Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.6 views

PT-2026-55589

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software lacks validation constraints for fields used during repository creation. This includes a lack of length limits for template fields and missing validation for trust model or object format...

9.1CVSS6.1AI score0.00373EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55602

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Repository RSS and Atom feed endpoints bypass API access token scope checks. This allows tokens that lack the necessary repository scope to access commit data from private repositories. Recommendation...

4.3CVSS7AI score0.00367EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.8 views

PT-2026-55597

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to correctly persist the OAuth2 PKCE S256 challenge method during the authorization process. This flaw allows for token exchange without the required verifier check. PKCE Proof Key...

9.1CVSS6.2AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55598

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description LFS push and sync mirror operations do not utilize the migration HTTP transport. This behavior allows LFS requests to bypass the configured migration transport protections. Recommendations Update Gite...

9.8CVSS6.1AI score0.00482EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55609

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A spoofing issue exists in Microsoft Edge Chromium-based, which could allow an attacker to impersonate a trusted entity or website to deceive users. Recommendations At t...

6.5CVSS6AI score0.00475EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55521

Name of the Vulnerable Software and Affected Versions Destekz versions through 02062026 Description Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting XSS, a flaw where malicious scripts are reflected off a web application to the victim's browser...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55653

Name of the Vulnerable Software and Affected Versions Notification API affected versions not specified Description The Notification API leaks private issue metadata after access has been revoked. Recommendations At the moment, there is no information about a newer version that contains a fix for...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55635

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 150.0.4078.48 Description A type confusion flaw occurs when a program accesses a resource using an incompatible type. In Microsoft Edge Chromium-based, this issue allows an unauthorized attacker ...

9CVSS6.3AI score0.00438EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55660

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description An issue exists in the Streaming Reasoning Tag Filter component within the GatewayStreamConsumer. filter and accumulate function located in the gateway/stream consumer.py file...

3.1CVSS5.8AI score0.00237EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55547

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.2CVSS6.2AI score0.01216EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55511

⚠️⚠️ CVE-2026-57149 CVSS 9.9 + CVE-2026-55247 CVSS 9.1 + CVE-2026-55248 CVSS 9.1: Plone patch bundle — Classic portlet TALES injection to RCE auth + portlet mgmt required plus https://t.co/LxbkPExsow.event DoS/SSRF/XSS issues. 🔗FOFA Link: https://t.co/t449MXCZyx 🎯17.7K+ Results are found on...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55606

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software uses release tag names and asset names as filesystem path components during the process of dumping release assets. This behavior allows specially crafted names to manipulate the resulting...

5.3CVSS6.1AI score0.00369EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55535

Name of the Vulnerable Software and Affected Versions Net::IP::LPM versions prior to 1.11 Description An issue exists where a heap out-of-bounds read can occur due to an unbounded prefix length. The add function passes a prefix string to the addPrefixToTrie function without verifying it against t...

9.1CVSS6.1AI score0.00537EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55541

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

2.7CVSS6AI score0.00109EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55655

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization occurs during the OAuth sign-in callback process, which allows accounts that were previously disabled by an administrator to be silently...

9.8CVSS5.9AI score0.00343EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55510

⚠️⚠️ CVE-2026-57149 CVSS 9.9 + CVE-2026-55247 CVSS 9.1 + CVE-2026-55248 CVSS 9.1: Plone patch bundle — Classic portlet TALES injection to RCE auth + portlet mgmt required plus https://t.co/LxbkPExsow.event DoS/SSRF/XSS issues. 🔗FOFA Link: https://t.co/t449MXCZyx 🎯17.7K+ Results are found on...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55537

Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...

6.9CVSS6AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55640

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...

7.5CVSS6.3AI score0.0034EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55610

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Edge Chromium-based allows an authorized attacker to disclose information locally...

4.2CVSS6AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55642

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An issue in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. Recommendations At the moment, there is no...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55596

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software does not consistently enforce the expiry and single-use requirement of OAuth2 authorization codes during the token exchange process. OAuth2 is a standard for access delegation, allowing...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55648

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites. Th...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55507

Name of the Vulnerable Software and Affected Versions resource api versions 1.5.0 through 1.9.1 resource api version 2.0.0 Puppet Core versions prior to 8.20.0 Puppet Enterprise 2023.8 versions prior to 2023.8.10 Puppet Enterprise 2025 versions prior to 2025.11.0 Description The resource api does...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55577

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp versions prior to 6.0.5 Description A double free issue exists in the PLY Model Handler component within the Assimp::Exporter::ExportToBlob function located in the code/AssetLib/Ply/PlyLoader.cpp file. This fla...

6.5CVSS6.9AI score0.00233EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55603

Name of the Vulnerable Software and Affected Versions Gitea version 1.25.5 Description The software caches a branch-specific write-permission result across multiple refs during a single pre-receive hook session. This behavior allows a user with a per-branch maintainer-edit grant to reuse that...

8.8CVSS7.2AI score0.00523EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55523

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.8.1 and later Description The browser backend exposes privileged terminal RPC over WebSocket endpoints '/services/shell-terminal' and '/services/terminals/:id' without service-level authentication. The WebSocket origin...

8.8CVSS6.1AI score0.00159EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55601

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Draft release data or attachments can be accessed by users who do not possess the necessary write permissions. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55529

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

6.5CVSS6.2AI score0.01052EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55536

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

3.3CVSS5.9AI score0.00095EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55545

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.2CVSS6.2AI score0.01216EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55546

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...

7.2CVSS6.2AI score0.01096EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55538

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

6.5CVSS6AI score0.00243EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55496

Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...

7.5CVSS6AI score0.00473EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55494

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...

5.3CVSS6AI score0.00223EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55584

New one on the board: CVE-2026-59185. Found an IDOR in https://t.co/wRdLpTtMzO where you could claim someone else's GitHub App install just by sending its id. server never checked ownership. Fixed + credited. appsec research infosec https://t.co/IsUHJTv4aK...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55491

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS5.8AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55583

IBM i Transport Layer Security TLS has a vulnerability related to the selection of a less-secure algorithm during negotiation, identified as CVE-2026-4942. Vulnerability Details - CVEID: CVE-2026-4942 - Description: IBMi could allow a remote attacker to send a specifically crafted message,...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55518

Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.2 Description The GenerateBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-lev...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55620

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists in Microsoft Edge Chromium-based. This flaw allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a...

7.5CVSS6.3AI score0.00429EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55652

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Server-Side Request Forgery SSRF occurs during the repository migration process via HTTP Redirect. SSRF is a flaw that allows an attacker to induce the...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55638

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper input validation allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer version th...

7.5CVSS6.1AI score0.00279EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55622

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A relative path traversal issue exists that allows an unauthorized attacker to execute code over a network. Path traversal is a flaw that allows an attacker to access...

7.1CVSS6.1AI score0.00532EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55618

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists in Microsoft Edge Chromium-based. This flaw allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a...

7.5CVSS6.3AI score0.00429EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55531

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55503

Name of the Vulnerable Software and Affected Versions HPLIP HP Linux Imaging and Printing Software affected versions not specified Description An integer overflow exists in the hpcups processing path when handling specially crafted print data. This flaw, which resulted from an incomplete fix of a...

9.8CVSS6.3AI score0.00511EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55527

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

4.4CVSS6AI score0.00104EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55614

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This flaw allows an unauthorized attacker to execute arbitrary code over a network...

7.5CVSS6.3AI score0.00429EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55550

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the ClientResource component of the admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator with limited control...

5.4CVSS6AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55657

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists that allows for a permanent fork pull request workflow approval gate bypass. This issue enables an attacker to circumvent the required approval...

8.9CVSS6AI score0.00201EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55600

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description A flaw allows a user to change the primary email address of another user. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References7
Total number of security vulnerabilities184508