Lucene search
K
PtsecurityRecent

184315 matches found

Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•15 views

PT-2026-52264

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the FUSE Filesystem in Userspace implementation where the fuse notify function fails to restrict pagecache operations on directories. Specifically, the operations FUSE...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer over-read exists in the rtw update protection function within the rtl8723bs staging driver. This occurs because the function is called with a pointer offset into the ies buffer...

7.1CVSS6.1AI score0.00131EPSS
Exploits0References19
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52258

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the memory control group memcg where the get random u32 below function is called during memcg charge draining, which can occur in the Non-Maskable Interrupt NMI contex...

7.8CVSS6AI score0.00136EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in the heap memory of the Linux kernel within the ethosu gem cmdstream copy and validate function. The issue occurs during the command stream parsing loop...

8.5CVSS6.1AI score0.00129EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52629

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the DocumentBuilderAccessor where DOCTYPE declarations are not disabled and FEATURE SECURE PROCESSING is not enabled. Although external DTD and schema access are...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52594

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists where the WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, a user with...

7.4CVSS5.9AI score0.00187EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52273

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during PCIe error recovery. When a Root Port or Downstream Port detects PCIe errors, recovery services run on all subordinate devices regardless of thei...

5.5CVSS6AI score0.00122EPSS
Exploits0References23
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•14 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52402

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52263

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fuse module where FUSE NOTIFY RETRIEVE is not limited to uptodate folios. Because FUSE NOTIFY RETRIEVE is designed to return data already present in the page cache...

5.5CVSS6AI score0.00122EPSS
Exploits0References23
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52413

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52607

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain issue exists where incorrect version tags were pushed to the repository, linking to unreviewed code from a personal fork. This allows attackers to execute unreviewed and...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52881

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52655

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description Passwords are stored in plaintext in the users.password column when a user's password is updated. This occurs because the User model only triggers password hashing during the before insert even...

4.9CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-55839

Unknown description...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52421

Name of the Vulnerable Software and Affected Versions CheckView Automated Testing versions prior to 2.1.1 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions. Recommendations Update CheckView Automated Testing to version...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52214

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

5.9AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52219

CVE-2026-55556: rsyslog imhttp: Basic Auth heap overflow https://t.co/TRxvkoyxML requires - rsyslog built with the contributed imhttp module - imhttp installed and available - imhttp loaded and configured - HTTP Basic Authentication enabled - attacker access to that HTTP endpoint...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52555

Name of the Vulnerable Software and Affected Versions OMGF Pro versions prior to 5.2.7 Description An unrestricted file upload flaw allows unauthenticated users to upload malicious files of dangerous types. This issue can lead to remote code execution RCE, which is the ability of an attacker to...

10CVSS6.6AI score0.00373EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•14 views

PT-2026-52189

Path Traversal vulnerability in the create archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52405

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52634

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS5.9AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52286

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak occurs in the virtio gpu dma fence wait function within the drm/virtio component. The issue arises because dma fence unwrap for each calls dma fence unwrap first,...

5.5CVSS6AI score0.00127EPSS
Exploits0References19
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52257

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between fastrpc device release and the workqueue processing DSP responses. When a user closes a file descriptor, fastrpc device release frees the fastrpc user...

7.8CVSS6AI score0.00135EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52253

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet device after RCU grace period phonet device destroy removes a phonet device from the per-net device list with list del rcu, but frees it immediately. RCU readers walking the same list can still hold a...

5.7AI score0.00135EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52247

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ACK parser of the rxrpc module. In the rxrpc input soft acks function, the AF RXRPC component incorrectly assumes that calling skb condense will always result in a...

9.8CVSS5.9AI score0.00497EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52282

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/srp component where the srp process rsp function copies sense data from a source offset determined by resp data len without verifying it against the actual...

9.1CVSS5.9AI score0.00544EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52285

In the Linux kernel, the following vulnerability has been resolved: mm/huge memory: update file PMD counter before folio put split huge pmd locked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio put drops the last reference, mm counter file can later...

5.7AI score0.00138EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52287

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/net component where the IORING CQE F BUF MORE flag is not correctly inherited across bundle recv retries within the io recv finish function. When using...

7.8CVSS6.1AI score0.00138EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52295

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netvsc copy to send buf function where page buffer entries are copied into the VMBus send buffer using phys to virt on the entry PFN. On 32-bit x86 systems with...

7.5CVSS6.1AI score0.0053EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52307

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft tunnel: fix use-after-free on object destroy nft tunnel obj destroy calls metadata dst free which directly kfrees the metadata dst, ignoring the dst entry refcount. Packets that took a reference via dst hold in nft...

5.7AI score0.00125EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52299

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the get info ioctl function fails to validate the info size returned from the metric stream info query against the allocated buffer size...

7.1CVSS6.2AI score0.00153EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52333

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlbl unlabel addrinfo get used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not...

5.7AI score0.00128EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52351

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm connect ind rfcomm get sock by channel scans rfcomm sk list under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcomm...

5.7AI score0.00266EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52349

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

5.8AI score0.00283EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52354

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6 chk acast addr, which walks the global inet6 acaddr lst hash under RCU and dereferences a struct ifacaddr6 that h...

5.7AI score0.00123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52329

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devm register netdev which causes unregister netdev to be deferred until the devres cleanup phase, which runs after emac remove returns. This creates a...

5.7AI score0.00131EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52350

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv data is valid reads each advertising data field length from datai, then inspects datai + 1 for managed EIR types before checking that the current field still fits...

6AI score0.00122EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•4 views

PT-2026-52320

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the sctp rcv asconf lookup function in net/sctp/input.c fails to properly validate the length of an ASCONF chunk. The function verifies i...

9.1CVSS5.9AI score0.00544EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52323

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SIT Simple Internet Tunneling implementation for IPv6. The ipip6 tunnel xmit function caches the inner IPv6 header pointer at the start of the function and continu...

9.8CVSS5.9AI score0.00559EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52446

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52241

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change handle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far...

5.9AI score0.00106EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52244

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb xdp properties request derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A...

5.7AI score0.00145EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the thunderbolt component where the tb xdomain copy function copies req-response size bytes from the received packet buffer without considering the actual frame size. ...

7.1CVSS6.1AI score0.00242EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52256

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free race condition exists in the fastrpc map create function. The fastrpc map lookup function returns a raw pointer after releasing the fl-lock. Subsequently, fastrpc map...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•4 views

PT-2026-52279

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP implementation where the window field in the TCP header refers to the MPTCP-level rcv nxt. Because the TCP stack independently prevents the...

8.7CVSS6AI score0.00506EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52288

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a userspace timer is closed and the snd timer free function is called to release resources, other active tasks may still...

7.8CVSS5.9AI score0.00134EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52312

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the CPU synchronization for received data is incorrectly aligned. The driver programs the RX queue packet offset such that hardware writes data ...

8.6CVSS6AI score0.00401EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52290

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab out-of-bounds write exists in the kl5kusb105 USB serial driver. The function klsi 105 prepare write buffer incorrectly handles the bulk-out buffer by storing a two-byte length...

7.8CVSS6.1AI score0.00148EPSS
Exploits0References25
Total number of security vulnerabilities184315