Lucene search
K
PtsecurityRecent

184497 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-55565

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

2.7CVSS5.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55089

Component: io.crate.protocols.http.HttpBlobHandler Affected: verified against CrateDB 6.2.7 latest at time of report; the bug has existed since the blob HTTP handler was introduced Impact: any authenticated user can read or delete any blob whose SHA-1 digest they know, and can plant new blobs...

5.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-55205

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-55206

Summary dist/clients/core/params.ts in @hey-api/openapi-ts ships a runtime template that is copied verbatim into every generated SDK as params.gen.ts. When a caller passes an object argument containing an unknown key starting with a slot prefix $body , $headers , $path , $query , the function...

4.8CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54620

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54924

Name of the Vulnerable Software and Affected Versions FatFS versions R0.16 and earlier Description An integer overflow occurs in the mount volume function during FAT32 processing when the operation fasize = fs-n fats wraps. This allows an attacker to control file-size metadata, resulting in unsaf...

7.6CVSS7.1AI score0.0021EPSS
Exploits2References16
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54724

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service...

5.9CVSS5.8AI score0.00717EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55170

Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....

2.1CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54739

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$ GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54917

Name of the Vulnerable Software and Affected Versions Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description An unauthenticated OS command injection exists in the commuos web backend. Network-adjacent attackers can execute arbitrary shell commands by...

9.8CVSS6AI score0.01671EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54922

Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...

8.7CVSS5.9AI score0.00191EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54823

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fr...

5.8AI score0.00164EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54700

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server versions prior to 8.1.1 Altium 365 affected versions not specified Description A path traversal issue exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service processes...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54471

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawl dfs.php, where the $ GET'place...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54474

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55204

Summary The documented certificateOIDs option in sigstore.verify is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked. Details The public verify options include certificateOIDs and the documentation says those OID/value pairs...

7.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54760

🔴 GeoNetwork, Reflected XSS via Client-Side Template Injection CVE-2026-39379 – High Severity -DC-Jul2026-791 https://t.co/13WOZH6LMr...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54448

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...

6.5CVSS6AI score0.00181EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55483

These are all security issues fixed in the python3-onionshare-2.6.4-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54850

Name of the Vulnerable Software and Affected Versions mchange-commons-java versions prior to 0.6.0 Description The JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory allows the construction of objects from arbitrary classes and the initialization of JavaBean-style...

7.1CVSS6AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54728

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54868

Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.11 OPNsense versions prior to 26.4.1p1 Description An arbitrary file write flaw allows for remote code execution with root privileges. Recommendations Update to version 26.1.11. Update to version 26.4.1p1...

6.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55484

These are all security issues fixed in the python3-onionshare-2.6.4-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55210

Summary The network domain has a central SSRF authorization policy that blocks private, loopback, link-local, and reserved targets unless an explicit authorization object allows private network access. The policy is enforced by raw HTTP/TCP/TLS RTT tools, but the ICMP probe and traceroute tools...

4.3CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54496

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...

5.7AI score0.00137EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54889

Name of the Vulnerable Software and Affected Versions ShortPixel Enable Media Replace versions prior to 4.2.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting XSS issue. Stored XSS occurs when an application receives data from a user a...

5.9CVSS5.7AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54769

Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description An authenticated user can trigger a denial of service by submitting a specially crafted bulk request. This leads to uncontrolled resource consumption through excessive allocation,...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55139

Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...

7.5CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55081

The Canvas module allow you to upload image files via a custom API. The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image. Certain web-server configurations may serve the uploaded file...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54866

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Fleet policy management functionality allows an authenticated user to submit specially crafted input. This can lead to a denial of service, rendering the Fleet...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54801

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIG SWAP guard mincore swap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIG SWAP builds when CONFIG MIGRATION or CONFIG MEMORY FAILU...

5.8AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54770

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper output neutralization for logs allows for log injection. An attacker can provide specially crafted input that is written to log files without being properly neutralized. If these log...

8CVSS5.8AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54814

In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIG UNWIND TABLES Due to a rustc bug 1 the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated...

5.8AI score0.00156EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54786

Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified satellite-capsule:el8/foreman affected versions not specified Description The Usergroup model fails to properly validate role assignments against the permissions of the calling user. This improper...

8.8CVSS5.9AI score0.00297EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54783

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 149.0.4022.98 Description A use-after-free issue exists in Microsoft Edge Chromium-based. This flaw allows an authorized attacker to execute arbitrary code over a network. Use-after-free is a...

8.3CVSS6.1AI score0.00823EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54886

Name of the Vulnerable Software and Affected Versions PrivateContent versions prior to 9.9.2 Description An incorrect privilege assignment in LCweb PrivateContent enables privilege escalation, allowing a user to gain higher levels of access than intended. Recommendations Update PrivateContent to...

9.8CVSS5.9AI score0.00292EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55430

These are all security issues fixed in the kubectl-cnpg-1.29.2-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54839

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.8 Wagtail versions prior to 7.3.3 Wagtail versions prior to 7.4.2 Description A low-level user granted the "Can submit translation" permission can create translations for any page, regardless of whether they have...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54749

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the speech text.php file passes the id GET parameter directly int...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54717

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause deserialization of untrusted data. Deserialization is the process of converting a data format, such as JSON or XML, back...

7.8CVSS6AI score0.00169EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54796

In the Linux kernel, the following vulnerability has been resolved: sched ext: Don't warn on NULL cgrp moving from in scx cgroup move task A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtree control while a sched ext scheduler is loaded: WARNING: at...

5.8AI score0.00168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55087

Impact The QUIC client did not authenticate the server during the TLS 1.3 handshake. The CertificateVerify signature was not checked, the certificate chain was not validated, and the hostname was not compared against the certificate, so verify was effectively a no-op on the client. A...

9.1CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54928

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An uninitialized cluster exposure occurs when the f lseek function extends files beyond the end-of-file EOF without zero-filling newly allocated clusters. This issue is a Use of Uninitialized...

4.6CVSS6.1AI score0.00177EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54499

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...

5.8AI score0.00365EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54782

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54493

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

5.8AI score0.00267EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55207

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.1 Description An unauthenticated remote attacker can cause a memory-exhaustion Denial of Service DoS by sending large JSON bodies to specific API endpoints. This occurs because the software fails to limit the...

5.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54646

Name of the Vulnerable Software and Affected Versions Mediawiki - Charts Extension versions prior to 1.43.9 Mediawiki - Charts Extension versions prior to 1.44.6 Mediawiki - Charts Extension versions prior to 1.45.4 Description Improper neutralization of input during web page generation allows fo...

6.9CVSS5.9AI score0.00148EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54819

In the Linux kernel, the following vulnerability has been resolved: riscv/ptrace: Use USER REGSET NOTE TYPE for REGSET CFI Fixes a warning while dumping core: 54983.546369 C7 WARNING: !note name fs/binfmt elf.c:1771 at elf core dump+0x910/0xf68, CPU7: abort01/31982...

5.8AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54884

Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.56.0 Description An unsafe deserialization issue exists in the WebDataset reader. An attacker can achieve remote code execution by providing a malicious tar archive to the read webdataset function. The default decoder...

8.8CVSS6.8AI score0.00493EPSS
Exploits1References7
Total number of security vulnerabilities184497