Lucene search
K
PtsecurityRecent

184491 matches found

Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•13 views

PT-2026-54508

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS5.9AI score0.0038EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•10 views

PT-2026-54637

Name of the Vulnerable Software and Affected Versions AWS CLI versions prior to 1.44.78 v1 AWS CLI versions prior to 2.34.29 v2 Description On Unix-like systems where the umask is not configured to restrict file permissions, overly permissive file permissions may allow local users on the same hos...

6.8CVSS5.8AI score0.00101EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•7 views

PT-2026-54720

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where improper validation of allowed inputs occurs. This could allow an attacker to achieve code execution, escalation of privileges, data tampering,...

7.8CVSS6AI score0.00155EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-54835

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The software fails to correctly validate the types of uploaded files because the validation process relies exclusively on client-side checks, which can be bypassed. This allows an authorized, low-privileged...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•14 views

PT-2026-54515

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•19 views

PT-2026-54458

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309...

5.8AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•12 views

PT-2026-54750

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the translate text.php file passes the id GET parameter directly...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•17 views

PT-2026-55213

Description The per-template filter, tag and function allow-list check is compiled into the checkSecurity method of each Template subclass and was invoked once from the constructor, gated by SandboxExtension::isSandboxed$source. Template instances are then cached on the Environment in...

8.7CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55217

Component: io.crate.protocols.http.HttpBlobHandler Affected: verified against CrateDB 6.2.7 latest at time of report; the bug has existed since the blob HTTP handler was introduced Impact: any authenticated user can read or delete any blob whose SHA-1 digest they know, and can plant new blobs...

5.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•12 views

PT-2026-54484

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An integer overflow exists in the HTTP request logging path. The win log function allocates list nodes using a calculation based on the length of the HTTP request URI. If the URI length i...

5.3CVSS6.4AI score0.01057EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-55218

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description A race condition exists in the ShareHandler when processing share-link redemptions. The system reads the DownloadLimit of a share token using a read lock, releases it to serve the file, and only then...

5.9CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-55568

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS5.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55209

Name of the Vulnerable Software and Affected Versions Concourse versions prior to 8.2.3 Description An open redirect issue exists in the login flow. An attacker can craft a URL that redirects users from the Concourse web server to an external site, which could be utilized in phishing attacks to...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•12 views

PT-2026-54706

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the InstallShield file format parser where improper handling of temporary resources during file scanning can lead to a Denial of Service DoS condition. A remote,...

7.8CVSS7.1AI score0.00463EPSS
Exploits0References40
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•9 views

PT-2026-55166

In SurrealDB, records can be connected as a graph: a RELATE statement creates an edge record between two node records. If either endpoint node is deleted, SurrealDB automatically removes the edge row to keep the graph consistent. A user with permission to delete a node could also delete the edges...

5.4CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•12 views

PT-2026-55431

These are all security issues fixed in the perl-CGI-Session-4.490.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•7 views

PT-2026-54716

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•9 views

PT-2026-54780

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.13 Craft CMS versions 5.0.0-RC1 through 5.9.20 Description An authorization issue exists in the AssetsController::actionReplaceFile function. The system allows replacing a target asset file using anoth...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-55135

Summary A memory-safety vulnerability in Open Babel's ChemKin parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in ChemKinFormat::ReadReactionQualifierLines. A malformed reaction qualifier record caused the parser to dereference a NULL pointer. Impac...

5.5CVSS5.8AI score0.00187EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•10 views

PT-2026-54810

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 "arm64: mm: always call PTE/PMD ctor in create pgd mapping" page-table allocation on ARM64 always calls pagetable pte,pmd,pud,p4d ctor. This...

5.8AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55138

Summary A memory-safety vulnerability in Open Babel's MSI parser caused an uninitialized pointer dereference when reading a crafted input file. Details The flaw was in the atom handling of the MSI reader. A malformed record caused the parser to dereference an atom pointer that had never been...

9.8CVSS7.1AI score0.00816EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•7 views

PT-2026-55141

Impact A critical command injection vulnerability has been identified in the Rancher Manager cluster import endpoint /v3/import/token clusterId.yaml through unsanitized YAML parameters. This endpoint accepts an authImage query parameter that is rendered without sanitization into a generated...

9.6CVSS6.2AI score0.01277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55145

Summary A memory-safety vulnerability in Open Babel's GRO parser caused an uninitialized pointer dereference when reading a crafted input file. Details The flaw was in the residue handling of the GRO reader. A malformed record caused the parser to use a residue pointer that had never been...

9.8CVSS7.1AI score0.00816EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55142

Summary A memory-safety vulnerability in Open Babel's MOPAC input parser allowed an out-of-bounds write into the translationVectors array when reading Tv translation-vector atoms from a crafted input file. Details The MOPAC IN reader stored Tv-atom translation vectors into a fixed-size...

9.8CVSS7.1AI score0.00863EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•7 views

PT-2026-55110

Summary A memory-safety vulnerability in Open Babel's PQS parser caused an uninitialized pointer dereference when reading a crafted input file. Details The flaw was in the pFormat handling of the PQS reader. A malformed input caused the parser to dereference a format pointer that had never been...

9.8CVSS6.6AI score0.00843EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•16 views

PT-2026-55105

Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the translationVectors array when reading the "FINAL POINT" block of a crafted input file. Details The MOPAC output reader stored translation vectors from the FINAL POINT block into a...

9.8CVSS7.1AI score0.00863EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•6 views

PT-2026-55098

Summary A memory-safety vulnerability in Open Babel's CACAO parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in CacaoFormat::SetHilderbrandt. A malformed input caused the parser to dereference a NULL pointer while applying the Hilderbrandt...

5.5CVSS5.8AI score0.00188EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55162

Summary A memory-safety vulnerability in Open Babel's MOL2 parser allowed an out-of-bounds write when reading a crafted input file. Details The flaw was in the attribute/value parsing path of the MOL2 reader. An over-long attribute or value caused the parser to write past the end of a fixed-size...

8.1CVSS7.1AI score0.00796EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-55119

Summary A memory-safety vulnerability in Open Babel's PQS parser allowed an out-of-bounds write when reading a crafted input file. Details The flaw was in the coord file parsing path of the PQS reader. A malformed coord file specifier caused the parser to write past the end of its destination...

9.8CVSS6.8AI score0.00843EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-55140

Summary A memory-safety vulnerability in Open Babel's PQS parser caused an out-of-bounds pre-buffer read when reading a crafted input file. Details The flaw was in the lowerit helper used by the PQS parser. A malformed input caused the helper to read one or more bytes before the start of its inpu...

5.5CVSS5.8AI score0.00189EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55158

Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Details The flaw was in the nAtoms handling of the ORCA reader. A malformed input caused the parser to write past the end of its destination buffer. Impact Open Babe...

9.8CVSS7.1AI score0.00816EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•11 views

PT-2026-55094

Impact A vulnerability has been identified within Rancher Manager in the GitHub App authentication provider. When evaluating permissions, the provider incorrectly expands user team memberships to include all teams within the associated GitHub organization, rather than restricting access to the...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-55090

Description A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-55136

Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write into the translationVectors array when reading a crafted input file. Details The Gaussian reader stored periodic-cell translation vectors into a fixed-size translationVectors array. A...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•17 views

PT-2026-55112

Summary A memory-safety vulnerability in Open Babel's ChemKin parser caused a heap buffer overflow when reading a crafted input file. Details The flaw was in ChemKinFormat::CheckSpecies. A malformed species record caused the parser to write past the end of a heap-allocated buffer. Impact Open Bab...

7.8CVSS6.5AI score0.00224EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•6 views

PT-2026-54856

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 Description Incorrect handling of arguments in the JP2 encoder can lead to a heap buffer over-write. A heap buffer over-write occurs when a program writes more data to a heap-allocated memory buffer than ...

5.5CVSS6.2AI score0.00188EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-54809

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mnt ns read in may decode fh may decode fh accesses mount::mnt ns without holding any locks; that means the mount can concurrently be unmounted, and the mnt namespace can concurrently be freed...

5.8AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-54723

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS5.8AI score0.00774EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•16 views

PT-2026-55224

Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently enforce permissions on...

6.1AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•6 views

PT-2026-54699

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...

9.6CVSS6.2AI score0.00479EPSS
Exploits0References456
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•13 views

PT-2026-54688

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 150.0.7871.46 Description An uninitialized use in Dawn allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update...

9.6CVSS6AI score0.00479EPSS
Exploits0References449
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-54696

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-54690

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A type confusion issue exists in Tint, which could allow a remote attacker to perform a sandbox escape by inducing the browser to process a specially crafted HTML page. Type confusion...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•6 views

PT-2026-54697

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An integer overflow in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox by inducing a user to open a specially crafted HTML page. V8 is the open-source...

9.8CVSS6.4AI score0.00413EPSS
Exploits0References450
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•5 views

PT-2026-54689

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read and write issue exists in Tint, which could allow a remote attacker to perform out of bounds memory access by using a crafted HTML page. Recommendations Update...

9.6CVSS6AI score0.00413EPSS
Exploits0References445
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•19 views

PT-2026-54694

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A heap buffer overflow exists in Skia, a graphics library used by the browser. This issue allows a remote attacker who has already compromised the renderer process to potentially achiev...

9.6CVSS6.2AI score0.00479EPSS
Exploits0References452
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•6 views

PT-2026-54649

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in ANGLE, a graphics abstraction layer, allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page...

9.8CVSS5.8AI score0.00413EPSS
Exploits0References452
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•4 views

PT-2026-54674

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox by inducing a user to visit a specially crafted HTML page. V8 is the...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•8 views

PT-2026-54678

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in ANGLE, a compatibility layer that translates OpenGL ES calls to other graphics APIs, allows a remote attacker to potentially perform a...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•6 views

PT-2026-54679

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in ANGLE allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Total number of security vulnerabilities184491