Lucene search
K
PtsecurityRecent

184321 matches found

Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•4 views

PT-2026-55842

Summary The vulnerability allows the Request.RemoteAddr to be spoofed when determining the request source IP via the X-Forwarded-For header. This could result in misidentification of the request source and potentially compromise access control and logging integrity. Details Currently, the RealIP...

8.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•14 views

PT-2026-52432

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52545

Name of the Vulnerable Software and Affected Versions NewsBlur versions prior to 14.5.0 Description Authenticated users can perform server-side request forgery SSRF via the 'add url' endpoint. This occurs because the application fails to filter private IP addresses, allowing arbitrary server...

8.5CVSS5.9AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52614

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.0 through 3.0.7 Description Flowise fails to invalidate existing sessions and session tokens after a user changes their password. This allows an attacker who possesses an active session, such as through a stolen session...

8.6CVSS5.8AI score0.00266EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52210

Name of the Vulnerable Software and Affected Versions NSD version 4.13.0 Description A heap use-after-free bug exists when logging errors on TLS connections. This issue can be triggered by sending a DNS query over a DNS over TLS DoT connection and closing the connection before reading the respons...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52579

Name of the Vulnerable Software and Affected Versions relibc version 61f42d Description A flaw in the pthread rwlockattr setpshared function allows attackers to trigger a Denial of Service DoS by providing crafted input. Recommendations As a temporary workaround, consider restricting the use of t...

7.5CVSS5.8AI score0.00446EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•16 views

PT-2026-52188

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52410

Name of the Vulnerable Software and Affected Versions Visual Link Preview versions 2.3.1 and earlier Description Subscriber sensitive data exposure occurs in the software, potentially allowing unauthorized access to private information. Recommendations Disable or isolate the software immediately...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52252

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Use-after-free bugs exist in the error paths of the nvmem core. The issue occurs when the nvmem device put function is called, potentially freeing underlying memory and resources, while...

7.8CVSS6AI score0.00125EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52464

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52262

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the remove waiter function during a self-deadlock scenario. When FUTEX CMP REQUEUE PI requeues a non-top waiter that already owns the target PI futex...

6.8CVSS6AI score0.00126EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52505

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A realm administrator with the manage-realm role can probe arbitrary filesystem paths by submitting an arbitrary path as a keystore parameter during the creation of a key provider component...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52382

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...

4.8CVSS5.9AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•15 views

PT-2026-52477

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0671 Description When opening a file encrypted using the VimCrypt04! or VimCrypt05! methods which utilize xchacha20poly1305 and require the +sodium feature, an unsigned length calculation underflows if the file body i...

7.8CVSS5.7AI score0.00137EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52478

Name of the Vulnerable Software and Affected Versions Vim versions 9.1.1784 through 9.2.0677 Description When the bundled zip plugin autoload/zip.vim uses PowerShell to browse, read, extract, update, or delete entries in a zip archive, it constructs the PowerShell command by quoting archive entry...

7.8CVSS6.1AI score0.00137EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52479

Name of the Vulnerable Software and Affected Versions Vim versions 9.2.0320 through 9.2.0678 Description A flaw exists where a crafted undo or swap file can store a virtual-text property with an offset and length that point outside the line's property data. When the software restores or displays...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52480

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0698 Description A stack out-of-bounds write occurs in the single-byte branch of the spell soundfold sofo function within src/spell.c. When a SOFO-based spell language is active, the copy loop translates a word using ...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52481

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References19
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•15 views

PT-2026-52637

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52492

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description An authenticated user can upload files into the tool resources such as context or execute code of any agent without the required ownership or EDIT permissions. This occurs because the 'POST...

6.5CVSS5.8AI score0.00189EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•18 views

PT-2026-52245

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tb property parse dir does not check that content offset + content len fits within block len for the root directory case. When rootdir-length equals or exceeds block len - 2...

5.7AI score0.00126EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52601

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds write occurs in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list. This flaw allows data to be written pa...

7.5CVSS5.7AI score0.00175EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•16 views

PT-2026-52617

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...

8.1CVSS6AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52603

Name of the Vulnerable Software and Affected Versions ML-KEM affected versions not specified Description An issue exists in the ARM64 NEON ciphertext comparison where only half of the input is compared. This failure breaks the implicit rejection of the Fujisaki-Okamoto transform—a method used to...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52442

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52519

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description On 32-bit systems, the jvp string append function is susceptible to integer or multiplication overflow, which can lead to a significant buffer overrun. A buffer overrun occurs when a program writes more...

6.9CVSS5.9AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•21 views

PT-2026-52613

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...

9.8CVSS6.1AI score0.00895EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52501

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52195

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Improper sanitization of user-supplied input allows an authenticated user with developer-role permissions to...

8.7CVSS6.1AI score0.00231EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•18 views

PT-2026-52487

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•32 views

PT-2026-52440

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•18 views

PT-2026-52427

Name of the Vulnerable Software and Affected Versions License Manager for WooCommerce versions prior to 3.0.16 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an application provides direc...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•19 views

PT-2026-52598

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifie...

7.3CVSS5.7AI score0.00246EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52344

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Unprivileged applications can set Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options. This allows an attacker to force packets to route through...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52368

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the OP-TEE driver of the Linux kernel. This occurs when a client task terminates while a supplicant is still processing its request. Because the client m...

7.8CVSS6.1AI score0.00126EPSS
Exploits0References24
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•4 views

PT-2026-52365

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the IP Virtual Server IPVS where the ip vs edit service function clears the svc-scheduler pointer after the scheduler module has already initiated Read-Copy-Update RCU...

7.8CVSS6AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52367

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the erofs component. The z erofs decompress kickoff function can race with the filesystem unmount process, leading to a use-after-free on sbi-sync...

7.8CVSS6.1AI score0.00125EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52362

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the netfilter nft ct component where the system fails to properly handle template connection tracking ct during evaluation. When a rule sets a connection tracking zone...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52363

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the netfilter conntrack irc helper. The issue occurs when parsing fails after a command string has been matched; the system attempts to match a different...

8.2CVSS6AI score0.00364EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52369

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A logic flaw in the smc setsockopt function allows a local unprivileged user to cause a Denial of Service DoS. The issue occurs because the function calls copy from sockptr while holding...

5.5CVSS6.2AI score0.00126EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52372

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the arm64 KVM implementation, the functions walk s1 and kvm walk nested s2 require the kvm-srcu lock to be held to prevent issues during memslot changes. However, kvm at s12 and kvm...

8.9CVSS6.1AI score0.00114EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A check-then-act race condition exists in the dm cache policy smq. The smq invalidate mapping function performs a check on the e-allocated variable outside of the mq-lock critical sectio...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52358

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the lowpan iphc mcast ctx addr compress function. The second memcpy operation incorrectly uses &data1 as the destination and &ipaddr-s6 addr11 as the source...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52370

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists when processing Multicast Listener Discovery MLD queries. A pointer to the multicast group address is retrieved during initial packet parsing but is later dereferenced...

8.8CVSS6.1AI score0.00252EPSS
Exploits0References23
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52311

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the XDP path initializes every xdp buff with PAGE SIZE as the frame size, regardless of whether the buffer is from a short or long BM pool...

9.8CVSS6.2AI score0.00546EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•16 views

PT-2026-52406

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•22 views

PT-2026-52511

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•21 views

PT-2026-52517

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52552

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•18 views

PT-2026-52463

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

5.9AI score0.00167EPSS
Exploits0References2
Total number of security vulnerabilities184321