integrity Monitoring FIM versions prior to 9.4.0 Description An issue exists where incorrect or elevated effective permissions may be assigned to users created by the tetool import command while the software is running. This occurs...

4.4CVSS5.7AI score0.00101EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51549

Name of the Vulnerable Software and Affected Versions Tenable Identity Exposure affected versions not specified Description Multiple unauthenticated API endpoints under '/w/api/' expose sensitive application configuration data to remote attackers. The leaked information includes cleartext LDAP...

8.7CVSS7.2AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51570

An issue in the sqlo untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51544

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the t set push component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no information...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51472

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A heap out-of-bounds read occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the...

3.7CVSS6.1AI score0.00367EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51473

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A flaw in OpenSSH allows a local unprivileged attacker on a Linux client host to hijack client-side X11 forwarding connections. This occurs when X11 forwarding is enabled and a local...

6.1CVSS5.7AI score0.0009EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51538

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the sqlo key part best component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51540

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the sqlo natural join cond component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51541

An issue in the sqlo tb col preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51537

An issue in the sqlo place dt set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51543

An issue in the sslr qst get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51539

An issue in the sqlo strip in join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51569

An issue in the sqlo try in loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51542

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the st compare component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no information...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51545

Name of the Vulnerable Software and Affected Versions OpenLink Virtuoso-opensource version 7.2.11 Description A Denial of Service DoS issue exists in the time t to dt component. An unauthenticated attacker can cause the system to crash by executing specially crafted SQL statements. Recommendation...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51471

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A double free flaw exists in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client...

6.5CVSS6.1AI score0.00242EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51616

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An improper access control issue exists in the 'GET /api/v1/object/selectlist' API endpoint due to a missing authorization check. Any authenticated user, regardless of their assigned...

7.1CVSS6AI score0.00385EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51652

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...

7.5CVSS6.2AI score0.00571EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51643

Impact The store method in both the web and API UsersController only strips the superuser permission when a non-superuser creates a user. It does not strip the admin permission. This allows any authenticated user with the users.create permission to create a new user with full admin privileges. Th...

7.1CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.21 views

PT-2026-51566

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A heap use-after-free issue exists in the control socket handling within src/control.c. This occurs when privilege separation is disabled or initialization fails, leaving the control socket in mode...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References4
Total number of security vulnerabilities184496