Lucene search
K
PtsecurityRecent

184497 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54683

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read occurs in Dawn, which may allow a remote attacker to perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used to break out of a...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54680

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in ANGLE allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. A sandbox...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54672

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source JavaScript and...

9.8CVSS6.3AI score0.00453EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54658

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An integer overflow exists in ANGLE Almost Native Graphics Layer Engine, a compatibility layer that allows OpenGL ES APIs to run on Windows. This issue allows a remote attacker who has...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54654

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An integer overflow in Skia, a graphics library, allows a remote attacker to potentially perform a sandbox escape by inducing the browser to process a crafted HTML page. A sandbox escap...

9.8CVSS6AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54669

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized memory read issue exists in ANGLE Almost Native Graphics Layer Engine, a compatibility layer that allows OpenGL ES APIs to run on Windows. A remote attacker can exploit...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54681

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory...

9.8CVSS6AI score0.00413EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54652

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A heap buffer overflow exists in ANGLE, a graphics abstraction layer, within Google Chrome on Mac. This issue allows a remote attacker to perform out-of-bounds memory access by inducing...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54655

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. ANGLE Almost Native Graphics Layer...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54671

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in PDFium, a PDF rendering engine, allows a remote attacker to perform UI spoofing by using a specially crafted PDF file. Recommendations Update Google...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54676

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox. This occurs when a user is convinced to perform specific UI gesture...

9.8CVSS6.4AI score0.00413EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54657

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use-after-free issue exists in ANGLE, which is a compatibility layer that allows developers to use WebGL across different graphics APIs. This flaw allows a remote attacker to...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54653

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. ANGLE Almost Native Graphics Layer...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54651

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read in ANGLE, a compatibility layer that allows OpenGL ES APIs to run on non-native platforms, allows a remote attacker to leak cross-origin data. This occurs when a...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References446
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54656

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An integer overflow in the Skia graphics library allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered...

9.8CVSS6AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54650

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox by inducing a user to visit a specially crafted HTML page. V8 is the...

9.6CVSS6.3AI score0.00448EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54685

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in ANGLE allows a remote attacker to leak cross-origin data through a crafted HTML page. ANGLE Almost Native Graphics Layer Engine is a compatibility layer that...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An issue in the WebAppInstalls component allows a remote attacker to perform UI spoofing by using a specially crafted HTML page. UI spoofing is a technique where an attacker mimics a...

9.6CVSS6AI score0.00448EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54677

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in Skia allows a remote attacker who has already compromised the renderer process to perform UI spoofing by using a crafted HTML page. UI spoofing is a...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54687

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read and write issue exists in Dawn, which could allow a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54665

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in ANGLE allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A use after free occurs when an application continues to u...

9.8CVSS6AI score0.00413EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54686

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in Skia, a graphics library, allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A use after free occurs when a program...

9.8CVSS6AI score0.00413EPSS
Exploits0References453
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54692

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in ANGLE allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...

9.6CVSS5.8AI score0.00479EPSS
Exploits0References451
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55151

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55083

This module enables you to test and run AI-driven workflows interactively through a chat interface. The module doesn't sufficiently re-evaluate a human-in-the-loop approval gate where the workflow iterates more than once. This may result in execution of workflows that were not intended by the use...

6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55211

SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl src/security.ts to block requests to private and loopback addresses. However, the isPrivateV6 function fails to detect IPv4-mapped IPv6 loopback addresses in their...

7.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54735

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54644

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54836

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could se...

4.3CVSS5.6AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54891

Name of the Vulnerable Software and Affected Versions HubSpot versions prior to 11.3.52 Description An issue involving the insertion of sensitive information into sent data allows for the retrieval of embedded sensitive data. Recommendations Update to a version newer than 11.3.51...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.16 views

PT-2026-54466

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsport season groupdel AJAX handler, which only...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54737

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text file.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$ GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54753

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the application passes the id GET parameter directly into a PHP...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54846

Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 6.2.2 Description The "Insert media from web" functionality in the CMS is susceptible to Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites, when processing...

5.4CVSS6AI score0.00263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54847

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54932

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS5.8AI score0.00087EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54862

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.9.0 through 5.9.x Description Control panel users with entry editing permissions can execute unsandboxed Twig code, which may lead to authenticated Remote Code Execution RCE. The issue occurs during the entry saving proces...

8.7CVSS6AI score0.00293EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55202

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 0.15.2 Fleet versions prior to 0.14.6 Fleet versions prior to 0.13.11 Fleet versions prior to 0.12.15 Description An issue exists when the webhook endpoint is configured without a secret, allowing unauthenticated...

8.3CVSS5.9AI score0.00506EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-55111

Impact An attacker is able to craft and send a user a URL that will redirect the user from the Concourse web server to any other site. This could be used in a phishing attack to steal user's credentials. Patches This has been fixed in 8.2.3 Workarounds None. Exploit Vulnerable code was in:...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54622

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS plugin for WordPress versions prior to 1.8.13 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Reflected Cross-Site Scripting. This occurs when the...

6.1CVSS6AI score0.00293EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54504

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, ...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54476

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eo events' shortcode accepting attacker-controlled 'no events' content and rendering it in event list templates without output escaping. This mak...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54464

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabc appointments filter list. This makes it possible for authenticated attackers, with contributor-level access and above, to extract custom...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54838

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.8 Wagtail versions prior to 7.3.3 Wagtail versions prior to 7.4.2 Description A missing permission check on the image preview endpoint allows a user with access to the Wagtail admin to preview any image. This issu...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54486

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description Inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNC MsLogonIIAuth allows a network attacker to disclose credentials. In the file rfb/dh.cpp, the Diffie-Hellman key exchang...

7.4CVSS5.9AI score0.0022EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54479

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An off-by-one error exists in the Base64 decode helper used for HTTP Basic authentication. The wi uudecode function in the file repeater/webgui/webutils.c uses a strict greater-than...

3.7CVSS6.1AI score0.00388EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54487

Name of the Vulnerable Software and Affected Versions UltraVNC viewer versions prior to 1.8.2.3 Description An off-by-one stack buffer overflow exists in the RFB ServerInit message handler within the vncviewer/ClientConnection.cpp file. When a server-supplied nameLength is exactly 2024, the...

7.6CVSS6.2AI score0.00525EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54485

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy s copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a...

7.2CVSS6.3AI score0.00571EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54488

Name of the Vulnerable Software and Affected Versions UltraVNC viewer versions prior to 1.8.2.3 Description An integer overflow exists in the RFB protocol failure-response parsing path within the vncviewer/ClientConnection.cpp file. The issue occurs when the 4-byte network-supplied reasonLen fiel...

8.8CVSS6.9AI score0.01403EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54489

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy ssaved password, 64,...

9.1CVSS5.8AI score0.00374EPSS
Exploits0References10
Total number of security vulnerabilities184497