Lucene search
K
PtsecurityRecent

186843 matches found

Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51902

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the ice free tx tstamp ring and ice tx map functions. The ice free tx tstamp ring function clears the ICE TX FLAGS TXTIME flag after setting the tstamp ri...

6AI score0.00155EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference exists in the Linux kernel's BPF sockmap implementation. The issue occurs because unix stream connect updates the sk state variable to TCP ESTABLISHED before...

5.6CVSS6AI score0.0018EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51744

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A disconnect between the tool layer and libcurl occurs when a user invokes curl with a schemeless URL and the --proto-default option set to sftp or scp. The tool layer incorrectly infers the URL...

7.5CVSS6.1AI score0.00574EPSS
Exploits1References36
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51745

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where a new transfer utilizing STARTTLS to upgrade the connection may incorrectly reuse an existing live connection despite a mismatch in the TLS...

9.8CVSS5.7AI score0.0108EPSS
Exploits5References47
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51663

Name of the Vulnerable Software and Affected Versions libslirp versions prior to v4.9.2 Description An integer underflow and out-of-bounds heap read exist in the TCP urgent data handling sosendoob within hypervisor host environments, such as QEMU. A privileged guest VM attacker with root or CAP N...

6.5CVSS5.8AI score0.00106EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51746

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A logical error in the connection pooling mechanism allows the software to reuse an incorrect connection for Negotiate-authenticated requests. This occurs even when the requests are configure...

9.8CVSS5.8AI score0.0108EPSS
Exploits5References48
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51756

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description Applications using libcurl for transfers via SCP:// or SFTP:// that utilize the CURLOPT SSH KEYFUNCTION callback may silently accept an untrusted server. This occurs when a server presents a...

7.5CVSS5.8AI score0.00543EPSS
Exploits3References48
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•23 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

9.1CVSS5.8AI score0.00649EPSS
Exploits1References29
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51748

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description The logic handling SASL Simple Authentication and Security Layer authentication may clean up the GSASL context twice without clearing the pointer in between. This results in a double-free...

9.8CVSS5.8AI score0.0108EPSS
Exploits8References46
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51754

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where libcurl may send request data on a new connection before enforcing certificate verification failure. This occurs when a user first connects to a legitimate HTTP/3 server...

9.8CVSS5.8AI score0.0108EPSS
Exploits12References46
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51750

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When reusing a handle for sequential transfers driven by environment-variable proxy configuration, the software fails to clear the proxy authentication state between requests. If an initial...

9.8CVSS5.8AI score0.0108EPSS
Exploits6References48
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•16 views

PT-2026-51958

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc7 Description In passthrough mode, a null pointer dereference occurs when dm-cache attempts to invalidate a cache entry while a concurrent write to the same cached block causes the bio prison cell lock to fail. In...

5.6CVSS6AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where Bottom Half BH processing is not disabled before calling the udp tunnel xmit skb and udp tunnel6 xmit skb functions. These functions are...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51752

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A flaw exists where the software fails to clear proxy authentication credentials when instructed to do so. This results in old credentials remaining available and potentially being used for...

9.8CVSS5.8AI score0.0108EPSS
Exploits9References47
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51753

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A use-after-free issue occurs when the curl easy pause function is called within the event-based CURLMOPT SOCKETFUNCTION callback. This leads to a situation where libcurl attempts to store a...

9.8CVSS5.7AI score0.0108EPSS
Exploits12References47
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52091

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock exists in the mt7921 roc abort sync function within the mt76 wireless driver. The issue occurs when roc abort sync calls cancel work sync, which waits for roc work t...

5.6CVSS5.8AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•23 views

PT-2026-52136

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains an unauthenticated Local File Inclusion LFI, which occurs through the graph theme parameter and rrdtool IPC...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52146

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51767

Capgo before 12.128.2 fails to enforce limited to orgs and limited to apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52115

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS6AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the recovery paths of the cadence cdns-mhdp8546-core driver. When errors occur in the cdns mhdp link up or cdns mhdp reg read functions during...

6AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51850

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds memory access exists in the ceph x decrypt function within libceph. The issue occurs because a portion of buffer p is interpreted as a ceph x encrypt header and its magi...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51726

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io poll get ownership function where a signed comparison is used to determine if poll refs has reached the threshold for the slowpath. Because atomic read returns ...

9.8CVSS5.7AI score0.93235EPSS
Exploits48References281
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52053

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Bluetooth component on Mac. This occurs when the system continues to use a memory location after it has been freed, which can be triggered by a...

8.8CVSS6.1AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-52147

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDeviceDrive JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51954

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dm cache metadata component when the system fails to acquire the root lock in the dm cache metadata abort function because the block manager is read-only. In...

6AI score0.00184EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipc/shm component where the shm destroy orphaned function iterates through the shm idr using shm idsns.rwsem, which fails to serialize all fields evaluated by shm...

5.9AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•19 views

PT-2026-52116

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

9.3CVSS5.9AI score0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51684

Name of the Vulnerable Software and Affected Versions Advance Nav Menu Manager versions prior to 1.4 Description The Advance Nav Menu Manager plugin for WordPress contains an authorization bypass. The issue occurs because the plugin fails to properly verify if a user is authorized to perform...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•17 views

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51706

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the batman-adv module. When a batadv hard iface is disabled, its mesh iface pointer is set to NULL. The function batadv v ogm send meshif may still...

6AI score0.00122EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dm cache passthrough mode where the invalidate remove function contains incomplete logic for handling write hit bios following cache invalidation. The system sets ...

5.9AI score0.0018EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51839

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 and 6.1 Description An issue exists in the WireGuard driver where the decryption side can stop working completely for a specific peer under heavy networking load. This occurs when the system is under pressure and the...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the listxattr function can return a size larger than the caller's buffer. This occurs when an OCFS2 inode contains both inline and...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References397
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52033

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description A CPU exhaustion Denial of Service DoS occurs due to superlinear approximately On² behavior in the parse link text function. When processing Markdown containing numerous consecutive characters, the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52072

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Insufficient validation of the client-supplied Content-Type on the Admin API file upload endpoint allows uploaded files to be served with an attacker-chosen content type when using S3 or GCS...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51846

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. This occurs during device recovery when multiple memor...

8.8CVSS5.9AI score0.00131EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...

6AI score0.00175EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51984

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the Linux kernel regarding the analysis of failure paths for ld abs and ld ind instructions within subprograms. These instructions are permitted in subprograms that ar...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51884

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inode reference leak exists in the fsnotify subsystem. The function fsnotify recalc mask fails to handle the return value of fsnotify recalc mask, which may return an inode pointer th...

6AI score0.00175EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51992

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mt7915 WiFi driver. When an mt7915 PCI chip is detached, the mt7915 coredump unregister function releases mt7915 crash data. However, a race conditio...

6AI score0.00168EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51796

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51994

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the mt76 wireless driver during remain-on-channel operations. The functions mt76 remain on channel and mt76 roc complete call mt76 set channel while already holding...

5.9AI score0.00166EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•19 views

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the Bluetooth subsystem within the hci conn request evt function when the protocol is set to HCI PROTO DEFER. In this state, the function calls hci connect...

9.8CVSS5.7AI score0.0049EPSS
Exploits0References397
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51856

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer leak occurs in the ceph module within the ceph setxattr function. During a retry operation, the old blob variable can store the value of ci-i xattrs.prealloc blob, but the ceph...

9.8CVSS6.1AI score0.93235EPSS
Exploits31References378
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51848

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the decode choose args function fails to properly handle errors during rbtree insertion. When processing a CEPH MSG OSD MAP message...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References379
Total number of security vulnerabilities186843