Lucene search
+L
PtsecurityRecent

187506 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50257

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network-based attacker can cause a Denial of Service DoS on the web interface of the device using a Slow Loris attack. This technique involves sending partial HTTP requests...

6.9CVSS6AI score0.00394EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-54556

Уязвимость класса DefaultLdapRealm фреймворка Apache Shiro связана с непринятием мер по нейтрализации специальных элементов в запросе LDAP. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности и осуществить подмену данных...

9.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50200

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Media component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.5AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.9 views

PT-2026-53075

This update for helm rebuilds it against the current go security release...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.27 views

PT-2026-50323

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS5.3AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50410

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...

9.1CVSS5.3AI score0.00494EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.45 views

PT-2026-52216

Name of the Vulnerable Software and Affected Versions Gitea Docker image versions prior to 1.26.3 Description A critical authentication bypass exists in the official Gitea Docker image due to an insecure default configuration in the app.ini file. The variable REVERSE PROXY TRUSTED PROXIES is set ...

10CVSS7.2AI score0.00783EPSS
Exploits5References98
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50368

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...

4.3CVSS5.2AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.8 views

PT-2026-54551

Уязвимость модуля ngx http charset module веб-серверов NGINX Plus и NGINX Open Source связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации или вызвать отказ в...

4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.7 views

PT-2026-53080

Root has patched GHSA-wjpw-4j6x-6rwh in the io.root.org.eclipse.jetty:jetty-http package for Root:Maven. Multiple fixed versions available...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.45 views

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.6AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50337

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50241

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.4AI score0.00115EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50586

Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...

8.7CVSS6AI score0.00336EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50550

Name of the Vulnerable Software and Affected Versions CakePHP versions prior to 4.5.11 CakePHP versions 4.6.0 through 4.6.3 CakePHP versions 5.0.0 through 5.1.6 CakePHP versions 5.2.0 through 5.2.12 CakePHP versions 5.3.0 through 5.3.5 Description The getElementFileName function in the View class...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.34 views

PT-2026-50232

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A logic error in the code of SettingsLib results in a missing permission check. This flaw allows for local escalation of privilege without requiring additional execution privileges or...

10CVSS5.5AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50428

Name of the Vulnerable Software and Affected Versions Plane CE version 1.3.1 Description A low-privileged project member can submit arbitrary HTML and JavaScript via the description html field. This occurs when creating an intake work item through the 'API v1 intake' endpoint. Recommendations At...

6.9CVSS5.9AI score0.00165EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50593

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An authorization bypass exists in the ydoc:document:join Socket.IO handler. The handler only performs ownership checks when the document id variable starts with the prefix note: colon. However, t...

5.3CVSS5.9AI score0.00268EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50447

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 is args safe block...

9.6CVSS6.7AI score0.00704EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.30 views

PT-2026-50411

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50432

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Dell PowerFlex Manager versions prior to 4.5.5.2 Description An improper authentication issue allows an unauthenticated attacker with adjacent network access to bypass authentication without...

8.1CVSS5.8AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in the Media component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

9.6CVSS6.2AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50345

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS5.3AI score0.00466EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.28 views

PT-2026-50456

Name of the Vulnerable Software and Affected Versions undici versions 6.17.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The WebSocket client fails to limit the number of fragments in a message, only enforcing the maxPayloadSize on the...

7.5CVSS5.3AI score0.00789EPSS
Exploits0References145
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50499

Name of the Vulnerable Software and Affected Versions undici versions 5.15.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description When parsing a Set-Cookie header, the software accepts any SameSite attribute value containing Strict, Lax, or None as a...

3.7CVSS5.3AI score0.00248EPSS
Exploits0References133
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50512

Name of the Vulnerable Software and Affected Versions undici versions prior to 6.26.0 undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The HTTP/1.1 client is subject to response queue poisoning when keep-alive sockets are reused. An attacker-controlled upstream server ca...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References135
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50513

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 8.1.0 Description When using Socks5ProxyAgent, the software reuses a single connection pool across different origins without verifying if the pool's origin matches the requested origin. This leads to cross-origin...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References73
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50517

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The ProxyAgent in undici silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. This causes the target HTTPS...

7.4CVSS5.8AI score0.00476EPSS
Exploits0References71
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50515

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The cache interceptor incorrectly classifies certain responses as cacheable when the upstream Cache-Control header contains whitespace-padded qualified private or...

5.9CVSS7AI score0.00374EPSS
Exploits0References112
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49645

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS5.4AI score0.00771EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.29 views

PT-2026-49988

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-53032

Impact The Public API endpoint for retrying executions authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a shared workflow could use the Public API to retry executions of that workflow, bypassing the intended permission boundary...

6.4CVSS5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49853

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools version 8.61 PeopleSoft Enterprise PT PeopleTools version 8.62 Description An issue exists in the Performance Monitor component of Oracle PeopleSoft. This flaw allows an unauthenticated attacker with networ...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-50128

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

9.3CVSS7.3AI score0.00304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.6 views

PT-2026-56442

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authorization bypass exists in the Evaluations feature within the 'POST /workflows/workflowId/test-runs/new' endpoint. The system incorrect...

7.4CVSS6.2AI score0.00161EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50180

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49817

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50035

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS5.4AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.36 views

PT-2026-50144

Name of the Vulnerable Software and Affected Versions vLLM versions 0.3.0 through 0.21.0 Description An authentication bypass exists in the OpenAI API AuthenticationMiddleware due to improper trust in the reconstructed URL path from the ASGI scope. The url path is derived from a URL object...

9.1CVSS5.4AI score0.01014EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.23 views

PT-2026-49888

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-49952

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description A flaw in the Security Framework component of Oracle WebCenter Portal allows a low privileged attacker with network access via HTTPS to compromis...

9.9CVSS5.8AI score0.00411EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49903

Name of the Vulnerable Software and Affected Versions Oracle Application Development Framework ADF version 12.2.1.4.0 Oracle Application Development Framework ADF version 14.1.2.0.0 Description An issue exists in the ADF Shared Components of the Oracle Fusion Middleware. A high privileged attacke...

7.2CVSS5.9AI score0.00453EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49703

Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution...

6.7CVSS5.7AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49788

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing bounds check in the decodeByePacket function of RtcpByePacket can lead to remote information disclosure. Exploitation requires user interaction and doe...

3.5CVSS6AI score0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49829

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description The pickle .ckpt parser in src/model.cpp contains a heap buffer overflow in the BINUNICODE opcode handler. This occurs due to sign confusion on the opcode length field, wher...

7.8CVSS6AI score0.0018EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49998

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Accounts Payable version 9.2 Description A flaw in the Accounts Payable component allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to...

8.1CVSS5.9AI score0.00337EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50146

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...

8.1CVSS6.2AI score0.00283EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49924

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

7.5CVSS5.2AI score0.00414EPSS
Exploits0References2
Total number of security vulnerabilities187506