Lucene search
K
PtsecurityRecent

184321 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52359

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the net/sched component when NEWTFILTER and DELFILTER operations are executed concurrently. This occurs because an action can be freed immediately via kfree...

7.8CVSS6AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52351

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm connect ind rfcomm get sock by channel scans rfcomm sk list under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcomm...

5.7AI score0.00266EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52318

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the network subsystem where the skb is err queue function incorrectly identifies AF PACKET sockets as error-queue skbs because it relies solely on the PACKET OUTGOING...

7.1CVSS6AI score0.00131EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52337

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA PCM component where the snd pcm drain function causes wait queue list corruption on linked streams. The function uses init waitqueue entry, which fails to cle...

7.8CVSS6AI score0.00138EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52334

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrm policy bysel ctx Fix the race by pruning the bin while still holding xfrm policy lock, before dropping it. Use xfrm policy inexact prune bin directly since the lock is alrea...

5.7AI score0.00135EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52307

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft tunnel: fix use-after-free on object destroy nft tunnel obj destroy calls metadata dst free which directly kfrees the metadata dst, ignoring the dst entry refcount. Packets that took a reference via dst hold in nft...

5.7AI score0.00125EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52348

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth BNEP implementation where a peer can send a short BNEP Service Discovery Unit SDU. The function bnep rx frame reads the packet type byte and, for control...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References377
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52298

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where firmware-supplied data size is cast to a signed integer before being processed by the min t function. When large unsigned values greater...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52455

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52475

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description An issue exists in the XInclude substitution process where the do xinclude function in Nokogiri::XML::Node replaces each element in place. This process frees the include node, its children such as...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52451

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the Nokogiri XML and HTML library for Ruby, the root= method of Nokogiri::XML::Document only validates that the new root is a Nokogiri::XML::Node. This allows a DTD Document Type Definition node...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52573

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52516

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm may send user-level unscoped npm authentication credentials to a registry specified in a repository-local .npmrc file. This occurs when a user's global configuration...

6.9CVSS5.8AI score0.00254EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52514

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...

7.3CVSS5.9AI score0.0027EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52554

Name of the Vulnerable Software and Affected Versions Podman versions 1.8.1 through 5.8.4 Description A malicious container image can trick Podman into leaking host environment variables into the container. This occurs when an image contains an Env entry consisting of a key without a value...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52630

Name of the Vulnerable Software and Affected Versions Pen Drive report generator affected versions not specified Description An issue exists where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. This allows an attacker with cluster administrator...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52371

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth ISO implementation. In the iso sock rebind bc function, the bis pointer is cached and the socket lock is subsequently dropped. A concurrent...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52543

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS6AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52433

Name of the Vulnerable Software and Affected Versions TablePress versions prior to 3.3.2 Description An unauthenticated cross-site scripting XSS flaw allows malicious script content to be injected via user-controlled input rendered by the plugin. The issue stems from improper input validation and...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52388

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51804

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a 81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.8AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52013

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the platform/wmi component. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device loc...

5.9AI score0.00157EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51836

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH BED LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a singl...

9.1CVSS5.9AI score0.00542EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51975

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Berkeley Packet Filter BPF verifier within the regsafe function. The issue occurs when comparing two scalar registers that both carry BPF ADD CONST values; the check...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51867

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the futex subsystem occurs because the need futex hash allocate default function incorrectly relies on CLONE THREAD semantics. This dependency breaks non-concurrency assumption...

7.8CVSS6AI score0.00128EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52047

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Web Authentication component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially exploit he...

7.5CVSS6AI score0.00149EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51865

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the get timestamp function of the ENA network driver. The problem occurs because the phc-active check and the assignment of the resp pointer were perform...

7.8CVSS5.8AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51712

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tp sender shutdown function unconditionally decrements the sending atomic counter. If this function is called multiple times...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51815

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A cross-site request forgery CSRF flaw allows attackers to force the application to connect to an attacker-specified URL using a username and password also specified by the attacker. CS...

5.4CVSS5.7AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52141

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph name regexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS5.9AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52142

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Command Injection occurs due to insufficient sanitization in the escape command function located at lib/rrd.php, which acts as a no-op by returning the $command unchanged. The command line constructed...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nfsd4 add rdaccess to wrdeleg function where the nfs4 file get access function may be incorrectly called to increment the nfs4 file access count if fp-fi fdsO RDON...

7.5CVSS5.7AI score0.00432EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the Bluetooth subsystem within the hci conn request evt function when the protocol is set to HCI PROTO DEFER. In this state, the function calls hci connect...

8.8CVSS5.7AI score0.00247EPSS
Exploits0References379
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52032

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description On Windows, the document folder listing route allows the use of an encoded absolute Windows path that resolves outside the intended documents directory. This occurs because the shared path...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52144

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...

8.8CVSS6.3AI score0.00689EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52997

CVE ID :CVE-2026-56118 Published : June 24, 2026, 3:11 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51940

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ksmbd crypt message function when using asynchronous hardware crypto engines, such as the Qualcomm Crypto Engine QCE. The function sets a NULL...

9.8CVSS5.8AI score0.00531EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51825

Name of the Vulnerable Software and Affected Versions Apple M1 GPUs affected versions not specified Description Apple M1 GPUs retain register file data between compute shader dispatches from different processes. This allows a sandboxed Metal attacker application to execute a GPU reader shader to...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51682

Name of the Vulnerable Software and Affected Versions Image Sizes on Demand versions prior to 1.4 Description Insufficient input sanitization and output escaping in the PHP SELF server variable allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute if a user is...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51835

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51797

Jenkins Job Configuration History Plugin 1356.ve360da 6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

4.3CVSS5.8AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51767

Capgo before 12.128.2 fails to enforce limited to orgs and limited to apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52102

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52076

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Servicecustom Client API's call method accepts an order id parameter and retrieves the associated order without verifying if the authenticated client owns it. This allows an authenticated...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the system fails to fully roll back the state when an ADD OUT STREAMS request is denied. In such cases, the system only shrinks queued...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51655

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description Multiple OS command injection issues exist within the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending ...

9.1CVSS6.1AI score0.0172EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51658

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, processes unauthenticated discovery and configuration messages. A stack-based buffer overflow occurs because th...

10CVSS6.7AI score0.00427EPSS
Exploits0References8
Total number of security vulnerabilities184321