Lucene search
K
PtsecurityRecent

184424 matches found

Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56628

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An uninitialized use in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update Google Chrom...

6AI score0.00215EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56646

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56637

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in the Input component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

6.3AI score0.00242EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56383

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap-based buffer overflow exists in the BitmapScaleBitmaps function. The issue is caused by an integer overflow where a 32-bit size calculation wraps, resulting in an undersized heap allocation...

8.8CVSS6.7AI score0.0038EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56391

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap buffer overflow occurs when parsing PCF files due to missing size checking in the property buffer within the ComputeScaledProperties function. Authenticated X clients can exploit this issue ...

8.8CVSS6.5AI score0.00643EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56335

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 21.2.24 xwayland versions prior to 24.1.13 Description Local attackers with an X connection can cause a Heap Use After Free, a condition where the system continues to use a memory address after it has been freed,...

9CVSS6.2AI score0.00192EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56398

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvm membership change' AJAX action not validating user permission to modify other...

8.1CVSS5.9AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56402

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS6AI score0.00273EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56410

Name of the Vulnerable Software and Affected Versions Mediküm Web versions prior to 08072026 Description Mediküm Web contains an SQL injection flaw resulting from improper neutralization of special elements used in SQL commands. This occurs due to inadequate input validation or parameterization,...

9.8CVSS6.5AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56400

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.4.1 Description Improper input validation in the Stripe Connect payment processor allows unauthenticated attackers to pay an arbitrary amount. This occurs...

7.5CVSS6.2AI score0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56408

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious scripts are...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56452

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56453

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56420

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.1CVSS6.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56358

Name of the Vulnerable Software and Affected Versions Foxit Reader affected versions not specified Description An XML External Entity XXE issue exists where the application processes files that are not strictly in a structurally valid PDF format. By opening a malicious document disguised as a PDF...

6.5CVSS6.1AI score0.00205EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56422

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.5CVSS6.1AI score0.00338EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56424

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

8.8CVSS6.1AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56409

Name of the Vulnerable Software and Affected Versions My Calendar – Accessible Event Manager versions prior to 3.7.9 Description An issue exists where unauthenticated attackers can perform time-based blind SQL Injection. This occurs due to insufficient escaping of user-supplied input and a lack o...

7.5CVSS6.1AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56554

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An issue in the dataplane of the software allows an unauthenticated attacker to bypass firewall security policy enforcement via IPv6 packet processing. This enables network traffic that should...

6.3CVSS5.9AI score0.00475EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56528

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56518

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6AI score0.00307EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56519

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block parser.py and the ref links environment dictionary handling, allowing denial of service...

7.5CVSS6AI score0.00366EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56472

BBOT's github workflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODE REPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56503

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6AI score0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56471

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56509

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe url does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS6AI score0.00199EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56511

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render admonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56510

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline parser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score0.00358EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56417

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async run command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a...

5.3CVSS5.8AI score0.01338EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56517

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score0.0034EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56480

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/ settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS6.1AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56513

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc N values without slugifying the heading text, allowing attacker-controlled id="toc N" content to collide with generated anchors and...

4.3CVSS6AI score0.00128EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56512

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk...

6.1CVSS6AI score0.00198EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56508

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS6AI score0.00366EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56441

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...

5.4CVSS6AI score0.00176EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56339

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...

7.8CVSS6AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56357

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...

6.1CVSS6AI score0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56323

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouw fetch csv data AJAX handler being registered on the wp ajax nopriv hook with no capability or nonce check, and passing the attacker-suppli...

5.3CVSS6.1AI score0.00333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56681

Summary async-tar v0.6.0 mis-applies a buffered PAX size extension to an intermediary extension header a GNU longname L, a GNU longlink K, or a PAX x/g header instead of to the next file entry. POSIX requires a PAX extended-header record set to describe the next file entry, never an intervening...

6.3CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56348

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56351

When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56531

We'll be publishing five security issues CVE-2026-55106, CVE-2026-54730, CVE-2026-57580, GHSA-rv9x-92g6-9cpf, GHSA-hmrg-vpp4-gj88 and accompanying fixes on 2026-07-15, 14:00 UTC with the Severity levels High and Moderate. For more info, see the authentik Security policy here:...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56532

We'll be publishing five security issues CVE-2026-55106, CVE-2026-54730, CVE-2026-57580, GHSA-rv9x-92g6-9cpf, GHSA-hmrg-vpp4-gj88 and accompanying fixes on 2026-07-15, 14:00 UTC with the Severity levels High and Moderate. For more info, see the authentik Security policy here:...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56332

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56330

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS6AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56336

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56340

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56345

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56322

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologins::rrand seeds the Mersenne Twister with mt sranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago13 views

PT-2026-56329

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS6AI score0.00326EPSS
Exploits0References2
Total number of security vulnerabilities184424