Lucene search
K
PtsecurityRecent

184867 matches found

Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•7 views

PT-2026-52063

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x Node.js versions 24.x Node.js versions 26.x Description A flaw in the Node.js Permission API allows file metadata to be modified even when a path is configured as read-only, such as when using the --allow-fs-read flag...

7.5CVSS6.6AI score0.02806EPSS
Exploits1References142
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•6 views

PT-2026-52061

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x and earlier Node.js versions 24.x and earlier Node.js versions 26.x and earlier Description A flaw in TLS hostname handling allows embedded-nul hostnames to cause silent authority rebinding. This occurs due to c-string...

9.8CVSS6.6AI score0.02806EPSS
Exploits0References144
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•11 views

PT-2026-51166

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-51167

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.27.1 Description When clients are launched with the non-default /cache:codec:rfx option, the software passes the desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data. However, in the gdi Bitmap...

7.5CVSS6.3AI score0.00452EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51165

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51164

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•13 views

PT-2026-51163

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•25 views

PT-2026-51162

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•12 views

PT-2026-51065

Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...

9.3CVSS6.6AI score0.00284EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•17 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•25 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function in src/backend/base/langflow/helpers/flow.py...

8.4CVSS6.3AI score0.0056EPSS
Exploits2References59
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51062

Name of the Vulnerable Software and Affected Versions Stanza version 1.12.0 Description An issue exists where the software attempts to load PyTorch checkpoint files using a safe method but automatically falls back to an unsafe deserialization process when a pickle.UnpicklingError occurs. Because...

7.5CVSS6.2AI score0.00302EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51112

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description The default fileUpload.fileExtensions blocklist can be bypassed by uploading files with non-standard or compound extensions combined with a dangerous content type. This allows the upload...

2.1CVSS5.8AI score0.00406EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51056

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A bug in the CRI plugin allows the propagation of labe...

9.4CVSS6.2AI score0.00208EPSS
Exploits0References66
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51116

Name of the Vulnerable Software and Affected Versions dbt-mcp version 1.19.1 Description The local OAuth helper FastAPI server bundled with dbt-mcp exposes the 'GET /dbt platform context' endpoint without authentication or host-origin validation. After a user completes the OAuth login flow, this...

6.8CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•19 views

PT-2026-51120

Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.1 Description A denial of service issue exists where the engine hangs in an infinite loop during parse time. This occurs when a malformed % case % tag is used without an associated % when % or % else % block...

7.1CVSS6AI score0.00451EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•37 views

PT-2026-51119

Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•19 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51096

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.2 Description An incomplete Server-Side Request Forgery SSRF protection exists in the Link Check API. The tools.IsInternalIP deny-list in internal/tools/net.go fails to block certain IPv6 transition mechanisms an...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-51122

Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...

6.1CVSS5.5AI score0.00194EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•13 views

PT-2026-51097

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 0.22.1 Description The Worker.decompress function in py7zr/worker.py extracts archive entries without tracking the total decompressed size. This allows a specially crafted .7z file to cause disk or memory exhaustion...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•12 views

PT-2026-51074

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...

6.5CVSS6AI score0.00088EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51068

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0-ea.1 through 3.7.4 Description A fail-open authentication issue exists in the Kubernetes Ingress NGINX provider. When an Ingress explicitly enables BasicAuth or DigestAuth using the nginx.ingress.kubernetes.io/auth-type...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References17
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51093

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-51075

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description CoreWCF UnixDomainSocket POSIX peer identity resolution utilizes non-reentrant getpwuid and getgrgid calls. This creates a race condition where concurrent connections...

6.2CVSS6AI score0.001EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•18 views

PT-2026-51077

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite but fails to validate the...

3.7CVSS6AI score0.00157EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51070

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...

5.9CVSS6AI score0.00238EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-51071

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The SamlSerializer skips the final SignatureValue verification when a service validates SAML tokens using a non-X.509 signing token. This occurs when the service is...

7.4CVSS5.9AI score0.0015EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•11 views

PT-2026-51081

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.9.1 Description CoreWCF SPNEGO SecurityContextToken SCT negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-51080

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification fails to ensure that the selected ds:Signature covers the expected Security header target. This allows an attacker who has captured ...

7.4CVSS6AI score0.00143EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•32 views

PT-2026-51066

Name of the Vulnerable Software and Affected Versions jupyterlab-git versions prior to 0.54.0 Description An authenticated user on a case-insensitive filesystem such as macOS APFS or Windows NTFS can bypass the excluded paths security control. The issue occurs because the GitHandler.prepare...

7.1CVSS6.1AI score0.00285EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•13 views

PT-2026-51076

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token replay protection is inoperative because the DefaultTokenReplayCache.TryAdd function does not reject duplicate tokens when DetectReplayedTokens is enabled...

5.9CVSS5.9AI score0.00268EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51079

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML 1.1 and SAML 2.0 token validation fails to correctly resolve the issuer signing key or enforce signed tokens when IdentityConfiguration is used with federated...

10CVSS6AI score0.00246EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-51072

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service listening on a Kafka topic stops processing new records when the KafkaTransportPump receives a null-value tombstone record. A tombstone record is a...

6.5CVSS6AI score0.00336EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•17 views

PT-2026-51048

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A maliciously crafted image can cause a Denial of...

9.9CVSS5.9AI score0.00781EPSS
Exploits0References63
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51069

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description An unauthenticated remote attacker can trigger premature EOF End of File handling during the framing handshake of the net.tcp, net.pipe, or net.uds components. This...

7.5CVSS6AI score0.00476EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•19 views

PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•12 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score0.00404EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•13 views

PT-2026-51023

Name of the Vulnerable Software and Affected Versions Lima versions prior to 2.1.3 Description An unprivileged user within a Lima QEMU guest can escalate privileges to root. The issue stems from the guest-agent socket located at /run/lima-guestagent.sock being world-writable permissions 0o777 and...

8.2CVSS6.2AI score0.00197EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-51022

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Node.js HTTP Agent allows a client to accept a response as valid even if it was sent before the client transmitted the request. This issue has caused real-world...

4.3CVSS5.8AI score0.00371EPSS
Exploits1References114
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•14 views

PT-2026-51028

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.1.0 Description An open source implementation of the h.265 video codec contains a signed integer overflow in the de265 image get buffer function. This occurs when processing a crafted H.265 bitstream with 16-bit bi...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•18 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00135EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•19 views

PT-2026-50976

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9.0 Description Improper input handling in the toCedarExpr method on Cedar Value types allows for Cedar-expression injection. The method fails to...

8.8CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-50974

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description The OIDC authenticator fails to validate the JWT audience aud claim when no audience is configured. In environments where a single identity provider issues tokens for multiple services, a token...

6.8CVSS5.8AI score0.00298EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•18 views

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

8.3CVSS6AI score0.00384EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

9.2CVSS5.9AI score0.00397EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-50981

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...

7.6CVSS6.2AI score0.00414EPSS
Exploits0References37
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•9 views

PT-2026-50982

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description An arbitrary address write issue exists in the reference AV1 codec implementation. A missing bounds check in the Scalable Video Coding SVC layer ID control function allows an attacker to injec...

7.6CVSS6.1AI score0.00414EPSS
Exploits0References36
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•16 views

PT-2026-50983

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap-buffer-overflow read occurs in the reference AV1 codec implementation due to a missing bounds check in the SVC Scalable Video Coding layer ID control function. This allows the spatial...

7.1CVSS5.7AI score0.00272EPSS
Exploits0References34
Total number of security vulnerabilities184867