Lucene search
K
PtsecurityRecent

186922 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51509

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...

6.8CVSS5.9AI score0.00103EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51544

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the t set push component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no information...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51572

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions prior to 2.37.2 Description The proxy-server fails to strip internal update headers from client requests before forwarding them to object-servers. An authenticated user with write access can inject the headers...

5.4CVSS6AI score0.00146EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51565

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description An issue in the IPv6 Router Advertisement route information handling allows an unauthenticated attacker on the same link to cause a denial of service. By repeatedly sending crafted Router...

7.1CVSS5.7AI score0.00187EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51640

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.4 Description A flaw in the trust mechanism allows arbitrary command execution when a directory contains task-include directories such as mise-tasks/, .mise/tasks/, etc. but lacks a configuration file. In this...

8.6CVSS6.1AI score0.00184EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51481

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51541

An issue in the sqlo tb col preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51646

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.1 Description In S3-backed deployments, the system fails to perform authorization checks before generating temporary URLs for signature image retrieval. Authenticated users who possess a signature filename can...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51564

Name of the Vulnerable Software and Affected Versions Bootimus versions 0.1.0 through 0.1.70 dhcpcd versions 1.0 through 10.3.2 Description Bootimus contains a broken access control issue where the JWTMiddleware function in internal/auth/auth.go fails to inspect the is admin flag. This allows...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51524

Name of the Vulnerable Software and Affected Versions pwnlift versions prior to d7a9544 Description In a privileged deployment, the upload handler in 'Components/Pages/Home.razor' contains a symlink following issue. This occurs when the application follows symbolic links files that point to anoth...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51508

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A server-side request forgery SSRF issue exists in the Execute Flow node. This occurs due to missing secureFetch verification in httpSecurity.ts, allowing attackers to bypass security validation by...

7.1CVSS5.8AI score0.00183EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-55664

Summary A multi‑stage chain in motionEye leads to remote code execution. The chain combines: 1. Arbitrary file read LFI via the picture download endpoint for local motion cameras using absolute paths. 2. Pass‑the‑hash admin auth due to accepting request signatures computed with password hashes. 3...

9.8CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51607

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Description Poweradmin is a web-based DNS administration tool for PowerDNS server. The software uses the attacker-controlled HTTP HOST request header as the authoritative...

9.6CVSS6AI score0.00312EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51478

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Insufficient sanitization and escaping of filenames submitted to the frontend file-rename endpoint allows a Stored Cross-Site Scripting XSS issue. This occurs when the filename is...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-54573

Уязвимость функции ipv6 get data primitive файла libnetutil/netutil.cc утилиты для сканирования сети Nmap связана с целочисленной потерей значимости. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании...

6.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51540

Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the sqlo natural join cond component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51549

Name of the Vulnerable Software and Affected Versions Tenable Identity Exposure affected versions not specified Description Multiple unauthenticated API endpoints under '/w/api/' expose sensitive application configuration data to remote attackers. The leaked information includes cleartext LDAP...

8.7CVSS7.2AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51617

Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...

6.2CVSS5.9AI score0.00017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51522

🚨 CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.6AI score0.00664EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51560

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

5.7AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51547

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.65.0 Description Improper trust boundary enforcement in the Model Context Protocol MCP server configurations within Amazon Q Developer allows for arbitrary code execution. If a local user opens a...

8.5CVSS6.4AI score0.00118EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51636

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description A cross-tenant data injection issue exists in the Accessories API when Full Multiple Companies Support is enabled. A low-privileged authenticated user can create accessory records belonging to a...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51604

Name of the Vulnerable Software and Affected Versions Fortra File Integrity Monitoring FIM versions prior to 9.4.0.1 Description A stored cross-site scripting XSS issue exists in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or...

5.5CVSS5.6AI score0.00145EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51578

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.185.0 Description The daemon's git clone implementation disables TLS certificate verification. When a clone request includes Git credentials, the daemon transmits the HTTP Basic Authorization header to the remote...

5.9CVSS5.9AI score0.00117EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51554

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.7 Description Insufficient validation of user input during the process of saving delivery limitations allows a low-privileged user to inject malicious PHP code into the compiledlimitations database field v...

8.8CVSS6.8AI score0.00499EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-51459

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An information disclosure issue exists in the Mirror Settings functionality, which allows authenticated users to import local repositories from the server filesystem. This occurs due to a lack o...

8.1CVSS5.8AI score0.00569EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51476

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...

6AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-55519

Mumble is prone to an out-of-bounds array access, which may result in denial of service client crash...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51523

Name of the Vulnerable Software and Affected Versions NetComm NF20MESH versions prior to R6B032 Description An authentication bypass exists in the web management interface due to a hardcoded AES-256 key used to encrypt session cookies. An unauthenticated attacker can use this shared key to forge ...

9.2CVSS5.8AI score0.00431EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51477

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...

5.7AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51530

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51587

Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description In the plugins/modules/nexmo.py module, the api key and api secret variables are marked as no log=True to prevent them from being logged. However, these credentials are URL-encoded and includ...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51558

An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status...

5.4CVSS6AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51575

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description When using the configparser module to write configuration files containing multi-line text values with carriage return characters r, the resulting file could be injected with unexpected keys a...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51573

Name of the Vulnerable Software and Affected Versions GNU libidn versions prior to 1.44 Description An issue exists in the ToUnicode APIs due to mishandling in the idna to unicode internal function, which can lead to out-of-bounds reads of uninitialized memory. Recommendations Update to version...

4CVSS5.8AI score0.0011EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51588

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Red Hat Satellite affected versions not specified Description A session management issue in the MCP Server allows unauthenticated attackers to hijack active administrative sessions. This occur...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51645

Impact A vulnerability was identified in Snipe-IT v8.4.0 build 21280-g91a95dbc6 that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or company assignment. This constitutes an Insecure Direct Object...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-51594

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.13.0 through 2.13.x Description A potential Denial-of-Service exists when a service reads deeply nested JSON thousands of levels as a JsonNode using the readTree function of ObjectMapper and subsequently writes that...

7.5CVSS5.9AI score0.00616EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.20 views

PT-2026-51627

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Password-reset tokens are generated using the account-activation lifetime conf.Auth.ActivateCodeLives instead of the intended password-reset lifetime conf.Auth.ResetPasswordCodeLives. Because the token...

6.8CVSS5.9AI score0.00202EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.21 views

PT-2026-51586

Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description The plugins/modules/keyring info.py module retrieves passphrases from native operating system keyrings, such as GNOME Keyring, macOS Keychain, and Windows Credential Manager. The issue occurs...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score0.00483EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51593

Name of the Vulnerable Software and Affected Versions Spring Statemachine versions 4.0.0 through 4.0.1 Spring Statemachine versions 3.2.0 through 3.2.4 Description Kryo-based persistence backends, including JPA, MongoDB, Redis, and ZooKeeper, deserialize persisted state-machine contexts without...

8.8CVSS6.4AI score0.00423EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51608

Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51613

Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.11.8 OctoPrint versions 2.0.0rc1 through 2.0.0rc2 Description An issue allows the injection of arbitrary HTML and JavaScript into Suppressed Command notification popups generated by the printer. An attacker could...

4.6CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51597

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.0.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The JDKFromStringDeserializer function constructs InetSocketAddress using new...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References33
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51647

Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description The ActionHandler.post function in the motioneye/handlers/action.py file lacks an authentication decorator. This allows an unauthenticated attacker to trigger camera actions via the /action/camera id/action...

5.3CVSS6.2AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51644

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description An absolute path traversal issue exists in multiple media file handlers within the media playback and download functionality. The affected handlers accept a user-controlled filename parameter and...

8.7CVSS6AI score0.00623EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51635

Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.11.8 OctoPrint versions 2.0.0rc1 through 2.0.0rc2 Description An issue exists where an attacker with FILE UPLOAD permissions can exfiltrate files from the host that OctoPrint has read access to by moving them into...

7CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51474

Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...

9.8CVSS6.2AI score0.00469EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51624

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Authenticated users can achieve Remote Code Execution RCE on the server during the "Rebase before merging" operation in pull requests. The issue stems from improper argument handling where the base...

9.9CVSS6.2AI score0.01029EPSS
Exploits0References14
Total number of security vulnerabilities186922