Lucene search
K
PtsecurityRecent

184484 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-53902

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.9 and 2023.20 and earlier Description Improper input validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user interaction. Recommendation...

10CVSS6.6AI score0.00855EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53968

Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.3 through 7.3.2.18 IBM DevOps Deploy versions 8.0 through 8.0.1.13 IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0 Description Authenticated users may be able to...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53935

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-55058

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53965

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description An arbitrary file read issue exists when the restConnector-2.0 feature is enabled. This allows an attacker to read files from the system that they should...

7.5CVSS6.1AI score0.00472EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-55067

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53993

Name of the Vulnerable Software and Affected Versions storescp affected versions not specified Description An unauthenticated remote attacker can cause a memory leak by repeatedly sending a single crafted connection request. When storescp operates in its default single-process mode, memory...

8.7CVSS6AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53998

Name of the Vulnerable Software and Affected Versions txtai versions prior to 9.10.1 Description The software exposes an API endpoint '/reindex' where the function body parameter is processed by txtai.util.Resolver. This resolver performs import and getattr on a dotted path provided by the user...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54017

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub 44af70 component...

5.8AI score0.00409EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53875

A flaw was found in GLib. A state confusion issue exists in g dbus node info new for xml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow...

7.5CVSS5.8AI score0.00373EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53987

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can cause a crash of the worklist server by sending a single crafted query. This occurs when the server is configured with a valid...

8.7CVSS6AI score0.00395EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54045

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-22 Description An information disclosure issue exists in the PasskeyEncipherImage method. The flaw is caused by the reuse of a nonce a unique number used once in the AES-CTR cipher implementation. This allow...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53900

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.10 Adobe ColdFusion versions prior to 2023.21 Description An unrestricted upload of files with dangerous types allows for arbitrary code execution in the context of the current user. The issue stems from...

10CVSS7.9AI score0.00917EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53893

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH...

8.8CVSS6.1AI score0.00658EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53841

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Client versions prior to 5.19.8 Apache ActiveMQ Client versions 6.0.0 through 6.2.6 Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53891

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker helper wraps commands in bash -c '$command' without escaping single quotes. User-controlled docker compose custom build command and docker compose custo...

6.6CVSS5.9AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53805

rtapi app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-55066

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54023

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An issue exists in the middlewareKey function where the system accepts the client-controlled x-limited-key-id header without validating ownership. This allows authenticated users to adopt limited ke...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53934

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.3 Description Authenticated low-privilege users can perform full create, read, update, and delete operations on OpenAPI credentials. This occurs because the 'OpenApiAuthController' and...

8.6CVSS6AI score0.00263EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53818

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53867

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description Insufficient input validation leads to a memory overread when the TCP TimeStamp is enabled in the TCP Profile and is associated with a...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53981

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can perform unauthorized actions because of improper enforcement of the behavioral workflow. Recommendations At the moment, there is no information...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-55062

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .c str before...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54035

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53829

Name of the Vulnerable Software and Affected Versions PROMOD V affected versions not specified Description PROMOD V uses insecure HTTP communication instead of HTTPS. This issue occurs because the third-party Digipede server does not support HTTPS, which allows data to be transmitted without...

7CVSS5.9AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53813

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.8AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53953

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can obtain sensitive information from the monitoring and event tables in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connec...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53887

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53936

The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/ll sw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte time offset, so its segment-header len must be at least...

6.5CVSS6AI score0.00201EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54435

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.14.0 Description c3p0, a JDBC Connection pooling library, can act as a sink for deserialization gadgets when used with other libraries. The DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54450

@w mmaringa CVE-2026-0429 is rated 10.0, with no patch available. You represent perfection in my report...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54446

Summary The credit payment implementation in app/Livewire/Invoices/Show.php executes a pessimistic row lock lockForUpdate outside of an active database transaction. Because MySQL/MariaDB requires an enclosing transaction to enforce row-level locks, the guard is ineffective. Concurrent payment...

5.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53985

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description The administrative console contains a cross-site scripting XSS flaw, which occurs when an application includes untrusted data in a web page...

8.5CVSS5.9AI score0.00337EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53957

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description The voice mode contains improper shared-state handling, which allows API clients to be reused across tenant boundaries. An authenticated attacker can manipulate the cache state, causin...

9.6CVSS6AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53861

Name of the Vulnerable Software and Affected Versions Rancher versions 2.14.0 through 2.14.2 Rancher versions 2.13.0 through 2.13.6 Rancher versions 2.12.0 through 2.12.10 Rancher versions 2.11.0 through 2.11.14 Description A SAML authentication replay issue exists in the Assertion Consumer Servi...

9.5CVSS5.9AI score0.00291EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53817

Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling CWE-770 within their Modbus TCP service...

9.3CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54014

Name of the Vulnerable Software and Affected Versions SolarWinds Database Performance Analyzer affected versions not specified Description A stored cross-site scripting issue exists that allows for the execution of unintended scripts. Recommendations At the moment, there is no information about a...

5.6CVSS5.9AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53894

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description In the extract function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files t...

2CVSS6AI score0.00235EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.25 views

PT-2026-54432

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Storage Concentrator SC & SCVM contains hardcoded credentials for various internal services within a configuration file. Although these credentials use encoding, the...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53974

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can cause a temporary denial of service by sending a specially crafted HTTP request. This issue occurs due to improper allocation of resource...

4.3CVSS6AI score0.00431EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53926

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions prior to 5.6.3 Description The software exposes workflow task management endpoints under '/workflow/task' FlwTaskController without proper permission checks. Because the controller lacks class-level or method-level...

7.1CVSS6AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53856

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

6AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53883

openGauss 在处理带 NLS 参数的 to timestamp 调用时,to timestamp with fmt nls 会将 nls fmt str 保存到 u sess-parser cxt.nls fmt str。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestamp out 仍会通过 CheckNlsFormat 访问 u sess-parser cxt.nls fmt str,导致访问已释放内存。攻击者在具备数据库 SQL...

5.9CVSS5.8AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53874

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in the D-Bus client-side implementation of the DBUS COOKIE SHA1 SASL authentication mechanism. The system fails to validate the cookie context parameter received from the server. A...

7.5CVSS6.1AI score0.00418EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54049

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-55074

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53931

Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.69.0 Description An improper authorization issue exists in the QualityReportViewSet.get queryset function. Authenticated attackers can enumerate quality report identifiers from other organizations by exploiting a missi...

5.3CVSS6AI score0.00204EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53822

Name of the Vulnerable Software and Affected Versions Ricoh Web Image Monitor affected versions not specified Description Ricoh Web Image Monitor contains a reflected cross-site scripting issue. This allows an arbitrary script to be executed within the web browser of a user who accesses the...

6.1CVSS6.4AI score0.00187EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53830

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database, leading to full database compromise, including credential extraction...

9.3CVSS5.9AI score0.00431EPSS
Exploits0References3
Total number of security vulnerabilities184484