Lucene search
K
PtsecurityRecent

186903 matches found

Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51706

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the batman-adv module. When a batadv hard iface is disabled, its mesh iface pointer is set to NULL. The function batadv v ogm send meshif may still...

6AI score0.00122EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dm cache passthrough mode where the invalidate remove function contains incomplete logic for handling write hit bios following cache invalidation. The system sets ...

5.9AI score0.0018EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52072

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Insufficient validation of the client-supplied Content-Type on the Admin API file upload endpoint allows uploaded files to be served with an attacker-chosen content type when using S3 or GCS...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51846

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. This occurs during device recovery when multiple memor...

8.8CVSS5.9AI score0.00131EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...

6AI score0.00175EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51984

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the Linux kernel regarding the analysis of failure paths for ld abs and ld ind instructions within subprograms. These instructions are permitted in subprograms that ar...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51884

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inode reference leak exists in the fsnotify subsystem. The function fsnotify recalc mask fails to handle the return value of fsnotify recalc mask, which may return an inode pointer th...

6AI score0.00175EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51796

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•19 views

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the btrfs file system when the flushoncommit mount option is used. The issue arises during a reflink operation that copies an inline extent to an offset beyond th...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References377
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52132

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid inst swap delete task function located in /filter core/filter pid.c. This flaw allows an attacker to trigger a Denial of Service DoS b...

7.5CVSS5.7AI score0.0051EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52097

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Description The ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. While the LinkSpan component utilizes sanitizeUrl t...

4.4CVSS6AI score0.00118EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52133

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A buffer overflow occurs in the gf media import function located in /media tools/av parsers.c. This issue allows remote attackers to cause a Denial of Service DoS by providing a special...

7.5CVSS6.1AI score0.00579EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52042

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description Insufficient validation of untrusted input in the Navigation component allows a remote attacker who has already compromised the renderer process to bypass site isolation. This is...

4.2CVSS5.7AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•16 views

PT-2026-51905

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the advance sched function within the taprio component. When should change schedules returns true, the switch schedules function is called to promote the...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-52163

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A Server-Side Request Forgery SSRF issue exists in the URL component located at src/lfx/src/lfx/components/data source/url.py. This is caused by a Time-of-Check/Time-of-Use TOCTOU race...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51778

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited to orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image url, role, and is tmp...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51962

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the AFBC framebuffer size validation process. The system calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offs...

7.1CVSS6AI score0.00117EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51814

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A missing permission check allows users with Overall/Read permission to force the system to connect to an arbitrary URL using a specified username and password. Recommendations Update...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52108

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description A flaw exists where a CSS snippet body containing can break out of its surrounding tag during interpolation by the renderSnippet function via insertAdjacentHTML. This allows the execution of arbitrary...

9.9CVSS6.4AI score0.00307EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-55714

Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-52081

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 2.9.0 Description An insecure direct object reference IDOR exists in the AI agent monitor's AgentTurnResolver and the agent-turn-grader.service.ts file. The agentTurnsagentId query and the evaluateAgentTurnturnId...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•16 views

PT-2026-51958

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc7 Description In passthrough mode, a null pointer dereference occurs when dm-cache attempts to invalidate a cache entry while a concurrent write to the same cached block causes the bio prison cell lock to fail. In...

5.6CVSS6AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where Bottom Half BH processing is not disabled before calling the udp tunnel xmit skb and udp tunnel6 xmit skb functions. These functions are...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51752

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A flaw exists where the software fails to clear proxy authentication credentials when instructed to do so. This results in old credentials remaining available and potentially being used for...

9.8CVSS5.8AI score0.0108EPSS
Exploits9References47
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51753

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A use-after-free issue occurs when the curl easy pause function is called within the event-based CURLMOPT SOCKETFUNCTION callback. This leads to a situation where libcurl attempts to store a...

9.8CVSS5.7AI score0.0108EPSS
Exploits12References47
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52056

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Autofill component on Windows. This occurs when a remote attacker induces the browser to process a specially crafted HTML page, which can lead to...

8.8CVSS6.1AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•16 views

PT-2026-51945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A CBB Control Backbone timeout occurs in the tegra194 PCI implementation when PERST is deasserted twice. This issue arises because the functions pci epc deinit notify and dw pcie ep...

5.1CVSS6AI score0.00175EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net/rds component where the RDS/IB Reliable Datagram Sockets over InfiniBand code does not function correctly when used in network namespaces other than the initia...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the soc/tegra: cbb component where the incorrect use of ARRAY SIZE in fabric lookup tables can lead to out-of-bounds access during target timeout lookup. Out-of-bounds...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52091

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock exists in the mt7921 roc abort sync function within the mt76 wireless driver. The issue occurs when roc abort sync calls cancel work sync, which waits for roc work t...

5.6CVSS5.8AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•23 views

PT-2026-52136

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains an unauthenticated Local File Inclusion LFI, which occurs through the graph theme parameter and rrdtool IPC...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52146

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51767

Capgo before 12.128.2 fails to enforce limited to orgs and limited to apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52115

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS6AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•14 views

PT-2026-51952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the recovery paths of the cadence cdns-mhdp8546-core driver. When errors occur in the cdns mhdp link up or cdns mhdp reg read functions during...

6AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51992

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mt7915 WiFi driver. When an mt7915 PCI chip is detached, the mt7915 coredump unregister function releases mt7915 crash data. However, a race conditio...

6AI score0.00168EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASOC qcom qdsp6 topology component where the system fails to verify the widget type before accessing private data. This can occur when a virtual widget is not...

9.8CVSS6AI score0.0053EPSS
Exploits6References376
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51930

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the arm64 BPF JIT Just-In-Time compiler within the check immbits, imm macro. This macro is used to verify that a branch displacement fits into the signed...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51726

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io poll get ownership function where a signed comparison is used to determine if poll refs has reached the threshold for the slowpath. Because atomic read returns ...

9.8CVSS5.7AI score0.93235EPSS
Exploits48References281
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash can occur when a newly forked sched entity enters the fair class with se-rel deadline unexpectedly set. This happens because the sched fork function fails to clear rel deadline...

6AI score0.00168EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51947

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the clone alias function within the AMD IOMMU driver. The function incorrectly assumes that the first argument pdev is always the original device pointer. Because pci...

9.8CVSS5.7AI score0.0049EPSS
Exploits5References393
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the Bluetooth subsystem within the hci conn request evt function when the protocol is set to HCI PROTO DEFER. In this state, the function calls hci connect...

9.8CVSS5.7AI score0.0049EPSS
Exploits0References397
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51965

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth Logical Link Control and Adaptation Protocol L2CAP implementation. A remote Bluetooth Low Energy BLE device can trigger the issue by sending a specially...

9.8CVSS5.8AI score0.0049EPSS
Exploits5References401
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51848

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the decode choose args function fails to properly handle errors during rbtree insertion. When processing a CEPH MSG OSD MAP message...

8.8CVSS5.8AI score0.00574EPSS
Exploits1References423
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51866

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the af alg cryptography module of the Linux kernel. An arithmetic overflow occurs when processing associated data lengths during the transmit buffer size check. A remote...

8.8CVSS6.2AI score0.00574EPSS
Exploits12References437
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51663

Name of the Vulnerable Software and Affected Versions libslirp versions prior to v4.9.2 Description An integer underflow and out-of-bounds heap read exist in the TCP urgent data handling sosendoob within hypervisor host environments, such as QEMU. A privileged guest VM attacker with root or CAP N...

6.5CVSS5.8AI score0.00106EPSS
Exploits0References27
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51849

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the libceph component allows a remote attacker to cause a system crash and a Denial of Service DoS by sending a specially crafted CEPH MSG OSD MAP message. The issue occurs in...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References199
Total number of security vulnerabilities186903