Lucene search
K
PtsecurityRecent

186967 matches found

Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•14 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•13 views

PT-2026-51336

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description The qSnapper dbus service incorrectly caches authentication between different users. This allows a local attacker to utilize dbus functions after a privileged user has already performed authenticati...

8.4CVSS5.8AI score0.00134EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•13 views

PT-2026-51274

Name of the Vulnerable Software and Affected Versions PaperCut Print Deploy Client for Windows affected versions not specified Description An insecure process execution issue exists in the pc-printer-updater.exe component. The application operates with high-level system privileges and performs an...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•14 views

PT-2026-51285

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•15 views

PT-2026-51297

Name of the Vulnerable Software and Affected Versions GitHub Copilot version 1.372.0 Description An issue exists where the software allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter used in the fetch webpage function. This...

7.5CVSS5.8AI score0.00853EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•11 views

PT-2026-51371

Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...

8.7CVSS6.2AI score0.00409EPSS
Exploits1References13
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•12 views

PT-2026-51363

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description The public dashboard query endpoint does not limit the request body size before processing. This allows unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•16 views

PT-2026-51321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...

7.3CVSS5.7AI score0.0025EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•18 views

PT-2026-51299

Name of the Vulnerable Software and Affected Versions Tempo datasource plugin affected versions not specified Loki datasource plugin affected versions not specified Description These plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization,...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•17 views

PT-2026-51303

Name of the Vulnerable Software and Affected Versions Loki datasource plugin affected versions not specified Description The callResource handler in the Loki datasource plugin contains a path traversal flaw. This allows an authenticated user with a Viewer role to escape the resource sandbox and...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•22 views

PT-2026-51319

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•14 views

PT-2026-51324

Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.2 through 7.0.2 Interim Fix 035 IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 004...

6.5CVSS5.7AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•16 views

PT-2026-51438

Summary The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the form post response mode. This may allow an attacker to inject content into the rendered page in the...

9.3CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•17 views

PT-2026-51287

Name of the Vulnerable Software and Affected Versions SafeLine SL6 affected versions not specified SafeLine SL6+ affected versions not specified Description SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems contain an authentication bypass. This issue allows...

8.7CVSS6.1AI score0.00207EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•23 views

PT-2026-51271

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

9.4CVSS6.1AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•21 views

PT-2026-51304

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Improper authorization in the GitLab connect command handler allows any authenticated user to overwrite the global default...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•13 views

PT-2026-51460

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Budibase contains a mass assignment issue in the externalTrigger function. The webhook trigger endpoint /api/webhooks/trigger/:instance/:id is publicly accessible and passes the full HTTP request...

9.6CVSS6AI score0.00461EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•11 views

PT-2026-51361

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS6AI score0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•13 views

PT-2026-51330

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

5.3CVSS6.1AI score0.0043EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•21 views

PT-2026-51418

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.1 Description vLLM is an inference and serving engine for large language models. The Dockerfile is susceptible to a dependency confusion attack involving the flashinfer-jit-cache package. This occurs because the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•20 views

PT-2026-51340

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•10 views

PT-2026-51450

Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like " proto .someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch o...

9.1CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•10 views

PT-2026-51435

OpenAM Open Identity Platform is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under /json/realm/users. In IdentityResourceV1.queryCollection, the HTTP query parameter queryId is passed to a CrestQue...

8.7CVSS6AI score0.76385EPSS
Exploits5References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•11 views

PT-2026-51365

Name of the Vulnerable Software and Affected Versions ALSA library versions prior to 1.2.16.1 Description A double-free issue exists in the parse def function within src/conf.c. This occurs when the system parses nested compound or array configuration blocks and fails to check return values befor...

7CVSS5.8AI score0.00138EPSS
Exploits0References26
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•21 views

PT-2026-51294

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•10 views

PT-2026-55280

Root has patched GHSA-p6gq-j5cr-w38f in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•14 views

PT-2026-51412

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A rate limit bypass exists in the 'channel self' endpoint. Attackers can circumvent rate limiting by rotating the user-controlled device id parameter, enabling them to send multiple requests per...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•12 views

PT-2026-51350

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description Remote code execution and denial of service are possible when...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•9 views

PT-2026-51346

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified IBM i versions 7.3 through 7.6 Description The WebSphere Web Server Plug-in component is susceptible to...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•17 views

PT-2026-51348

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists when the Ajax Proxy is configured, which may allow an attacker to send unauthorized requests from the system. This server-sid...

9.1CVSS5.8AI score0.00221EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•30 views

PT-2026-51374

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description A denial of service issue exists in the WebSphere WebServer...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•12 views

PT-2026-51351

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description A denial of service issue exists where a remote attacker can se...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•10 views

PT-2026-51344

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server 9.0 IBM WebSphere Application Server 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description HTTP request smuggling occurs when a remote attacker sends a specially crafted...

9.1CVSS5.8AI score0.00338EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•10 views

PT-2026-51453

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.3 Description The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by recaptcha...

7.4CVSS6AI score0.0029EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•12 views

PT-2026-51306

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where SSH connections to Windows worker nodes are established without verifying the remote server host...

8.3CVSS6AI score0.00181EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•17 views

PT-2026-51288

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•15 views

PT-2026-51391

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions prior to 5.6.5 Description A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•15 views

PT-2026-51382

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions prior to 8.3.0.1 Description Heap-based buffer overflow flaws exist in the JP2 and PSD file parsers within the FSViewer.exe process. A malformed QCD quantization default marker 0xFF5C in a crafted JPEG 2000 JP2...

6.5CVSS6.5AI score0.00465EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•11 views

PT-2026-51410

Name of the Vulnerable Software and Affected Versions Capgo backend Supabase edge functions versions prior to 12.128.2 Description Inconsistent authentication enforcement exists across HTTP methods. The global authentication middleware is not applied to the 'GET /private/role bindings/:org id'...

6.9CVSS5.8AI score0.00322EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•19 views

PT-2026-51388

Name of the Vulnerable Software and Affected Versions Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description The ImageColumn and ImageEntry components render raw database values without escaping HTML. If the data passed to these components is not validated, an attacker can...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•21 views

PT-2026-51454

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An authentication bypass exists in the Budibase server route POST /api/attachments/:datasourceId/url because it lacks the authorized... middleware. An anonymous attacker who can enumerate a workspa...

9.4CVSS6AI score0.00415EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•12 views

PT-2026-51408

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.get current plan max org RPC function. Unauthenticated attackers can use the public Supabase key to call this endpoint with any organization UUID to...

6.9CVSS6AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•58 views

PT-2026-51426

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt sdp parse attribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an...

7.1CVSS6AI score0.00173EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•18 views

PT-2026-51362

Name of the Vulnerable Software and Affected Versions Canonical ADSys versions prior to v0.16.3 Description An issue exists during Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendor samba/gp/gp...

9.5CVSS5.9AI score0.00111EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•18 views

PT-2026-51390

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description MessagePack for C is a MessagePack serializer for C. The ReadDateTime function in MessagePackReader can allocate stack memory based on an...

8.2CVSS6AI score0.00255EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•6 views

PT-2026-55278

This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROC CALLIT...

6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•10 views

PT-2026-51313

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS5.9AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•17 views

PT-2026-51449

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An issue exists where webhooks follow redirects, allowing access to hostnames within localCIDRs Internet Protocol address ranges used for local networks. This leads to Server Side Request Forgery SSRF,...

8.3CVSS7.2AI score0.00402EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•12 views

PT-2026-51312

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•14 views

PT-2026-51320

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost versions prior to 10.11.17 Description Insufficient enforcement of bot-specific permission checks on the user active status endpoint allows a User Manager with user management write access, but lacking...

3.8CVSS5.8AI score0.00192EPSS
Exploits0References6
Total number of security vulnerabilities186967