Lucene search
K
PtsecurityRecent

185744 matches found

Positive Technologies
Positive Technologies
added 23 hours ago8 views

PT-2026-57942

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58059

openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences...

5.3CVSS6.2AI score
Exploits1References3
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58165

Heap-based buffer overflow in Windows Resilient File System ReFS allows an authorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58347

Improper authentication in Windows RPC API allows an unauthorized attacker to elevate privileges over an adjacent network...

8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58627

Stack-based buffer overflow in Windows File History Service allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58407

Out-of-bounds read in Windows Container Isolation FS Filter Driver unionfs.sys allows an authorized attacker to disclose information locally...

7.1CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58383

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Media allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58353

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows LUAFV allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58413

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58359

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally...

5.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58305

Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

7.8CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58634

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58633

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58621

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally...

5.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58616

Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58579

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58622

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally...

5.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58593

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network...

9.8CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58615

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58570

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58551

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

5.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-58552

Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58535

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58573

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58517

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58522

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58510

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally...

5.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58490

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows NTFS allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58472

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58431

Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally...

7.8CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58679

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit ...

5.3CVSS4.7AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58106

Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode in PIL/PdfParser.py calls zlib.decompress with bufsize set to the PDF stream Length field without bounding the decompressed output size, allowing a crafted FlateDecode PDF stream to exhaust memory from a small...

7.5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58033

A denial-of-service issue exists in 5370/5570 controllers. This vulnerability could potentially allow a remote user to load an invalid project, causing the device to enter a major non-recoverable fault MNRF...

9.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58048

Sustainable Irrigation Platform SIP through version 5.2.16 contains a command injection vulnerability in the optional cli control plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin...

9.8CVSS6.3AI score
Exploits2References3
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58044

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointment hash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customer data": ...,...

6.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58050

A denial-of-service security issue exists in the 1719-AENTR. The security issue stems from improper handling of a UDP unicast network storm, which causes the device to become overloaded and lose communication. A power cycle is required to recover...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58046

Sustainable Irrigation Platform SIP through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to...

8.8CVSS6.1AI score
Exploits2References3
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58073

A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests...

8.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58079

DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory...

6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-58080

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent...

6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 23 hours ago3 views

PT-2026-58062

DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The complete table name method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at a...

6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-58040

A security issue exists within FactoryTalk® Services Platform FTSP, allowing an attacker to bypass JWT signature validation during Okta Web Authentication. The vulnerability stems from the application not verifying that the JWT algorithm is configured for RSA, enabling an attacker to set the...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58047

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS6.2AI score
Exploits2References3
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58042

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...

9CVSS7.5AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58043

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

9CVSS7.5AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-58049

Sustainable Irrigation Platform SIP through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths...

8.7CVSS6.2AI score
Exploits1References3
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58057

A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm NuGet API Key, Docker Bearer Token, or npm Bearer Token must be enabled an...

8.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-58026

Path traversal in Ivanti Xtraction before version 2026.2.1 allows a remote authenticated attacker to read arbitrary files outside the web root...

7.7CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58025

An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs...

4CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago6 views

PT-2026-58028

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...

8.3CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities185744