Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52255

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find vma misuse fastrpc get args uses find vma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned...

5.7AI score0.00122EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52229

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/umem component where the linearization of mapping when using an iommu can result in a single large block split across multiple SG entries. The function rdma...

9.8CVSS6AI score0.00298EPSS
Exploits0References379
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52256

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free race condition exists in the fastrpc map create function. The fastrpc map lookup function returns a raw pointer after releasing the fl-lock. Subsequently, fastrpc map...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52309

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur in the IPv6 implementation. The function addrconf get prefix route may return a fib6 null entry sentinel entry that contains a NULL fib6 table...

6.8CVSS5.9AI score0.00122EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52298

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where firmware-supplied data size is cast to a signed integer before being processed by the min t function. When large unsigned values greater...

7.8CVSS6.1AI score0.00153EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52312

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the CPU synchronization for received data is incorrectly aligned. The driver programs the RX queue packet offset such that hardware writes data ...

8.6CVSS6AI score0.00401EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nl80211 parse rnr elems function where the parsed element count is stored in a u8-backed cfg80211 rnr elems::cnt field. This count is used to determine the size of...

9.8CVSS6AI score0.00298EPSS
Exploits0References378
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52276

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A livelock occurs in the tmigr handle remote up function. The tmigr handle remote cpu function incorrectly skips timer expire remote when the CPU matches smp processor id, assuming local...

7.5CVSS6AI score0.0036EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52289

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a snd timer object is freed using the snd timer free function while snd timer instance objects are still assigned, the...

8.5CVSS6AI score0.00141EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52359

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the net/sched component when NEWTFILTER and DELFILTER operations are executed concurrently. This occurs because an action can be freed immediately via kfree...

7.8CVSS6AI score0.00129EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52351

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm connect ind rfcomm get sock by channel scans rfcomm sk list under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcomm...

5.7AI score0.00266EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52318

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the network subsystem where the skb is err queue function incorrectly identifies AF PACKET sockets as error-queue skbs because it relies solely on the PACKET OUTGOING...

7.1CVSS6AI score0.00131EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52337

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA PCM component where the snd pcm drain function causes wait queue list corruption on linked streams. The function uses init waitqueue entry, which fails to cle...

7.8CVSS6AI score0.00138EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52334

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrm policy bysel ctx Fix the race by pruning the bin while still holding xfrm policy lock, before dropping it. Use xfrm policy inexact prune bin directly since the lock is alrea...

5.7AI score0.00135EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52307

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft tunnel: fix use-after-free on object destroy nft tunnel obj destroy calls metadata dst free which directly kfrees the metadata dst, ignoring the dst entry refcount. Packets that took a reference via dst hold in nft...

5.7AI score0.00125EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52348

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth BNEP implementation where a peer can send a short BNEP Service Discovery Unit SDU. The function bnep rx frame reads the packet type byte and, for control...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References377
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52339

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A failure to unlock the parent directory occurs in the nfsd4 create file function. This happens when the NFSD exports a filesystem using atomic create and that function returns an error...

7.5CVSS6.1AI score0.00359EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51804

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a 81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.8AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52013

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the platform/wmi component. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device loc...

5.9AI score0.00157EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51836

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH BED LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a singl...

9.1CVSS5.9AI score0.00542EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51975

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Berkeley Packet Filter BPF verifier within the regsafe function. The issue occurs when comparing two scalar registers that both carry BPF ADD CONST values; the check...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51867

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the futex subsystem occurs because the need futex hash allocate default function incorrectly relies on CLONE THREAD semantics. This dependency breaks non-concurrency assumption...

7.8CVSS6AI score0.00128EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52047

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Web Authentication component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially exploit he...

7.5CVSS6AI score0.00149EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51865

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the get timestamp function of the ENA network driver. The problem occurs because the phc-active check and the assignment of the resp pointer were perform...

7.8CVSS5.8AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51712

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tp sender shutdown function unconditionally decrements the sending atomic counter. If this function is called multiple times...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51815

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A cross-site request forgery CSRF flaw allows attackers to force the application to connect to an attacker-specified URL using a username and password also specified by the attacker. CS...

5.4CVSS5.7AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52141

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph name regexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS5.9AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52142

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Command Injection occurs due to insufficient sanitization in the escape command function located at lib/rrd.php, which acts as a no-op by returning the $command unchanged. The command line constructed...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nfsd4 add rdaccess to wrdeleg function where the nfs4 file get access function may be incorrectly called to increment the nfs4 file access count if fp-fi fdsO RDON...

7.5CVSS5.7AI score0.00432EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the Bluetooth subsystem within the hci conn request evt function when the protocol is set to HCI PROTO DEFER. In this state, the function calls hci connect...

8.8CVSS5.7AI score0.00247EPSS
Exploits0References379
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crafted filesystem can trigger an out-of-bounds bitmap walk in the Linux kernel. This occurs when OCFS2 IOC INFO is issued with OCFS2 INFO FL NON COHERENT. The issue stems from the ocf...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References379
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52032

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description On Windows, the document folder listing route allows the use of an encoded absolute Windows path that resolves outside the intended documents directory. This occurs because the shared path...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.2 views

PT-2026-54578

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

4.9CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52144

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...

8.8CVSS6.3AI score0.00689EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52997

CVE ID :CVE-2026-56118 Published : June 24, 2026, 3:11 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52873

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51940

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ksmbd crypt message function when using asynchronous hardware crypto engines, such as the Qualcomm Crypto Engine QCE. The function sets a NULL...

9.8CVSS5.8AI score0.00531EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-55665

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=526758819 Crash type: Bad-cast Crash state: Bad-cast to Ogre::HardwareBuffer from invalid vptr Ogre::HardwareBuffer::unlockImpl Ogre::HardwareBuffer::unlock...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51825

Name of the Vulnerable Software and Affected Versions Apple M1 GPUs affected versions not specified Description Apple M1 GPUs retain register file data between compute shader dispatches from different processes. This allows a sandboxed Metal attacker application to execute a GPU reader shader to...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51830

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Cross-Site Scripting XSS issue occurs due to improper neutralization of untrusted input within the Form Dashboard headline renderer. This allows for stored XSS, where malicious scripts are...

4.6CVSS6AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51682

Name of the Vulnerable Software and Affected Versions Image Sizes on Demand versions prior to 1.4 Description Insufficient input sanitization and output escaping in the PHP SELF server variable allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute if a user is...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51835

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51797

Jenkins Job Configuration History Plugin 1356.ve360da 6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

4.3CVSS5.8AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52027

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.03.05.08.02.stable 00 through 0.2026.05.06.15.42.stable 01 Description Warp accepts non-inline OSC 1337;File payloads from terminal output and materializes the decoded payload as a local file without requiring an additiona...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51767

Capgo before 12.128.2 fails to enforce limited to orgs and limited to apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52102

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References5
Total number of security vulnerabilities184319