Lucene search
K
PtsecurityRecent

184481 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54324

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the GPU component allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from process...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54330

Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Device Trust allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54337

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 150.0.7871.47 Description An inappropriate implementation in Views allows an attacker to obtain potentially sensitive information from process memory. This occurs if a user is convinced to install a...

9.6CVSS5.9AI score0.00413EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54427

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out-of-bounds read and write issue exists in ANGLE, a compatibility layer that allows OpenGL ES APIs to run on non-native platforms. This flaw allows a remote attacker who has alread...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-54423

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A type confusion issue exists in the CSS component, which allows a remote attacker to obtain potentially sensitive information from process memory by using a specially crafted HTML page...

9.6CVSS6AI score0.00413EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53917

Name of the Vulnerable Software and Affected Versions OpenBMB ChatDev versions prior to commit 4fd4da6 Description An unauthenticated remote attacker can write or delete arbitrary files on the server filesystem. The issue occurs because the application fails to sanitize the multipart filename...

9.1CVSS6.1AI score0.00628EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53925

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.521 Description An authorization bypass occurs during the session import process. The /api/session/import endpoint validates the workspace of an imported session under the active named profile but fails to s...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53963

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description A cross-site scripting issue exists within the administrative console help system. Cross-site scripting is a flaw that allows an attacker to...

9.3CVSS5.8AI score0.00217EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.17 views

PT-2026-53811

Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...

4.4CVSS6.1AI score0.0024EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53973

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence version 5.2.2 IBM watsonx.data intelligence version 5.3.0 IBM watsonx.data intelligence versions 5.3.1 through patch-1 Description The software transmits data in clear text, which could allow an attacker to obtain...

5.9CVSS5.9AI score0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.3 views

PT-2026-55173

These are all security issues fixed in the amfora-1.11.0-3.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53986

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authentication bypass exists in the REST API due to improper dot-segment path normalization. The API router does not normalize dot-segment sequences before the authentication middleware is applied...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53921

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the proposal file path by joining a caller-supplied proposal identifier to the broker proposals directory without proper sanitization in the...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-53834

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53831

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...

6.4CVSS5.8AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53980

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description A remote attacker can obtain sensitive information when the system returns detailed technical error messages in the browser. This exposure of internal data could be leverag...

4.3CVSS6AI score0.00367EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53839

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.8 Apache ActiveMQ Broker versions 6.0.0 through 6.2.6 Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54200

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in the GPU component allows a remote attacker to obtain potentially sensitive information from process memory. This is achieved by inducing the victim to...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54204

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the UI allows a local attacker to perform privilege escalation by using a malicious file. Recommendations Update Google Chrome o...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54209

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Sharing feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved b...

9.6CVSS5.9AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54206

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in DevTools allows a local attacker to bypass navigation restrictions by using a malicious file. Recommendations Update Google Chrome on Andro...

9.6CVSS6AI score0.00479EPSS
Exploits0References446
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54201

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the WebView component allows a remote attacker who has already compromised the renderer process to bypass the same origin policy...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54187

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in WebXR allows a remote attacker to leak cross-origin data through a crafted HTML page. WebXR is an API that enables the creation of virtual...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54062

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use-after-free issue exists in the Bluetooth component of Google Chrome on macOS. A remote attacker can exploit this by convincing a user to visit a crafted HTML page and perform...

9.6CVSS5.9AI score0.00479EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54086

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Side-channel information leakage in the Safe Browsing component allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is...

9.6CVSS6.1AI score0.00479EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.23 views

PT-2026-54096

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An out of bounds read exists in ANGLE, a compatibility layer that allows developers to use WebGL across different graphics APIs. A remote attacker who has already compromised the...

9.6CVSS6AI score0.00479EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54231

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in CustomTabs allows a local attacker to perform UI spoofing via a malicious file. UI spoofing is a technique where an attacker...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54216

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the WebShare component allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54240

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the WebView component allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Googl...

9.6CVSS6AI score0.00479EPSS
Exploits0References446
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54220

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An inappropriate implementation in the DataTransfer component allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54245

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in the UI allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from process memory. This...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54181

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description An inappropriate implementation in the Safe Browsing component allows a remote attacker to bypass navigation restrictions by using a specially crafted HTML page. Recommendations...

9.6CVSS6AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54191

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An inappropriate implementation in the Passwords component allows a local attacker to obtain potentially sensitive information from process memory by using a malicious file...

9.6CVSS5.9AI score0.00479EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53903

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025 Update 10 Adobe ColdFusion versions prior to 2023 Update 21 Description Adobe ColdFusion contains a path traversal flaw resulting from the improper limitation of a pathname to a restricted directory. Thi...

10CVSS7.5AI score0.28583EPSS
Exploits3References120
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53979

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can bypass security controls and perform unauthorized actions. This occurs because security checks that should be enforced on the server are instead...

6.5CVSS6AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54108

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out-of-bounds read and write issue exists in the GPU component. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.16 views

PT-2026-53821

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54429

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in DevTools allows an attacker to perform UI spoofing. This occurs when a user is convinced to install a crafted malicious Chrome Extension...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53984

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web...

5.9CVSS5.8AI score0.00296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-54048

Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...

9.8CVSS6.5AI score0.01683EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53951

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Improper validation in the XDF decoder allows an adjacent attacker to cause a denial of service. The application processes deeply nested Protocol Buffers messages and...

6.5CVSS6AI score0.00269EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54037

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Authenticated organization administrators can bypass server-side validation within organization security settings to persist an invalid security policy state. This is achieved by directly updating t...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

7.1CVSS5.9AI score0.00226EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53928

Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description When using the GitLab forge driver, the system matches the ApprovalAllowedUsers bypass list against the pipeline.Author variable. The pipeline.Author is populated from the commit.author.name...

9.2CVSS6.1AI score0.00546EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53896

A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submi...

7CVSS5.7AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53943

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description The Object Query Language OQL engine resolves class names provided by an attacker using Class.forName and invokes their constructors without an allow-list at three sinks:...

9.9CVSS6.2AI score0.00283EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53905

Name of the Vulnerable Software and Affected Versions ColdFusion versions prior to 2025.10 Description A Server-Side Request Forgery SSRF issue allows an attacker to bypass security features and obtain unauthorized read access. This flaw can be exploited without any user interaction...

8.6CVSS5.8AI score0.00439EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53878

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.7 Description A middleware scoping flaw exists where plugin prefixes are not applied to middleware mount paths when the mount path is provided as an array or a regular expression. This occurs due to...

9.1CVSS6AI score0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53920

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The local API server trusts the TCP peer address to bypass the API AUTH KEY bearer-token check for loopback clients and lacks Host header validation while binding to 0.0.0.0 with credentialed...

7.7CVSS6.6AI score0.00286EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53836

Name of the Vulnerable Software and Affected Versions EventON - WordPress Virtual Event Calendar Plugin versions prior to 5.0.12 Description An issue exists where unauthenticated attackers can perform SQL Injection, a technique used to interfere with the queries that an application makes to its...

9.8CVSS6AI score0.00438EPSS
Exploits0References8
Total number of security vulnerabilities184481