Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•18 views

PT-2026-52427

Name of the Vulnerable Software and Affected Versions License Manager for WooCommerce versions prior to 3.0.16 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an application provides direc...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•19 views

PT-2026-52598

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifie...

7.3CVSS5.7AI score0.00246EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52344

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Unprivileged applications can set Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options. This allows an attacker to force packets to route through...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52368

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the OP-TEE driver of the Linux kernel. This occurs when a client task terminates while a supplicant is still processing its request. Because the client m...

7.8CVSS6.1AI score0.00126EPSS
Exploits0References24
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•4 views

PT-2026-52365

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the IP Virtual Server IPVS where the ip vs edit service function clears the svc-scheduler pointer after the scheduler module has already initiated Read-Copy-Update RCU...

7.8CVSS6AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52367

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the erofs component. The z erofs decompress kickoff function can race with the filesystem unmount process, leading to a use-after-free on sbi-sync...

7.8CVSS6.1AI score0.00125EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52362

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the netfilter nft ct component where the system fails to properly handle template connection tracking ct during evaluation. When a rule sets a connection tracking zone...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52363

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the netfilter conntrack irc helper. The issue occurs when parsing fails after a command string has been matched; the system attempts to match a different...

8.2CVSS6AI score0.00364EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52369

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A logic flaw in the smc setsockopt function allows a local unprivileged user to cause a Denial of Service DoS. The issue occurs because the function calls copy from sockptr while holding...

5.5CVSS6.2AI score0.00126EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52372

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the arm64 KVM implementation, the functions walk s1 and kvm walk nested s2 require the kvm-srcu lock to be held to prevent issues during memslot changes. However, kvm at s12 and kvm...

8.9CVSS6.1AI score0.00114EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A check-then-act race condition exists in the dm cache policy smq. The smq invalidate mapping function performs a check on the e-allocated variable outside of the mq-lock critical sectio...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52358

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the lowpan iphc mcast ctx addr compress function. The second memcpy operation incorrectly uses &data1 as the destination and &ipaddr-s6 addr11 as the source...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52630

Name of the Vulnerable Software and Affected Versions Pen Drive report generator affected versions not specified Description An issue exists where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. This allows an attacker with cluster administrator...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•15 views

PT-2026-52554

Name of the Vulnerable Software and Affected Versions Podman versions 1.8.1 through 5.8.4 Description A malicious container image can trick Podman into leaking host environment variables into the container. This occurs when an image contains an Env entry consisting of a key without a value...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52370

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists when processing Multicast Listener Discovery MLD queries. A pointer to the multicast group address is retrieved during initial packet parsing but is later dereferenced...

8.8CVSS6.1AI score0.00252EPSS
Exploits0References23
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52311

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the XDP path initializes every xdp buff with PAGE SIZE as the frame size, regardless of whether the buffer is from a short or long BM pool...

9.8CVSS6.2AI score0.00546EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•16 views

PT-2026-52406

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•22 views

PT-2026-52511

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•21 views

PT-2026-52517

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52552

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•18 views

PT-2026-52463

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

5.9AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52467

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATH SITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by...

5.9AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•7 views

PT-2026-52538

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS6AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52593

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the ContentTypeUtil.isParsableXml function, which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. Th...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•20 views

PT-2026-52608

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain incident occurred where incorrect version tags were pushed to the official repository. These tags pointed to an unreviewed personal fork of a contributor who had write access...

7.7CVSS5.8AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52497

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description The application allows the regeneration of all two-factor authentication 2FA backup codes without requiring a Time-based One-Time Password TOTP token or the verification of an existing backup...

7.1CVSS5.8AI score0.0015EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•23 views

PT-2026-52606

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.6.30 Description A cross-site scripting issue exists in the default security configuration of the Admin plugin page editor. Privileged users with page editing capabilities can inject malicious scripts to execute...

5.4CVSS6AI score0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52653

Summary When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An...

6.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52423

Name of the Vulnerable Software and Affected Versions APIExperts Square for WooCommerce versions prior to 4.7.4 Description An issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This flaw is network-exploitable and requires no...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52433

Name of the Vulnerable Software and Affected Versions TablePress versions prior to 3.3.2 Description An unauthenticated cross-site scripting XSS flaw allows malicious script content to be injected via user-controlled input rendered by the plugin. The issue stems from improper input validation and...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52226

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

10CVSS5.9AI score0.00395EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•17 views

PT-2026-52248

In the Linux kernel, the following vulnerability has been resolved: mmc: dw mmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parse d...

5.8AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52364

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the netfilter synproxy infrastructure. This occurs because netfilter hooks are registered on-demand when a user adds the first iptables target or nftables...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52520

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 pacquet affected versions not specified Description pnpm and pacquet expand $ENV VAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml files into registry reques...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52484

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52296

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM arm64 nv component regarding the handling of XN0 when FEAT XNX is not present. The use of the FIELD PREP function on the mask intended to clear XN0 is incorrec...

8.8CVSS6AI score0.00129EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•26 views

PT-2026-52470

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•14 views

PT-2026-52249

In the Linux kernel, the following vulnerability has been resolved: mm/list lru: drain before clearing xarray entry on reparent memcg reparent list lrus clears the dying memcg's xarray entry with xas store&xas, NULL before reparenting its per-node lists into the parent. This opens a window where ...

5.8AI score0.00106EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52641

Summary Description An Improper Verification of Cryptographic Signature CWE-347 issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured shared...

9CVSS7.3AI score0.14859EPSS
Exploits2References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•6 views

PT-2026-52224

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

2.4CVSS5.8AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52436

Name of the Vulnerable Software and Affected Versions Forminator versions prior to 1.53.2 Description An unauthenticated cross-site scripting XSS flaw exists due to improper input validation and output encoding of user-supplied data. This allows a remote attacker to inject malicious scripts into...

7.1CVSS5.7AI score0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•10 views

PT-2026-52229

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/umem component where the linearization of mapping when using an iommu can result in a single large block split across multiple SG entries. The function rdma...

9.8CVSS6AI score0.00298EPSS
Exploits0References379
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52256

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free race condition exists in the fastrpc map create function. The fastrpc map lookup function returns a raw pointer after releasing the fl-lock. Subsequently, fastrpc map...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•8 views

PT-2026-52312

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the CPU synchronization for received data is incorrectly aligned. The driver programs the RX queue packet offset such that hardware writes data ...

8.6CVSS6AI score0.00401EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52234

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel within the drm/amd/display component. Record-chain walk loops in bios parser.c and bios parser2.c utilize for;; loops that only terminate upon...

8.8CVSS6AI score0.00247EPSS
Exploits0References380
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52472

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0653 Description The tree count words function in src/spellfile.c fails to validate a depth counter against the size of fixed MAXWLEN-element stack arrays, specifically arridx, curi, and wordcount. A specially crafted...

8.4CVSS5.7AI score0.00126EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•5 views

PT-2026-52307

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft tunnel: fix use-after-free on object destroy nft tunnel obj destroy calls metadata dst free which directly kfrees the metadata dst, ignoring the dst entry refcount. Packets that took a reference via dst hold in nft...

5.7AI score0.00125EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•13 views

PT-2026-52337

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA PCM component where the snd pcm drain function causes wait queue list corruption on linked streams. The function uses init waitqueue entry, which fails to cle...

7.8CVSS6AI score0.00138EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•11 views

PT-2026-52351

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm connect ind rfcomm get sock by channel scans rfcomm sk list under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcomm...

5.7AI score0.00266EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•16 views

PT-2026-52276

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A livelock occurs in the tmigr handle remote up function. The tmigr handle remote cpu function incorrectly skips timer expire remote when the CPU matches smp processor id, assuming local...

7.5CVSS6AI score0.0036EPSS
Exploits0References18
Total number of security vulnerabilities184319