Lucene search
K
PtsecurityRecent

184382 matches found

Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56338

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description High-privilege processes directly execute executable files that can be controlled by the user. This allows low-privilege users to elevate their privileges to NT...

8.2CVSS6.2AI score0.00115EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56606

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.12 and 8.6.82, deeply nested $or, $and, and $nor query condition operators in the REST API or LiveQuery query handling could trigger exponential-time processing in the...

8.7CVSS5.9AI score0.00335EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56855

These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 4 days ago14 views

PT-2026-56328

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

6.2AI score0.00389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56485

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS6AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56602

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS6AI score0.00376EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56619

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

2.5CVSS5.9AI score0.00102EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56857

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56851

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56858

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56859

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56286

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6AI score0.00218EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56287

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS6AI score0.00218EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56291

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sshd component allows remote attackers to cause a denial of service through resource consumption. This occurs due to the mishandling of the MaxAuthTries variable during GSSAPIAuthentication, which...

7.5CVSS6.1AI score0.00407EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56289

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS5.9AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56292

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56293

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description A use-after-free issue exists in the ssh client. This occurs when a server changes its host key during a key re-exchange, which is a process where the client and server negotiate new session keys to...

7.7CVSS6AI score0.00263EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56290

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description In sshd, the configuration setting DisableForwarding=yes failed to take precedence over PermitTunnel=yes, allowing tunnel forwarding even when it should have been disabled. Recommendations Update to...

7.5CVSS6.1AI score0.00133EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56288

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS6AI score0.0016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56558

A Network UPS Tools RCE CVE-2026-54161 lets a malicious upsd trigger upsmon command injection as root. No patch exists yet, so mitigate now. NetworkUPSTools NUT upsmon CommandInjection RCE CVE202654161 CyberSecurity https://t.co/Ynckqw3wZp...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56682

Unauthenticated Cross-Origin Plugin Upload Leads to RCE Joro ≤ v1.1.0 Severity: Critical CVSS v3.1: 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected versions: Joro ≤ v1.1.0, proxy mode default, Linux/macOS Reporter: cstover Date: 2026-05-27 --- Summary Joro's default proxy mode in versions = 1.1....

9.6CVSS6.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56564

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS6AI score0.00465EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56563

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56559

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS6AI score0.00342EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56555

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56540

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score0.00408EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56473

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56620

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request...

6AI score0.00367EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56612

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

6.5CVSS6AI score0.00364EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56398

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvm membership change' AJAX action not validating user permission to modify other...

8.1CVSS5.9AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56402

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS6AI score0.00273EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56410

Name of the Vulnerable Software and Affected Versions Mediküm Web versions prior to 08072026 Description Mediküm Web contains an SQL injection flaw resulting from improper neutralization of special elements used in SQL commands. This occurs due to inadequate input validation or parameterization,...

9.8CVSS6.5AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56400

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.4.1 Description Improper input validation in the Stripe Connect payment processor allows unauthenticated attackers to pay an arbitrary amount. This occurs...

7.5CVSS6.2AI score0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56408

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious scripts are...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56452

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56453

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56420

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.1CVSS6.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56358

Name of the Vulnerable Software and Affected Versions Foxit Reader affected versions not specified Description An XML External Entity XXE issue exists where the application processes files that are not strictly in a structurally valid PDF format. By opening a malicious document disguised as a PDF...

6.5CVSS6.1AI score0.00205EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56422

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.5CVSS6.1AI score0.00338EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56424

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56409

Name of the Vulnerable Software and Affected Versions My Calendar – Accessible Event Manager versions prior to 3.7.9 Description An issue exists where unauthenticated attackers can perform time-based blind SQL Injection. This occurs due to insufficient escaping of user-supplied input and a lack o...

7.5CVSS6.1AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56860

These are all security issues fixed in the fluidsynth-2.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56554

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An issue in the dataplane of the software allows an unauthenticated attacker to bypass firewall security policy enforcement via IPv6 packet processing. This enables network traffic that should...

6.3CVSS5.9AI score0.00475EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56528

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56518

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6AI score0.00307EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56519

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block parser.py and the ref links environment dictionary handling, allowing denial of service...

7.5CVSS6AI score0.00366EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56472

BBOT's github workflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODE REPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56503

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6AI score0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56471

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56509

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe url does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS6AI score0.00199EPSS
Exploits1References3
Total number of security vulnerabilities184382