Lucene search
K
PtsecurityRecent

186761 matches found

Positive Technologies
Positive Technologies
added 12 hours ago8 views

PT-2026-58866

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 12 hours ago10 views

PT-2026-58867

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...

8.6CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 12 hours ago6 views

PT-2026-58874

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago7 views

PT-2026-58877

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago6 views

PT-2026-58873

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago7 views

PT-2026-58876

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago7 views

PT-2026-58875

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58884

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58883

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...

7.7CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58886

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58887

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58888

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 12 hours ago8 views

PT-2026-58871

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago7 views

PT-2026-58872

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago4 views

PT-2026-58880

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago6 views

PT-2026-58879

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58881

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58891

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58889

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58894

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

6.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58890

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58931

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM company id-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58895

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58896

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58893

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58892

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago2 views

PT-2026-58930

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago3 views

PT-2026-58885

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 12 hours ago6 views

PT-2026-58878

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 12 hours ago4 views

PT-2026-58882

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-58663

Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network...

8.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58556

Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58753

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58255

Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58206

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58825

An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58723

A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...

7.5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58760

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58761

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58763

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58755

NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58128

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

5.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58219

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-58678

A heap buffer over-read vulnerability was discovered in libsoup's HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminated C-string. Because the parser...

5.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58108

Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...

4.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58681

A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has n...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58725

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup multipart input stream read headers function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings...

6.5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58747

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure...

6.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-58749

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58751

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities186761