Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•13 views

PT-2026-53902

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.9 and 2023.20 and earlier Description Improper input validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user interaction. Recommendation...

10CVSS6.6AI score0.00855EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•11 views

PT-2026-53968

Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.3 through 7.3.2.18 IBM DevOps Deploy versions 8.0 through 8.0.1.13 IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0 Description Authenticated users may be able to...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-53935

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-53993

Name of the Vulnerable Software and Affected Versions storescp affected versions not specified Description An unauthenticated remote attacker can cause a memory leak by repeatedly sending a single crafted connection request. When storescp operates in its default single-process mode, memory...

8.7CVSS6AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54017

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub 44af70 component...

5.8AI score0.00409EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•5 views

PT-2026-54045

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-22 Description An information disclosure issue exists in the PasskeyEncipherImage method. The flaw is caused by the reuse of a nonce a unique number used once in the AES-CTR cipher implementation. This allow...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-53900

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.10 Adobe ColdFusion versions prior to 2023.21 Description An unrestricted upload of files with dangerous types allows for arbitrary code execution in the context of the current user. The issue stems from...

10CVSS7.9AI score0.00917EPSS
Exploits0References24
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•10 views

PT-2026-53849

Name of the Vulnerable Software and Affected Versions Hospital Queuing Management affected versions not specified Description An issue exists that allows unauthenticated remote attackers to access a specific URL to obtain API documentation, leading to sensitive data exposure. Recommendations At t...

9.8CVSS6AI score0.00472EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-55176

These are all security issues fixed in the kbfs-6.6.3-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-53972

Name of the Vulnerable Software and Affected Versions coturn versions prior to 4.13.0 Description An authenticated TURN client can bypass the default loopback guard by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 within a TURN XOR-PEER-ADDRESS attribute. This occurs because the ioa ad...

7.4CVSS6.1AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-53893

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH...

8.8CVSS6.1AI score0.00658EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-53841

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Client versions prior to 5.19.8 Apache ActiveMQ Client versions 6.0.0 through 6.2.6 Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-53891

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker helper wraps commands in bash -c '$command' without escaping single quotes. User-controlled docker compose custom build command and docker compose custo...

6.6CVSS5.9AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•10 views

PT-2026-53805

rtapi app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54023

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An issue exists in the middlewareKey function where the system accepts the client-controlled x-limited-key-id header without validating ownership. This allows authenticated users to adopt limited ke...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-53818

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-53867

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description Insufficient input validation leads to a memory overread when the TCP TimeStamp is enabled in the TCP Profile and is associated with a...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-53981

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can perform unauthorized actions because of improper enforcement of the behavioral workflow. Recommendations At the moment, there is no information...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•5 views

PT-2026-54035

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•10 views

PT-2026-53813

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.8AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•11 views

PT-2026-53953

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can obtain sensitive information from the monitoring and event tables in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connec...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•10 views

PT-2026-53936

The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/ll sw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte time offset, so its segment-header len must be at least...

6.5CVSS6AI score0.00201EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-54435

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.14.0 Description c3p0, a JDBC Connection pooling library, can act as a sink for deserialization gadgets when used with other libraries. The DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•5 views

PT-2026-53985

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description The administrative console contains a cross-site scripting XSS flaw, which occurs when an application includes untrusted data in a web page...

8.5CVSS5.9AI score0.00337EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-53957

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description The voice mode contains improper shared-state handling, which allows API clients to be reused across tenant boundaries. An authenticated attacker can manipulate the cache state, causin...

9.6CVSS6AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-53861

Name of the Vulnerable Software and Affected Versions Rancher versions 2.14.0 through 2.14.2 Rancher versions 2.13.0 through 2.13.6 Rancher versions 2.12.0 through 2.12.10 Rancher versions 2.11.0 through 2.11.14 Description A SAML authentication replay issue exists in the Assertion Consumer Servi...

9.5CVSS5.9AI score0.00291EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54188

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Spellcheck component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-54103

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Autofill feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved ...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•10 views

PT-2026-54137

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An issue in the Autofill security UI on Windows allows a remote attacker to perform UI spoofing. This occurs when a user is convinced to perform specific UI gestures while interacting...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54136

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in ANGLE, a compatibility layer that allows OpenGL ES APIs to run on non-native platforms, could allow a remote attacker to perform a sandbox escape. Thi...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54125

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in Forms, which allows a remote attacker to execute arbitrary code within a sandbox by inducing the user to visit a specially crafted HTML page. Use after...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54146

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in Device on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•14 views

PT-2026-54112

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in XML allows a remote attacker to potentially cause heap corruption, which occurs when memory in the heap area is corrupted, by inducing the user to vis...

9.8CVSS5.8AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•5 views

PT-2026-54062

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use-after-free issue exists in the Bluetooth component of Google Chrome on macOS. A remote attacker can exploit this by convincing a user to visit a crafted HTML page and perform...

9.6CVSS5.9AI score0.00479EPSS
Exploits0References450
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54115

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from one...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•12 views

PT-2026-54099

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Extensions component allows an attacker to bypass the same origin policy—a security mechanism that restricts how a document or script...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54130

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in Journeys. This flaw allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a special...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•10 views

PT-2026-54092

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code within a sandbox by inducing the victim to open a specially crafted HTML page. Use after free is a...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-54078

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow exists in the Chromecast component. A remote attacker who has already compromised the renderer process can leverage a specially crafted HTML page to potentially...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54102

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in Dawn, a WebGPU implementation, allows a remote attacker to potentially cause heap corruption by inducing the browser to process a crafted HTML page. Heap...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54071

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in WebAppInstalls allows a remote attacker to execute arbitrary code via a crafted HTML page, provided they can convince a user to perform...

9.8CVSS6.4AI score0.00448EPSS
Exploits0References450
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54081

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Chromecast component. This flaw allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by...

9.8CVSS6AI score0.00413EPSS
Exploits0References452
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-54089

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. This occurs when a user is convinced to...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-54076

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the QUIC protocol implementation. This allows a remote attacker to potentially exploit heap corruption by sending malicious network traffic. Use after...

9.8CVSS6AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54088

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Input Method Editor IME, a system that allows users to enter complex characters using a keyboard. This flaw allows a remote attacker to execute...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•8 views

PT-2026-54072

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Google Chrome on iOS to version...

9.6CVSS6AI score0.00413EPSS
Exploits0References439
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•9 views

PT-2026-54058

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References454
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54082

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the GFX component of Google Chrome on Mac. This occurs when the software continues to use a memory location after it has been freed, which can be...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•6 views

PT-2026-54093

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the File Input component allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Cross-origin...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•7 views

PT-2026-54074

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Chromecast allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag...

9.8CVSS6AI score0.00413EPSS
Exploits0References451
Total number of security vulnerabilities184508