Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•20 views

PT-2026-52623

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A configuration issue occurs when WOLFSSL IP ALT NAME is not defined, leading to a bypass of iPAddress name constraints. In this state, the software fails to enforce IP address constraints se...

7.5CVSS5.7AI score0.00155EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52416

Name of the Vulnerable Software and Affected Versions YMC Filter versions prior to 3.11.5 Description Improper neutralization of special elements used in an SQL command allows for SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before incorporating it...

9.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52430

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52639

Summary Description A Deserialization of Untrusted Data CWE-502 issue exists in OpenAM's Push Notification SNS callback resource. The REST route that handles SNS push messages is mounted with anonymous access and, when a supplied message identifier has expired from the in-memory dispatcher, falls...

7.7CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52407

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52397

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An Improper Certificate Validation issue exists where a low privileged attacker with local access could potentially bypass protection mechanisms. Improper Certifica...

7.8CVSS5.7AI score0.00064EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52584

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description There are certificate policy and RFC 8446 compliance concerns due to the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing...

4.3CVSS5.7AI score0.00074EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•16 views

PT-2026-52204

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An authorization bypass exists that allows an authenticated user to read or modify the virtual registry cleanup...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52218

Plone: various security fixes 20260623 https://t.co/aJw1vevp4c including "Remote Code Execution via TALES Injection" CVE-2026-55099: icalendar: DoS https://t.co/kcJtAunyGo "a sub-kilobyte .ics file is enough to make a single equality check run for minutes or hang indefinitely"...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52183

OS Command Injection vulnerability in the process string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•12 views

PT-2026-52302

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the firmware runtime memory specified in the image header is not properly validated. The lack of bounds checks for alignment and size ca...

5.5CVSS6AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52194

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.9 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An incorrect authorization issue exists where an authenticated user with custom role permissions can view, create...

3.8CVSS5.8AI score0.00201EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52646

Name of the Vulnerable Software and Affected Versions Nextflow versions 25.09.2-edge through 26.04.1 Description The nextflow auth login command persists Seqera Platform OIDC tokens to the $NXF HOME:-/.nextflow/seqera-auth.config file. Because the file is created via Java NIO without specifying...

5.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52196

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An issue exists in the Web IDE workbench where improper path validation allows an unauthenticated...

8CVSS6.1AI score0.00222EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52645

Name of the Vulnerable Software and Affected Versions hauler versions prior to 2.0.1-1.1 Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. This...

7.5CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52568

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions allow a remote attacker to obtain sensitive information by exploiting the 3DES-ECB encryption method. 3DES-ECB Triple Data Encryption Standard in Electronic Codebo...

7.5CVSS5.8AI score0.00262EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52498

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.0 Description A security scanner issue occurs when processing Helm chart archives .tgz. The custom tar unpacker uses the io.ReadAlltr function without a size limit. An attacker can provide a specially crafted...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52270

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ovl iterate merged function where the err variable is assigned the value of PTR ERRcache before verifying if cache is an error using IS ERRcache. When the operatio...

9.8CVSS6.9AI score0.03663EPSS
Exploits25References180
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the TCP implementation where a reference count underflow can occur in the inet csk reqsk queue drop function, potentially leading to a use-after-free condition. This...

9.8CVSS5.8AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52220

CVE-2026-56091: Apache Shiro: Authentication bypass in Guice-Web integration https://t.co/tNgFNw4p66 CVE-2026-56130: Apache Shiro: Remember-me cookie isn't checked for expiry on the server https://t.co/wMSxMMxBZs...

8.2CVSS5.8AI score0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52459

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00304EPSS
Exploits2References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52593

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the ContentTypeUtil.isParsableXml function, which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. Th...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•20 views

PT-2026-52608

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain incident occurred where incorrect version tags were pushed to the official repository. These tags pointed to an unreviewed personal fork of a contributor who had write access...

7.7CVSS5.8AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52497

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description The application allows the regeneration of all two-factor authentication 2FA backup codes without requiring a Time-based One-Time Password TOTP token or the verification of an existing backup...

7.1CVSS5.8AI score0.0015EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•23 views

PT-2026-52606

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.6.30 Description A cross-site scripting issue exists in the default security configuration of the Admin plugin page editor. Privileged users with page editing capabilities can inject malicious scripts to execute...

5.4CVSS6AI score0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52653

Summary When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An...

6.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52423

Name of the Vulnerable Software and Affected Versions APIExperts Square for WooCommerce versions prior to 4.7.4 Description An issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This flaw is network-exploitable and requires no...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52433

Name of the Vulnerable Software and Affected Versions TablePress versions prior to 3.3.2 Description An unauthenticated cross-site scripting XSS flaw allows malicious script content to be injected via user-controlled input rendered by the plugin. The issue stems from improper input validation and...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52226

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

10CVSS5.9AI score0.00395EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52248

In the Linux kernel, the following vulnerability has been resolved: mmc: dw mmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parse d...

5.8AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52364

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the netfilter synproxy infrastructure. This occurs because netfilter hooks are registered on-demand when a user adds the first iptables target or nftables...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52520

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 pacquet affected versions not specified Description pnpm and pacquet expand $ENV VAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml files into registry reques...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52484

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52296

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM arm64 nv component regarding the handling of XN0 when FEAT XNX is not present. The use of the FIELD PREP function on the mask intended to clear XN0 is incorrec...

8.8CVSS6AI score0.00129EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•26 views

PT-2026-52470

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•14 views

PT-2026-52249

In the Linux kernel, the following vulnerability has been resolved: mm/list lru: drain before clearing xarray entry on reparent memcg reparent list lrus clears the dying memcg's xarray entry with xas store&xas, NULL before reparenting its per-node lists into the parent. This opens a window where ...

5.8AI score0.00106EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52224

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

2.4CVSS5.8AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52436

Name of the Vulnerable Software and Affected Versions Forminator versions prior to 1.53.2 Description An unauthenticated cross-site scripting XSS flaw exists due to improper input validation and output encoding of user-supplied data. This allows a remote attacker to inject malicious scripts into...

7.1CVSS5.7AI score0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52229

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/umem component where the linearization of mapping when using an iommu can result in a single large block split across multiple SG entries. The function rdma...

9.8CVSS6AI score0.00298EPSS
Exploits0References379
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52641

Summary Description An Improper Verification of Cryptographic Signature CWE-347 issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured shared...

9CVSS7.3AI score0.14859EPSS
Exploits2References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52318

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the network subsystem where the skb is err queue function incorrectly identifies AF PACKET sockets as error-queue skbs because it relies solely on the PACKET OUTGOING...

7.1CVSS6AI score0.00131EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52359

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the net/sched component when NEWTFILTER and DELFILTER operations are executed concurrently. This occurs because an action can be freed immediately via kfree...

7.8CVSS6AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52244

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb xdp properties request derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A...

5.7AI score0.00145EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52253

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet device after RCU grace period phonet device destroy removes a phonet device from the per-net device list with list del rcu, but frees it immediately. RCU readers walking the same list can still hold a...

5.7AI score0.00135EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52257

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between fastrpc device release and the workqueue processing DSP responses. When a user closes a file descriptor, fastrpc device release frees the fastrpc user...

7.8CVSS6AI score0.00135EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nl80211 parse rnr elems function where the parsed element count is stored in a u8-backed cfg80211 rnr elems::cnt field. This count is used to determine the size of...

9.8CVSS6AI score0.00298EPSS
Exploits0References378
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52348

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth BNEP implementation where a peer can send a short BNEP Service Discovery Unit SDU. The function bnep rx frame reads the packet type byte and, for control...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References377
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52334

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrm policy bysel ctx Fix the race by pruning the bin while still holding xfrm policy lock, before dropping it. Use xfrm policy inexact prune bin directly since the lock is alrea...

5.7AI score0.00135EPSS
Exploits0References9
Total number of security vulnerabilities184319