Lucene search
K
PtsecurityRecent

184322 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51659

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server reads up to...

10CVSS6.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52092

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS5.9AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.48 views

PT-2026-51789

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.3.9b through 1.3.10rc2 Description An access control bypass allows authenticated FTP users to circumvent Directory ACL restrictions. By prefixing paths with /proc/self/root in the RNFR command handler, attackers can exploit...

8.6CVSS6AI score0.00331EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52029

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable 00 until 0.2026.05.06.15.42.stable 01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51703

Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...

4.3CVSS5.6AI score0.00103EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51690

Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description A missing capability check in the delete single account function allows unauthorized modification or deletion of data. The REST route...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52182

Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...

4.3CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51686

Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...

7.5CVSS6AI score0.00505EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52146

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52147

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDeviceDrive JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51678

Name of the Vulnerable Software and Affected Versions MP Customize Login Page versions prior to 1.1 Description The MP Customize Login Page plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a logged-in user into performing unwanted actions. The...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51795

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Branch Source Plugin versions prior to 1967.1969.v205fd594c821 Description A missing permission check allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51695

Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows unauthorized data modification because the update lb24 token AJAX function lacks a proper capability check. The handler verifies the 'lb24' nonce but fails...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52120

Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A command injection flaw in the web server allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue occurs in the ToggleState.php file due...

8.8CVSS7.7AI score0.01126EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52084

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.4 Description An authenticated user can watch a private repository without having the necessary access permissions. This occurs because the access check in the Watch API handler is inverted, specifically within the...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51733

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the tun put user function declares a virtio net hdr v1 hash tunnel structure on the stack without initializing it to zero. For non-tunnel socket buffers skb, the...

6AI score0.00112EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51734

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the smc msg event tracepoint class, which is shared by smc tx sendmsg and smc rx recvmsg. The issue occurs because the system unconditionally...

6AI score0.00116EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51730

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A stack information leak exists in the tap ioctl function during the SIOCGIFHWADDR path. The function copies 16 bytes of an uninitialized on-stack sockaddr storage structure to userspace...

6AI score0.00112EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51719

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv gw node free function removes gateway list entries during mesh teardown but fails to clear the currently selected gateway. This...

6AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51714

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where specific hash set variants—hash:ip,mark, hash:ip,port, hash:ip,port,ip, and hash:ip,port,net—iterate IPv4 ranges using a 32-bit...

6AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51882

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the process of joining the hook list during the commit phase was not handled safely. This could lead to unsafe netlink dump lis...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52069

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. A flaw in the private-IP check for outbound HTTP requests allows a bypass via DNS rebinding. DNS rebinding is a technique that tricks a browser or...

4CVSS5.8AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51888

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio implementation regarding MSG ZEROCOPY pinned-pages accounting. The function virtio transport init zcopy skb uses iter-count as the size argument for m...

6AI score0.00173EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52139

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid get packet function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media file, whic...

5CVSS5.7AI score0.00121EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51772

Capgo before 12.128.2 allows direct patching of public.apps.owner org through PostgREST, bypassing the transfer app workflow and creating split-brain ownership. Attackers can directly update apps.owner org while leaving app versions.owner org unchanged, enabling old-org keys to retain access to...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51709

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv frag skb buffer function is called by batadv batman skb recv upon receiving a BATADV UNICAST FRAG packet. After reassembling the...

6AI score0.00123EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51755

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References35
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51743

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When performing a transfer to a specific HTTP origin hostA using Digest authentication and subsequently changing the origin to a different one hostB while reusing the same handle, libcurl...

9.8CVSS6AI score0.01064EPSS
Exploits1References37
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51751

Name of the Vulnerable Software and Affected Versions curl versions 7.7 through 8.20.x Description libcurl incorrectly reuses connections from its connection pool when certain mTLS mutual TLS configuration options, specifically those related to the private key, are modified. Because these TLS...

7.5CVSS6.1AI score0.00368EPSS
Exploits1References45
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51976

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sixpack receive buf function where bytes with TTY error flags are not properly skipped. The function iterates through the flags buffer without advancing the data...

6AI score0.00164EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51871

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during signal or timeout wakeup in the futex subsystem. When one task is performing a wait-requeue-pi operation and another is performing a requeue-PI operation, ...

5.9AI score0.00172EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the DEVMAP HASH branch in the dev map redirect multi function uses hlist for each entry safe to iterate through hash buckets. This function is...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51699

Name of the Vulnerable Software and Affected Versions WP Latest Posts versions prior to 5.0.12 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient output escaping in the field and loop functions. These functions use a regular expression to extract the raw src...

6.4CVSS6AI score0.00207EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52026

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable 00 until 0.2026.05.06.15.42.stable 01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52091

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52125

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the gfs2 module, the gfs2 logd function calls log flushing functions gfs2 ail1 start, gfs2 ail1 wait, and gfs2 ail1 empty without holding the sdp-sd log flush lock lock. These functio...

9.8CVSS5.8AI score0.00509EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51687

Name of the Vulnerable Software and Affected Versions Avalon23 Products Filter for WooCommerce versions prior to 1.1.7 Description Stored Cross-Site Scripting occurs via the avalon23 qr shortcode. The issue stems from insufficient input sanitization and output escaping of user-supplied shortcode...

6.4CVSS6AI score0.00193EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51951

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RISC-V IOMMU implementation where TLB Translation Lookaside Buffer and context cache invalidations were not performed after updating Device Directory Table DDT or...

8.8CVSS6AI score0.00127EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51915

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the SCSI target core component. The sbc execute unmap function verifies that the Logical Block Address LBA plus the range does not exceed the device capacit...

6AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.24 views

PT-2026-51901

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the error path of the ice set ringparam function. The issue occurs because ice set ringparam nullifies the tstamp ring of temporary tx ring...

6AI score0.00155EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51657

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...

10CVSS6.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-52038

Name of the Vulnerable Software and Affected Versions Tapo C200 v3 Description A denial-of-service DoS issue exists in the network packet handling logic due to improper processing of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51821

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51818

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description Envoy can translate a downstream HTTP/3 request that is complete at the transport layer but contains a...

7.5CVSS5.7AI score0.00298EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51980

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bcmgenet timeout handler incorrectly attempts to shut down all transmit tx queues when only a single queue experiences a timeout. This behavior creates race conditions—situations whe...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52093

🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51747

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...

9.1CVSS5.8AI score0.00649EPSS
Exploits1References29
Total number of security vulnerabilities184322