Lucene search
K
PtsecurityRecent

184382 matches found

Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56421

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'path...

2.7CVSS6AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56541

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS6AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56414

Name of the Vulnerable Software and Affected Versions Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47 Description An unauthenticated arbitrary file upload issue exists within the Advanced Reviews feature. The save attachments function fails to properly validate file extensions...

9.8CVSS6.3AI score0.00605EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56403

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

4.8CVSS5.9AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56611

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56445

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: , allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token...

8.7CVSS6AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56444

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56405

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56404

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56407

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'special requests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56406

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56624

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56616

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56475

Name of the Vulnerable Software and Affected Versions U-Boot versions prior to 2026.04-rc3 Description An integer underflow exists in the tcp rx state machine function within net/tcp.c. A network-adjacent attacker can trigger this by sending a malformed TCP SYN+ACK packet with a manipulated data...

8.7CVSS6AI score0.00432EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56383

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap-based buffer overflow exists in the BitmapScaleBitmaps function. The issue is caused by an integer overflow where a 32-bit size calculation wraps, resulting in an undersized heap allocation...

8.8CVSS6.7AI score0.0038EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56391

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap buffer overflow occurs when parsing PCF files due to missing size checking in the property buffer within the ComputeScaledProperties function. Authenticated X clients can exploit this issue ...

8.8CVSS6.5AI score0.00643EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56390

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap bufferflow occurs in the pcfReadFont function due to missing glyph bounds checking. This allows an authenticated X client to execute arbitrary code within the X server. Recommendations Updat...

8.5CVSS6.3AI score0.00529EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 4 days ago13 views

PT-2026-56604

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56614

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56618

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7 server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS6.2AI score0.00285EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56598

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56584

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6AI score0.00119EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56501

Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain applied ordinary suffix matching to domains such as 192.168.0.1, ::1, or 1, allowing...

4.7CVSS6AI score0.00115EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56476

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs readlink reply net/nfs-common.c when CONFIG CMD NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs path buff buffer by returning multiple relative symlink targets that are appended...

8.8CVSS6.3AI score0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56446

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56634

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.115 Description Insufficient validation of untrusted input in WebAppInstalls allows a local attacker to bypass the same origin policy via a crafted HTML page. The same origin policy is a...

6AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56637

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in the Input component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

6.3AI score0.00242EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56638

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A race condition in the GetUserMedia function allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered via a...

6AI score0.00147EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56392

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS5.9AI score0.003EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56630

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in Views, which can lead to heap corruption. A remote attacker can exploit this by convincing a user to perform specific UI gestures while visiting a...

6AI score0.00178EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56632

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.115 Description A use after free issue exists in the Autofill component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. ...

6.1AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56635

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in the Actor component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

6.3AI score0.00242EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56621

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's...

6AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56455

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the...

6AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in Views allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...

6AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56593

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56646

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56652

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in InterestGroups, which allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Use after free is a...

6.3AI score0.00247EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56627

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

6AI score0.00125EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56629

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists within the Extensions component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption. An...

5.9AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56596

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56626

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.00242EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56628

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An uninitialized use in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update Google Chrom...

6AI score0.00215EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56440

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventory sync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing data-id-strin...

7.1CVSS6AI score0.00325EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56610

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper access control allows an unauthorized attacker to bypass a security feature over a network. Recommendations At the moment, there is no information about a newer...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56623

An issue in Generic OEM UZ801 v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk...

6.3AI score0.00515EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56574

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2025.0.8 MOVEit Transfer versions 2025.1.0 through 2025.1.3 Description Progress MOVEit Transfer contains a path equivalence issue within its File Upload modules. This flaw has been targeted by numerous...

9.8CVSS6AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56622

In OpENer 2.3.0 commit 76b95cf, a resource exhaustion Denial of Service vulnerability exists in its network processing loop...

5.9AI score0.00488EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56636

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Payments component allows a remote attacker to potentially exploit heap corruption. This occurs when a user is convinced to perform specific UI gestures...

6.2AI score0.00178EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56355

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS6AI score0.00118EPSS
Exploits0References2
Total number of security vulnerabilities184382