Lucene search
K
PtsecurityRecent

184379 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52712

Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53022

Name of the Vulnerable Software and Affected Versions Nebula Mesh affected versions not specified Description The web UI /ui/ fails to apply per-operator Certificate Authority CA scoping. This allows any authenticated non-admin operator to access, block, or delete resources belonging to other...

8.8CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52791

Unauthenticated Cross Site Scripting XSS in NanoMag = 1.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52772

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...

5.8CVSS5.8AI score0.00346EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52750

Name of the Vulnerable Software and Affected Versions Library Management System versions prior to 3.5.8 Description An unauthenticated SQL Injection exists in the system, allowing an attacker to execute arbitrary SQL commands without providing credentials. Recommendations Update to a version newe...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52728

Name of the Vulnerable Software and Affected Versions SupportCandy versions prior to 3.4.7 Description An Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input, potentially allowing unauthorized access to data...

7.6CVSS5.8AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.31 views

PT-2026-52968

Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A Denial of Service DoS issue exists in the parse month function located in /time/strptime.rs. An attacker can cause the system to crash by providing a specially crafted input. This issue is...

7.5CVSS5.8AI score0.00446EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52779

Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52830

Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52894

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy can crash when the %REQUESTED SERVER NAMEX:Y% variable is used in the log format and host-related options such as HOST FIRST or SNI FIRST are specified...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References22
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52909

Name of the Vulnerable Software and Affected Versions RustFS version 1.0.0-beta.4 Description Authenticated users with PutObject permission on their own bucket can exploit a path traversal issue in the Snowball auto-extract feature to write arbitrary objects into buckets belonging to other users,...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52918

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/gma500/oaktrail lvds component where the LVDS initialization code fails to distinguish between I2C adapters retrieved via i2c get adapter and those allocated a...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52919

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the IOMMU subsystem. The group-domain pointer can be NULL if a default domain fails to allocate during the first probe. This leads to a system crash...

5.5CVSS6AI score0.00107EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52715

Name of the Vulnerable Software and Affected Versions Eagle Booking versions prior to 1.3.4.4 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which allows an attacker to induce a user to perform actions they did not intend to execute. Recommendations Update Eagle...

8.8CVSS5.8AI score0.00143EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52922

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.22 Description An issue exists in the AMD IOMMU implementation where the rlookup amd iommu function indexes the rlookup table using the devid variable without performing a bounds check. When a PCI device has...

5.5CVSS6.1AI score0.00121EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52936

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the mana remove function where a double invocation can lead to a kernel panic. This occurs when a Power Management PM resume fails, causing mana probe to call mana remov...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the enetc network driver regarding NTMP DMA Direct Memory Access operations. If the netc xmit ntmp cmd function times out and returns an error, the pendi...

7.8CVSS5.9AI score0.00124EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the xe eu stall stream close function. The drm dev put function is called before the stream is disabled and its resources are freed. If this call drops t...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the idpf driver where a double free and use-after-free occur during auxiliary device error paths. When the auxiliary device add function fails within idpf plug vport a...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52923

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Btrfs file system where the dirty pages io tree is released prematurely. Within the btrfs write and wait transaction function, the system attempts to write dirty...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52931

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the phonet network component where the pn socket autobind function incorrectly handles a failed bind operation. When pn socket bind returns an -EINVAL error, the syste...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ice reset all vfs function. The issue occurs because ice reset all vfs ignores the return value of ice vf rebuild vsi. If the VSI rebuild...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52930

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA hda/conexant component where the cx probe function fails to verify the return value of snd hda jack detect enable callback. This function returns a pointer th...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52974

An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components...

5.8AI score0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52838

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.20 views

PT-2026-52949

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the soc/tegra: cbb component where a kernel page fault occurs during cross-fabric target timeout lookups. When a fabric receives an error interrupt that originated on ...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52780

Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52804

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52717

Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52832

Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 30.0.1 Description A SQL Injection issue exists that allows attackers with contributor-level permissions to execute unauthorized database queries remotely. Recommendations Update to a version newer than 30.0.0...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52972

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52721

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS5.8AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52916

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description SQL injection exists in the timestamps functionality of the baseline comparison feature. This allows callers to request historic work-package attributes by...

9.9CVSS5.8AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52906

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET KEY BASE=OVERWRITE ME as the default Rails master key. Combined with cookies serializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52905

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue in the RelationQuery performance optimization allows authenticated users to bypass the Relation.visible scope. By providing an arbitrary work package ID through the involved, fromId, or...

6.5CVSS5.9AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52891

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A heap write overflow exists in the TCP StatsD sink TcpStatsdSink when processing...

7.5CVSS6.2AI score0.0061EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52856

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. is ip blocked in...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52847

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52756

Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52732

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52670

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker ma...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52907

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52980

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.23 Description The local internal-storage backend fails to properly validate user-supplied paths because it checks for directory traversal sequences before converting Windows-style...

7.7CVSS5.9AI score0.00386EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52744

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.5.0 Description An unauthenticated privilege escalation issue exists, allowing an attacker to gain higher-level permissions without providing valid credentials...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52987

Name of the Vulnerable Software and Affected Versions Daktronics Controller Firmware affected versions not specified Description Remote authenticated and unauthenticated users can perform path traversal, which allows them to escape the intended directory and enumerate arbitrary file system paths...

9.8CVSS5.9AI score0.00702EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52914

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...

8.2CVSS5.8AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where channels are not freed during a probe error. This failure to release resources leads to a memory leak and creates Use-After-Free UAF...

5.7AI score0.00129EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52681

Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure versions prior to 0.30 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before forking or when the functional interface is used. This...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53020

Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...

7.5CVSS5.8AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
Total number of security vulnerabilities184379