Lucene search
K
PtsecurityRecent

184497 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54927

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An integer underflow occurs during interleaved read and write operations on fragmented filesystems. This issue is caused by an unsigned-subtraction wrap in the f read and f write functions when...

6.1CVSS6.1AI score0.00205EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54794

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill pool in early boot hardirq context When booting a debug PREEMPT RT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

5.8AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54502

AS228T with Authentication Bypass Vulnerability...

7.4CVSS5.8AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54842

Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An uncontrolled resource consumption issue exists in the HTTP/1.1 message parser. A remote attacker can trigger a denial of...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54741

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. This occurs because the application passes the id GET parameter directly into an...

9.8CVSS6AI score0.00373EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54501

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54447

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description A malicious LDAP server can cause the Thunderbird LDAP client to crash due to memory exhaustion. This occurs when the client is configured to query the...

5.3CVSS6AI score0.00203EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.16 views

PT-2026-54453

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Memory corruption occurs due to a missing bounds check. This allows remote escalation of privilege if a User Equipment UE connects to a rogue base station controlled by an attacker. Exploitatio...

7.5CVSS6.2AI score0.00204EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54514

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...

7.5CVSS5.8AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54736

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54703

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the PE file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can exploi...

7.8CVSS5.9AI score0.00463EPSS
Exploits0References44
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54705

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A flaw in the 7z file format parser allows an unauthenticated remote attacker to cause a Denial of Service DoS condition. The issue stems from improper boundary checks for content in 7z files...

7.8CVSS7.3AI score0.00463EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54708

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the ALZ file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...

7.8CVSS7.2AI score0.00463EPSS
Exploits0References40
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54709

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the DMG file format parser where improper boundary checks for content during scanning can lead to memory corruption. On 32-bit platforms, this specifically manifests as an...

7.8CVSS7.2AI score0.00463EPSS
Exploits0References40
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54704

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the FSG file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...

7.8CVSS7.2AI score0.00463EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54455

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem allows for remote information disclosure. This occurs when a User Equipment UE connects to a rogue base station controlled by an attacker. The exploitatio...

5.3CVSS6.2AI score0.00174EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-55221

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54727

Name of the Vulnerable Software and Affected Versions WofficeIO Woffice versions prior to 5.4.33 Description An issue exists where incorrectly configured access control security levels lead to missing authorization, allowing for potential exploitation. Recommendations Update WofficeIO Woffice to...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54775

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...

8.1CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54505

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54888

Name of the Vulnerable Software and Affected Versions WP Reloaded ApplyOnline versions prior to 2.6.7.6 Description A missing authorization issue exists that allows the exploitation of incorrectly configured access control security levels. Recommendations Update WP Reloaded ApplyOnline to a versi...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54867

Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description Incorrect authorization allows a low-privileged authenticated user to access response action data they are not authorized to view. This occurs because functionality is not properly...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54828

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement in the '/customer/servlet/mco/webapi/profile-sections/group-membership' endpoint allows an authenticated user to modify their group membership. By providing a valid group...

7.1CVSS5.9AI score0.00208EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.22 views

PT-2026-54843

Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An issue exists in the HTTP/2 HPACK decoder where resources are allocated without limits or throttling. A remote attacker can...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54732

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54733

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text file.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54926

Name of the Vulnerable Software and Affected Versions FatFs versions prior to R0.16 Description An issue exists when using GPT scanning with FF LBA64 = 1 where an unbounded loop count is derived from the GPT header field GPTH PtNum. This can lead to extremely long or effectively infinite scans...

4.6CVSS6.1AI score0.00205EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54763

Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...

8.8CVSS5.7AI score0.00508EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54905

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS5.8AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54933

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00333EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-54896

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54895

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54901

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54899

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlight GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight GeSHi: from before 1.46.0,...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54898

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

5.3CVSS5.8AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54894

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS5.8AI score0.00503EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54902

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54628

Name of the Vulnerable Software and Affected Versions Open VSX Registry versions prior to 1.0.2 Description The '/vscode/unpkg/' endpoint serves user-supplied HTML files with a text/html Content-Type and lacks a Content-Security-Policy or Content-Disposition: attachment response header. This allo...

8.7CVSS5.9AI score0.0019EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54722

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...

8.5CVSS5.8AI score0.00489EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54914

Name of the Vulnerable Software and Affected Versions JAIOTlink C492A-W6 version 4.8.30.57701411 Description An OS command injection flaw exists where authenticated attackers can achieve remote code execution. By sending a malicious string to the 'NetSDK/Factory SetMAC' HTTP PUT endpoint, an...

8.8CVSS6.1AI score0.02422EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54627

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.6.4 Description An Insecure Direct Object Reference IDOR exists in the create or update function of OsOrdersController. This allows an authenticated Agent to...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-56044

Уязвимость функции check session buf not used механизма tls-crypt-v2 программного обеспечения OpenVPN связана с возможностью использования памяти после освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или выполнить произвольный ...

9.4CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54480

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS5.8AI score0.00088EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54454

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the Modem can cause a system crash. This allows a remote denial of service if a User Equipment UE connects to a rogue base station controlled by an attacker. The...

5.3CVSS6.2AI score0.00169EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54452

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem can cause a system crash, leading to a remote denial of service. This occurs if a User Equipment UE connects to a rogue base station controlled by an...

5.3CVSS6.2AI score0.00182EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55225

Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...

6.2AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-55226

Name of the Vulnerable Software and Affected Versions Drupal Colorbox versions 0.0.0 through 2.2.0 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, where malicious JavaScript can be injected into the page. This occurs because the module, whi...

6.1AI score0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54791

Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A SQL Injection flaw exists in the gohead/sub 463bbc component, which allows a remote attacker to execute arbitrary code. SQL Injection is a type of vulnerability that occurs when an...

9.8CVSS6.3AI score0.00527EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54482

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References6
Total number of security vulnerabilities184497