Lucene search
K
PtsecurityRecent

184424 matches found

Positive Technologies
Positive Technologies
•added 4 days ago•6 views

PT-2026-56566

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS5.9AI score0.00428EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56458

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS5.9AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 4 days ago•7 views

PT-2026-56556

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 4 days ago•6 views

PT-2026-56576

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 4 days ago•8 views

PT-2026-56603

Name of the Vulnerable Software and Affected Versions libp2p versions prior to 16.0.0 Description In the @libp2p/gossipsub module, the defaultDecodeRpcLimits configuration sets maxIhaveMessageIDs and maxIwantMessageIDs to Infinity. This allows oversized IHAVE and IWANT control message arrays in...

7.5CVSS6.1AI score0.00446EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 4 days ago•9 views

PT-2026-56574

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2025.0.8 MOVEit Transfer versions 2025.1.0 through 2025.1.3 Description Progress MOVEit Transfer contains a path equivalence issue within its File Upload modules. This flaw has been targeted by numerous...

9.8CVSS6AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56514

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS6AI score0.00507EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 4 days ago•6 views

PT-2026-56494

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.18 Description The tar.replace function accepts a checksum-valid tar header containing a negative base-256 encoded entry size. This causes the archive scanner to enter a loop where it repeatedly parses the same...

8.7CVSS6.1AI score0.00358EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56493

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 4 days ago•7 views

PT-2026-56419

Name of the Vulnerable Software and Affected Versions Omnissa Workspace ONE® Tunnel for Windows affected versions not specified Description A local privilege escalation issue exists that allows a malicious actor with local access to a device to elevate their privileges. Recommendations At the...

7.8CVSS5.9AI score0.0017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 4 days ago•18 views

PT-2026-56575

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component allow an unauthenticated attacker with network access to cause a denial of service DoS condition or...

10CVSS6.5AI score0.00557EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56456

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2026.0.0 through 2026.0.0 MOVEit Transfer versions 2025.1.0 through 2025.1.3 MOVEit Transfer versions 2025.0.0 through 2025.0.7 Description Stored cross-site scripting XSS occurs in the Ad Hoc module due to improper...

8CVSS5.8AI score0.00232EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56470

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS6AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56507

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS6AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 4 days ago•7 views

PT-2026-56553

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS5.9AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 4 days ago•8 views

PT-2026-56497

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

5.3CVSS6AI score0.0037EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56482

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS5.9AI score0.00272EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 4 days ago•7 views

PT-2026-56498

Name of the Vulnerable Software and Affected Versions Immutable.js versions prior to 4.3.9 Immutable.js versions prior to 5.1.8 Description Certain functions mishandle an index or size within the range 2 30 to 2 31 in the setListBounds function located in src/List.js. This can lead to an empty Li...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 4 days ago•9 views

PT-2026-56464

An OS command injection vulnerability exists in the start lltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine name configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 4 days ago•6 views

PT-2026-56477

IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...

8.1CVSS5.9AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 4 days ago•9 views

PT-2026-56557

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 4 days ago•7 views

PT-2026-56491

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11 SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

5.3CVSS6AI score0.00358EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56492

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

5.3CVSS5.9AI score0.00358EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56434

FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman channel close and dvcman call on receive due to improper synchronization of channel callback access. A malicious RDP server can trigger a race condition by sending DYNVC DATA and DYNVC CLOSE messages concurrently, causing...

8.3CVSS6.6AI score0.00281EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56499

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6AI score0.0037EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56592

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 4 days ago•6 views

PT-2026-56591

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 4 days ago•9 views

PT-2026-56635

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in the Actor component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

6.3AI score0.00242EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 4 days ago•10 views

PT-2026-56558

A Network UPS Tools RCE CVE-2026-54161 lets a malicious upsd trigger upsmon command injection as root. No patch exists yet, so mitigate now. NetworkUPSTools NUT upsmon CommandInjection RCE CVE202654161 CyberSecurity https://t.co/Ynckqw3wZp...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56858

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 4 days ago•9 views

PT-2026-56855

These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References11
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56857

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56851

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 4 days ago•9 views

PT-2026-56860

These are all security issues fixed in the fluidsynth-2.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 4 days ago•5 views

PT-2026-56859

These are all security issues fixed in the libIex-3 4-33-3.4.13-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 5 days ago•7 views

PT-2026-56141

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generate init scripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 5 days ago•7 views

PT-2026-56133

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component ServerResources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browser...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 5 days ago•7 views

PT-2026-56170

Name of the Vulnerable Software and Affected Versions 389 Directory Server 389-ds-base versions 1.3.2 through 11.12.4 Update1 389 Directory Server 389-ds-base versions 12.0 through 12.12 389 Directory Server 389-ds-base versions 2025.1 through 2026.2 Description A heap buffer overflow exists in t...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 5 days ago•8 views

PT-2026-56274

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description An out-of-bounds read of one byte occurs in the preparse function when deleting an initial SQL comment. This happens during the normalization of SQL and the removal of comments. On memory-hardened builds...

9.1CVSS6AI score0.00407EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 5 days ago•9 views

PT-2026-56273

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description A heap overflow occurs when preparsing SQL statements that contain an extreme number of placeholders. This happens because insufficient memory was allocated to handle approximately 1.2 million...

9.8CVSS6.2AI score0.00396EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 5 days ago•7 views

PT-2026-56208

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References4
Positive Technologies
Positive Technologies
•added 5 days ago•7 views

PT-2026-56207

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References4
Positive Technologies
Positive Technologies
•added 5 days ago•5 views

PT-2026-56282

A NULL pointer dereference in smooth parse stream index in src/media tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service...

6AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 5 days ago•8 views

PT-2026-56185

The Dhara flash translation layer disk driver drivers/disk/ftl dhara.c implemented the dhara nand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dhara error t err pointer e.g. err = DHARA E ECC in dhara nand read, and similar in dhara...

4.7CVSS6AI score0.00098EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 5 days ago•6 views

PT-2026-56277

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

6.2AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 5 days ago•9 views

PT-2026-56200

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 5 days ago•7 views

PT-2026-56194

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 5 days ago•8 views

PT-2026-56205

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description A weak password recovery mechanism for forgotten passwords allows a remote, unauthorized attacker to assume ownership of a user account by manipulating the recovery process...

9.8CVSS6.1AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 5 days ago•8 views

PT-2026-56228

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 5 days ago•8 views

PT-2026-56230

An improper access check allows unauthorized users to access com privacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
Total number of security vulnerabilities184424