Lucene search
+L
PtsecurityRecent

187424 matches found

Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•29 views

PT-2026-50411

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•30 views

PT-2026-50415

An integer overflow in the mtar next function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtar next computes the offset to the next record as round uph.size, 512 + sizeofmtar...

8.7CVSS5.5AI score0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•11 views

PT-2026-53067

Name of the Vulnerable Software and Affected Versions libtiff-devel-32bit versions prior to 4.7.2-1.1 Description A denial of service occurs when processing a large SamplesPerPixel tag. Recommendations Update to version 4.7.2-1.1...

6AI score
Exploits0References31
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-53069

Integer Overflow or Wraparound in libblkid/src/partitions/dos.c...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50242

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50512

Name of the Vulnerable Software and Affected Versions undici versions prior to 6.26.0 undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The HTTP/1.1 client is subject to response queue poisoning when keep-alive sockets are reused. An attacker-controlled upstream server ca...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References135
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50214

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in the Browser component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References42
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50206

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows an attacker to bypass the Same Origin Policy SOP—a security mechanism that restricts how a document or script loaded from one origi...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50359

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00661EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50246

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS5.6AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-53078

Local Privilege Escalation via TOCTOU in mount8 hook owner.c chmod/chown...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50423

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50320

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

5.5AI score0.0014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50399

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50322

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50188

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An inappropriate implementation in WebView allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page....

9.6CVSS5.9AI score0.00601EPSS
Exploits0References39
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50201

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in DigitalCredentials. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote attack...

9.6CVSS6.3AI score0.00601EPSS
Exploits0References42
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50547

Today I received a public security credit for a vulnerability I responsibly disclosed: CVE-2026-54683 – Improper authorization in NL Portal The vulnerability allowed any authenticated portal user to download documents belonging to other users when they had access to a valid document identifier. A...

6.5CVSS5.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50546

Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...

6.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50483

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The application renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel:...

8.7CVSS5.8AI score0.002EPSS
Exploits1References13
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•25 views

PT-2026-50268

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50195

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Extensions allows an attacker who convinces a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Use...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References40
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50297

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS5.2AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•34 views

PT-2026-50185

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50216

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow exists in WebRTC in Google Chrome on Windows. A remote attacker can execute arbitrary code by inducing the victim to open a crafted HTML page. A heap buffer...

9.6CVSS6.6AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50538

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50460

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller affected versions not specified Description Insufficient input validation in the configuration template engine of the web-based management interface allows an authenticated remote attacker to execute arbitrar...

6.3CVSS6.4AI score0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-53068

Local Privilege Escalation via TOCTOU in mount8 - Target Path Redirection...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50591

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists in the self-hosted artificial intelligence platform where collection-level Access Control List ACL checks can be bypassed when Milvus multitenancy mode is enabled. The ACL permits...

6.5CVSS5.9AI score0.00281EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•25 views

PT-2026-50233

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50192

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Passwords component allows a remote attacker to execute arbitrary code when a user accesses a specially crafted HTML page. Use after free is a...

9.6CVSS6.2AI score0.00601EPSS
Exploits0References38
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50491

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description An incomplete fix for a previous memory leak issue allows unauthenticated attackers to leak heap memory addresses. The system fails to properly sanitize error messages in several response paths,...

5.3CVSS6.7AI score0.00796EPSS
Exploits1References15
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50487

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50470

Name of the Vulnerable Software and Affected Versions undici version 8.1.0 Description The undici WebSocket client enforces maxPayloadSize on a per-frame basis but fails to enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream numerous small...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•25 views

PT-2026-50404

Name of the Vulnerable Software and Affected Versions ShiftUp versions 1.3 and earlier Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input is passed to the unserialize function without proper validation, potentiall...

8.1CVSS5.7AI score0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50565

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which maps to Cloud Foundry's read basic data...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50218

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.155 Description A race condition in the Updater allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50367

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

8.3CVSS5.2AI score0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50480

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists where the process picture url function in backend/open webui/utils/oauth.py performs URL validation only on the initial URL. Subsequently, it uses aiohttp.ClientSession.get without...

8.5CVSS5.8AI score0.00203EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50464

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command allows a low privileged attacker with adjacent network access to perform SQL injection, which could...

8CVSS5.8AI score0.00229EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50482

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authenticated user can attach arbitrary file id values to their own chat messages because the system fails to verify if the user owns or has read access to those files. By sharing the chat and...

8.3CVSS6AI score0.00241EPSS
Exploits1References14
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50472

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.23.1rc0 Description Integer truncation of tensor dimensions in GGUF dequantize kernels within csrc/quantization/gguf/gguf kernel.cu leads to partial tensor processing. The output tensor is allocated at full size...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•29 views

PT-2026-50229

Name of the Vulnerable Software and Affected Versions Android versions prior to June 2026 Description A logic error in the setAllowedCarriers function within PhoneInterfaceManager.java allows for the disabling of carrier restrictions. This flaw can lead to local escalation of privilege without...

10CVSS5.4AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50527

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 Description A pre-authentication denial of service issue exists in the SSH MSG EXT INFO handler within src/packet.c. A malicious SSH server can trigger a CPU exhaustion loop on the client by sending a crafted...

9.2CVSS5.9AI score0.00732EPSS
Exploits11References42
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50224

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.00084EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•17 views

PT-2026-49645

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS5.4AI score0.00771EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•29 views

PT-2026-49988

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
Total number of security vulnerabilities187424