Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52491

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description A flaw exists in the markdown artifact preview pipeline. The generateMarkdownHtml function located in client/src/utils/markdown.ts utilizes a custom image renderer that triggers a fallback to t...

5.4CVSS6AI score0.0014EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52400

Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed Over-the-Air OTA requests can cause the OTA server parser to perform out-of-bounds reads, which occurs when the software reads data outside the intended boundary of a buffer. This allows ...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52556

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations AES encryption/decryption and hashing. DPA Countermeasures on SYMCRYPTO can be weakened reduced entropy by forcing certain seed values if an attacker gains code...

7.1CVSS6.3AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52185

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52454

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS5.8AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52616

Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...

10CVSS6.7AI score0.00639EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52573

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52268

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPU SET IFM REGION extracts the region index with param & 0x7f, giving a maximum value of 127. However region size and output region in struct ethosu...

5.7AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52513

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm passes the git resolution.commit value from the lockfile to the git fetch command without using a -- separator or performing commit-format validation. When git...

6.4CVSS5.9AI score0.0018EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52458

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52530

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.23 views

PT-2026-52494

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.5 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The MCP OAuth implementation fails to validate that the resource parameter from OAuth Protected Resource metadata RFC 9728...

9.3CVSS5.8AI score0.00113EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.23 views

PT-2026-52431

Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52408

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 HF1 Description An Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal, allows a high privileged attacker with remote access to potentially achieve Remote...

7.2CVSS5.9AI score0.00548EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52186

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52300

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the stratix10-rsu firmware component during the probe process. When the rsu send msg function returns a timeout error -ETIMEDOUT, certain error paths...

5.5CVSS6.1AI score0.00107EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52231

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference and buffer over-read exist in the SDP debugfs. The function dp sdp message debugfs write dereferences connector-base.state-crtc without verifying if it is NULL...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.4 views

PT-2026-52259

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference occurs in the remove waiter function when triggered via FUTEX CMP REQUEUE PI. This happens because task blocks on rt mutex does not arm the waiter during...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu dma iova link swiotlb function when processing unaligned mappings divided into head, middle, and trailer parts. If the middle section is empty due to a lack ...

5.5CVSS6AI score0.00121EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52327

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the network PHY subsystem where the sfp bus del upstream function is not called during a probe failure path. This results in the sfp-bus retaining a dangling upstream...

8.8CVSS6.1AI score0.00221EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52261

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the iomap subsystem during buffered read failures. The function iomap finish folio read reports errors using fserror report iofolio-mapping-host, ... after...

7.5CVSS6AI score0.00359EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52301

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the system fails to validate read and write indices in the firmware log buffer. If the firmware provides indices that exceed the data...

7.1CVSS6.1AI score0.00131EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52339

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A failure to unlock the parent directory occurs in the nfsd4 create file function. This happens when the NFSD exports a filesystem using atomic create and that function returns an error...

7.5CVSS6.1AI score0.00359EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52230

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stale stack leak exists in the netfilter nft fib component. When using the NFT FIB RESULT OIFNAME result type, the destination register is declared with a length of IFNAMSIZ, but certa...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52238

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the xe driver during suspend or shutdown when no display is present. The driver uses the xe-info.probe display variable to track display hardware...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52237

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/v3d component regarding global performance monitor reference counting. In the SET GLOBAL ioctl, the v3d perfmon find function increases the reference count of...

5.5CVSS6.1AI score0.00121EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52158

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 7.10 Description A use-after-free issue exists in the sys/kern/sysv sem.c file. This occurs during a context switch following the tsleep function within sys semget, which can be exploited to allow local privilege...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52529

Heap buffer overread in wc PKCS7 DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52160

Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An arbitrary file write issue exists where authenticated attackers can write controlled content to any file path. This is achieved by manipulating the...

7.1CVSS5.9AI score0.00275EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52508

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the client registration service allows a remote attacker with a previously issued Registration Access Token RAT to re-enable a client that was explicitly disabled by an...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52507

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52587

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...

8.8CVSS6AI score0.00385EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52597

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an...

8.7CVSS5.8AI score0.00391EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52577

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52422

Name of the Vulnerable Software and Affected Versions MDTF versions prior to 1.3.9 Description An unauthenticated Local File Inclusion LFI issue exists, which allows an attacker to read files from the local file system without requiring authentication. Recommendations Update to a version newer th...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52560

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The AVX2-optimized ML-KEM implementation contains a logic error in the mlkem cmp avx2 function during the Fujisaki-Okamoto transform. In ML-KEM-1024 decapsulation, the constant-time ciphertex...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52403

Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write, which leads to process termination. This issue specifically affects devices that support the IAS Zone cluster...

7.1CVSS5.7AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52206

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.11 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An incorrect authorization check allows an authenticated user with developer-role permissions to bypass...

4.3CVSS5.8AI score0.00195EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52396

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Windows versions prior to 2.3 Description An Improper Access Control issue exists where a low privileged attacker with local access could potentially achieve code execution. Improper Access Control occu...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52596

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Charging station authentication identifiers are publicly accessible through web-based mapping platforms. Recommendations At the moment, there is no information...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52161

Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An OS Command Injection issue exists in the Sed Plugin on Linux. Authenticated attackers can execute arbitrary operating system commands through the expressi...

8.8CVSS6AI score0.00916EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52583

Name of the Vulnerable Software and Affected Versions qrscp affected versions not specified Description The C-STORE handler in the qrscp application fails to sanitize specific instances within attacker-supplied DICOM Digital Imaging and Communications in Medicine datasets. These unsanitized value...

9.1CVSS5.9AI score0.00434EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52499

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52489

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

8.1CVSS6AI score0.00567EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52391

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS5.8AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52633

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS6AI score0.00545EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52525

Name of the Vulnerable Software and Affected Versions pnpm versions 11.3.0 through 11.5.2 Description The pnpm stage download command derives a local filename using package name and version fields controlled by the registry. A crafted manifest can lead to a path traversal, allowing an attacker to...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52523

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions 11.0.0 through 11.5.2 Description pnpm can persist package-manager bootstrap metadata in the first YAML document of the pnpm-lock.yaml file. The issue occurs when pnpm incorrectly trusts an already...

8.8CVSS6.5AI score0.00193EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52409

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

5.9CVSS5.8AI score0.00352EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52452

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
Total number of security vulnerabilities184319