Lucene search
K
PtsecurityRecent

184484 matches found

Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55923

Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55922

Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55855

Name of the Vulnerable Software and Affected Versions Formbricks version 5.0.0 Description Improper access controls exist within the Survey Handler component, specifically affecting a function in the apps/web/modules/survey/link/actions.ts file. This flaw allows for remote exploitation...

6.9CVSS6.7AI score0.00366EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56032

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score0.00316EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56082

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The subdomain-based workspace app proxy allows a bypass of the same-owner Cross-Origin Resource Sharing CO...

5.8CVSS6AI score0.00222EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-55993

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when updating prepared commands using invalid port indices derived from user space input that exceed the supported read client limits. Recommendations At...

5.3CVSS6.1AI score0.00056EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55994

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when processing invalid HT40 channel layouts during dynamic channel switching operations. HT40 refers to a High Throughput mode in wireless networking tha...

8.8CVSS6.1AI score0.00072EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-55974

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.5.0 through 4.10.x Description The RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error...

3.3CVSS6.1AI score0.00099EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55989

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto affected versions not specified Description Memory corruption occurs when handling flash commands. This issue is caused by the use of outdated LED count values following modifications made in userspace. Recommendations...

5.3CVSS6.1AI score0.00059EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56010

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description An unauthenticated payment bypass exists in the IPN callback endpoint /ipn.php. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the...

9.2CVSS6.1AI score0.00184EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56005

Name of the Vulnerable Software and Affected Versions Terraform Enterprise versions prior to 2.0.4 Terraform Enterprise versions prior to 1.2.4 Description An issue exists in the version control system VCS ingestion of registry modules where the intended boundary on packaged module content is not...

7.7CVSS6.1AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55972

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.5.0 through 4.10.x Description The RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error paths...

3.3CVSS6.1AI score0.00095EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago14 views

PT-2026-55999

Name of the Vulnerable Software and Affected Versions vLLM versions 0.12.0 through 0.23.x Description A flaw in the EngineCore of the library occurs when a remote authorized user sends a pure prompt embeds payload to the '/v1/completions' endpoint using a model that implements M-RoPE Multimodal...

7.1CVSS6.1AI score0.0037EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55995

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Memory corruption occurs when processing asynchronous input parameters. This is caused by a Time-of-Check to Time-of-Use TOCTOU race condition, where values are...

7.8CVSS6.1AI score0.00052EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56013

Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description An issue exists in metadata title handling that allows the injection of arbitrary HTML and JavaScript. When the completeHTMLDocument option is enabled, unescaped less-than and greater-than...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55973

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.9.0 through 4.10.x Description The RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error paths. This...

3.3CVSS6.1AI score0.00094EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55959

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.10.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. An unbounded recursion can cause the...

3.3CVSS6.1AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-55975

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.3.0 through 4.10.x Description A resource leak exists in the shared memory cleanup logic of OP-TEE, a Trusted Execution Environment designed for Arm Cortex-A cores using TrustZone technology. The function cleanup shm refs in...

3.8CVSS6.1AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56019

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user with permissions to add file storage can execute arbitrary commands when storage is saved. This occurs because the LocalFileVolume::saveStorageOnServer function...

8.8CVSS6.3AI score0.00403EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55961

Name of the Vulnerable Software and Affected Versions HP Deskjet 2800 Series Printers versions prior to TBP1CN2612AR Description A missing authorization flaw exists in the embedded webserver. An unauthenticated attacker with network access can bypass administrative controls by sending GET request...

7.5CVSS6AI score0.00271EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...

9.2CVSS6.2AI score0.00417EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...

9.8CVSS7.2AI score0.00668EPSS
Exploits1References44
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56011

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...

10CVSS5.9AI score0.00256EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56000

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.24.0 Description The structured outputs.regex API parameter allows user-supplied regular expression strings to be passed to grammar compiler backends without a compilation timeout. In the xgrammar backend, the string i...

8.7CVSS6AI score0.00324EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55892

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the camel-nats component allows a client to inject arbitrary Camel...

7.5CVSS6.2AI score0.00423EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56064

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.3 Description An application using this framework that exposes a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads. This occurs even when tools are registered with use=Fals...

8.1CVSS6AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56063

Name of the Vulnerable Software and Affected Versions Langroid affected versions not specified Description A sandbox escape exists in the TableChatAgent and VectorStore components that allows for Remote Code Execution RCE. The issue occurs when agents evaluate LLM-generated tool messages with ful...

10CVSS6.4AI score0.00912EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56062

SQLChatAgent validate query dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allow dangerous operations=False, combines a raw-text regex blocklist DANGEROUS SQL PATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56014

Name of the Vulnerable Software and Affected Versions Leantime affected versions not specified Description The Users::getUser function within the JSON-RPC API does not implement sufficient authorization checks. This allows authenticated users to retrieve complete user credential records by...

8.6CVSS6.2AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56015

Name of the Vulnerable Software and Affected Versions Leantime affected versions not specified Description An OIDC login CSRF issue exists in the verifyState function, which unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs...

8.6CVSS6.1AI score0.00153EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-55900

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation and improper access control in the Camel Mongodb Gridfs component allow an...

9.8CVSS6AI score0.00452EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55978

Name of the Vulnerable Software and Affected Versions vLLM versions 0.22.0 through 0.23.0 Description The software fails to validate the size of uploaded audio files before loading them into memory. Specifically, the endpoints '/v1/audio/transcriptions' and '/v1/audio/translations' execute the...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56042

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/get info API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in th...

6.9CVSS5.9AI score0.0042EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55934

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8 to unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55924

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 3.0.16 Description The multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS POST. This occurs becau...

8.6CVSS6.1AI score0.0046EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55885

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists in the Apache Camel JMS component where the JmsBinding.extractBodyFromJms function i...

7.3CVSS6.2AI score0.00504EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56077

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description An authorization bypass exists in the devcontainer recreate endpoint. The endpoint relied on route...

5.4CVSS6AI score0.00394EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56040

Name of the Vulnerable Software and Affected Versions Minosoft affected versions supporting Minecraft protocol 1.7 and later Description The CryptManager encryption routine in CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret key instead ...

5CVSS6.1AI score0.00111EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56034

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description A stored cross-site scripting XSS issue exists in the client-facing email history views. This occurs because email HTML content, specifically the content html variable, is rendered into a...

4.8CVSS5.9AI score0.00286EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-55970

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.9.0 Description Improper enforcement of a mandatory multi-factor authentication policy allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56216

These are all security issues fixed in the librpmbuild10-4.20.1-8.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago18 views

PT-2026-56009

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6.1AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55916

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS6AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55915

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authenticated user can perform a cross-tenant authorization bypass by manipulating a company ID parameter in a POST request to the backend. The application...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55949

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS5.9AI score0.00164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-55958

The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page id' shortcode attribute of the fbrev shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the Feed...

6.4CVSS6AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55927

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

9.1CVSS5.9AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55937

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55928

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References2
Total number of security vulnerabilities184484