Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52541

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52330

In the Linux kernel, the following vulnerability has been resolved: net: add pskb may pull to skb gro receive list skb gro receive list calls skb pullskb, skb gro offsetskb without first ensuring the data is in the linear area via pskb may pull. When the skb arrives via napi gro frags, skb headle...

5.7AI score0.00466EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52536

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description The Hook Authentication feature allows administrators to delegate login verification to an external shell command. User-supplied credentials, specifically the username and password variables, a...

9.3CVSS6.5AI score0.00533EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52468

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.9AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52495

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52537

Name of the Vulnerable Software and Affected Versions File Browser versions 2.0.0-rc.1 and later Description When configured with proxy authentication auth.method=proxy, the software improperly trusts upstream identity headers without validating that requests originate from a trusted proxy. An...

9.1CVSS5.7AI score0.00337EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.20 views

PT-2026-52623

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A configuration issue occurs when WOLFSSL IP ALT NAME is not defined, leading to a bypass of iPAddress name constraints. In this state, the software fails to enforce IP address constraints se...

7.5CVSS5.7AI score0.00155EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52416

Name of the Vulnerable Software and Affected Versions YMC Filter versions prior to 3.11.5 Description Improper neutralization of special elements used in an SQL command allows for SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before incorporating it...

9.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52430

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52639

Summary Description A Deserialization of Untrusted Data CWE-502 issue exists in OpenAM's Push Notification SNS callback resource. The REST route that handles SNS push messages is mounted with anonymous access and, when a supplied message identifier has expired from the in-memory dispatcher, falls...

7.7CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52407

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52397

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An Improper Certificate Validation issue exists where a low privileged attacker with local access could potentially bypass protection mechanisms. Improper Certifica...

7.8CVSS5.7AI score0.00064EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52584

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description There are certificate policy and RFC 8446 compliance concerns due to the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing...

4.3CVSS5.7AI score0.00074EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52204

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An authorization bypass exists that allows an authenticated user to read or modify the virtual registry cleanup...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52218

Plone: various security fixes 20260623 https://t.co/aJw1vevp4c including "Remote Code Execution via TALES Injection" CVE-2026-55099: icalendar: DoS https://t.co/kcJtAunyGo "a sub-kilobyte .ics file is enough to make a single equality check run for minutes or hang indefinitely"...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52183

OS Command Injection vulnerability in the process string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52302

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the firmware runtime memory specified in the image header is not properly validated. The lack of bounds checks for alignment and size ca...

5.5CVSS6AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52194

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.9 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An incorrect authorization issue exists where an authenticated user with custom role permissions can view, create...

3.8CVSS5.8AI score0.00201EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52646

Name of the Vulnerable Software and Affected Versions Nextflow versions 25.09.2-edge through 26.04.1 Description The nextflow auth login command persists Seqera Platform OIDC tokens to the $NXF HOME:-/.nextflow/seqera-auth.config file. Because the file is created via Java NIO without specifying...

5.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52196

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An issue exists in the Web IDE workbench where improper path validation allows an unauthenticated...

8CVSS6.1AI score0.00222EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52645

Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...

7.5CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52568

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions allow a remote attacker to obtain sensitive information by exploiting the 3DES-ECB encryption method. 3DES-ECB Triple Data Encryption Standard in Electronic Codebo...

7.5CVSS5.8AI score0.00262EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52498

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.0 Description A security scanner issue occurs when processing Helm chart archives .tgz. The custom tar unpacker uses the io.ReadAlltr function without a size limit. An attacker can provide a specially crafted...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52270

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ovl iterate merged function where the err variable is assigned the value of PTR ERRcache before verifying if cache is an error using IS ERRcache. When the operatio...

9.8CVSS6.9AI score0.03663EPSS
Exploits25References180
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the TCP implementation where a reference count underflow can occur in the inet csk reqsk queue drop function, potentially leading to a use-after-free condition. This...

9.8CVSS5.8AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52220

CVE-2026-56091: Apache Shiro: Authentication bypass in Guice-Web integration https://t.co/tNgFNw4p66 CVE-2026-56130: Apache Shiro: Remember-me cookie isn't checked for expiry on the server https://t.co/wMSxMMxBZs...

8.2CVSS5.8AI score0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52459

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00304EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52262

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the remove waiter function during a self-deadlock scenario. When FUTEX CMP REQUEUE PI requeues a non-top waiter that already owns the target PI futex...

6.8CVSS6AI score0.00126EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52505

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A realm administrator with the manage-realm role can probe arbitrary filesystem paths by submitting an arbitrary path as a keystore parameter during the creation of a key provider component...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52382

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...

4.8CVSS5.9AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52477

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0671 Description When opening a file encrypted using the VimCrypt04! or VimCrypt05! methods which utilize xchacha20poly1305 and require the +sodium feature, an unsigned length calculation underflows if the file body i...

7.8CVSS5.7AI score0.00137EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52478

Name of the Vulnerable Software and Affected Versions Vim versions 9.1.1784 through 9.2.0677 Description When the bundled zip plugin autoload/zip.vim uses PowerShell to browse, read, extract, update, or delete entries in a zip archive, it constructs the PowerShell command by quoting archive entry...

7.8CVSS6.1AI score0.00137EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52479

Name of the Vulnerable Software and Affected Versions Vim versions 9.2.0320 through 9.2.0678 Description A flaw exists where a crafted undo or swap file can store a virtual-text property with an offset and length that point outside the line's property data. When the software restores or displays...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52480

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0698 Description A stack out-of-bounds write occurs in the single-byte branch of the spell soundfold sofo function within src/spell.c. When a SOFO-based spell language is active, the copy loop translates a word using ...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52481

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52637

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52492

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description An authenticated user can upload files into the tool resources such as context or execute code of any agent without the required ownership or EDIT permissions. This occurs because the 'POST...

6.5CVSS5.8AI score0.00189EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52395

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description A race condition exists, which occurs when a system attempts to perform two or more operations at the same time that both access the same shared resource. A low...

7CVSS5.8AI score0.00075EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52245

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tb property parse dir does not check that content offset + content len fits within block len for the root directory case. When rootdir-length equals or exceeds block len - 2...

5.7AI score0.00126EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52601

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds write occurs in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list. This flaw allows data to be written pa...

7.5CVSS5.7AI score0.00175EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52617

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...

8.1CVSS6AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52603

Name of the Vulnerable Software and Affected Versions ML-KEM affected versions not specified Description An issue exists in the ARM64 NEON ciphertext comparison where only half of the input is compared. This failure breaks the implicit rejection of the Fujisaki-Okamoto transform—a method used to...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52442

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52519

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description On 32-bit systems, the jvp string append function is susceptible to integer or multiplication overflow, which can lead to a significant buffer overrun. A buffer overrun occurs when a program writes more...

6.9CVSS5.9AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.21 views

PT-2026-52613

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...

9.8CVSS6.1AI score0.00895EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52501

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52195

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Improper sanitization of user-supplied input allows an authenticated user with developer-role permissions to...

8.7CVSS6.1AI score0.00231EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52487

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.32 views

PT-2026-52440

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References2
Total number of security vulnerabilities184319