Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52076

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Servicecustom Client API's call method accepts an order id parameter and retrieves the associated order without verifying if the authenticated client owns it. This allows an authenticated...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the system fails to fully roll back the state when an ADD OUT STREAMS request is denied. In such cases, the system only shrinks queued...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51655

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description Multiple OS command injection issues exist within the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending ...

9.1CVSS6.1AI score0.0172EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51658

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, processes unauthenticated discovery and configuration messages. A stack-based buffer overflow occurs because th...

10CVSS6.7AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51662

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.01684EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51660

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.01684EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51659

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server reads up to...

10CVSS6.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51949

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hisilicon/sec2 crypto component. Under heavy load during packet transmission, the hardware may complete packet processing and free the request memory...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52092

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS5.9AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.48 views

PT-2026-51789

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.3.9b through 1.3.10rc2 Description An access control bypass allows authenticated FTP users to circumvent Directory ACL restrictions. By prefixing paths with /proc/self/root in the RNFR command handler, attackers can exploit...

8.6CVSS6AI score0.00331EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52029

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable 00 until 0.2026.05.06.15.42.stable 01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51703

Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...

4.3CVSS5.6AI score0.00103EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51690

Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description A missing capability check in the delete single account function allows unauthorized modification or deletion of data. The REST route...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52182

Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...

4.3CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51686

Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...

7.5CVSS6AI score0.00505EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52146

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52147

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDeviceDrive JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51678

Name of the Vulnerable Software and Affected Versions MP Customize Login Page versions prior to 1.1 Description The MP Customize Login Page plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a logged-in user into performing unwanted actions. The...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51795

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Branch Source Plugin versions prior to 1967.1969.v205fd594c821 Description A missing permission check allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-55748

This update for sg3 utils fixes the following issue - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51695

Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows unauthorized data modification because the update lb24 token AJAX function lacks a proper capability check. The handler verifies the 'lb24' nonce but fails...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52120

Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A command injection flaw in the web server allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue occurs in the ToggleState.php file due...

8.8CVSS7.7AI score0.01126EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52084

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.4 Description An authenticated user can watch a private repository without having the necessary access permissions. This occurs because the access check in the Watch API handler is inverted, specifically within the...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51733

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the tun put user function declares a virtio net hdr v1 hash tunnel structure on the stack without initializing it to zero. For non-tunnel socket buffers skb, the...

6AI score0.00112EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51734

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the smc msg event tracepoint class, which is shared by smc tx sendmsg and smc rx recvmsg. The issue occurs because the system unconditionally...

6AI score0.00116EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51730

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A stack information leak exists in the tap ioctl function during the SIOCGIFHWADDR path. The function copies 16 bytes of an uninitialized on-stack sockaddr storage structure to userspace...

6AI score0.00112EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51719

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv gw node free function removes gateway list entries during mesh teardown but fails to clear the currently selected gateway. This...

6AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51714

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where specific hash set variants—hash:ip,mark, hash:ip,port, hash:ip,port,ip, and hash:ip,port,net—iterate IPv4 ranges using a 32-bit...

6AI score0.00114EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52065

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.9 Description A Cross-Site Scripting XSS issue exists where a non-privileged user can execute arbitrary Javascript within the session of a logged-in Administrative user. This occurs because the Client header us...

5.7CVSS6.1AI score0.00194EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51882

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the process of joining the hook list during the commit phase was not handled safely. This could lead to unsafe netlink dump lis...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52069

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. A flaw in the private-IP check for outbound HTTP requests allows a bypass via DNS rebinding. DNS rebinding is a technique that tricks a browser or...

4CVSS5.8AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51888

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio implementation regarding MSG ZEROCOPY pinned-pages accounting. The function virtio transport init zcopy skb uses iter-count as the size argument for m...

6AI score0.00173EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52139

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid get packet function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media file, whic...

5CVSS5.7AI score0.00121EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51772

Capgo before 12.128.2 allows direct patching of public.apps.owner org through PostgREST, bypassing the transfer app workflow and creating split-brain ownership. Attackers can directly update apps.owner org while leaving app versions.owner org unchanged, enabling old-org keys to retain access to...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51709

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv frag skb buffer function is called by batadv batman skb recv upon receiving a BATADV UNICAST FRAG packet. After reassembling the...

6AI score0.00123EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51755

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References35
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51743

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When performing a transfer to a specific HTTP origin hostA using Digest authentication and subsequently changing the origin to a different one hostB while reusing the same handle, libcurl...

9.8CVSS6AI score0.01064EPSS
Exploits1References37
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51751

Name of the Vulnerable Software and Affected Versions curl versions 7.7 through 8.20.x Description libcurl incorrectly reuses connections from its connection pool when certain mTLS mutual TLS configuration options, specifically those related to the private key, are modified. Because these TLS...

7.5CVSS6.1AI score0.00368EPSS
Exploits1References45
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51976

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sixpack receive buf function where bytes with TTY error flags are not properly skipped. The function iterates through the flags buffer without advancing the data...

6AI score0.00164EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51871

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during signal or timeout wakeup in the futex subsystem. When one task is performing a wait-requeue-pi operation and another is performing a requeue-PI operation, ...

5.9AI score0.00172EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the DEVMAP HASH branch in the dev map redirect multi function uses hlist for each entry safe to iterate through hash buckets. This function is...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52998

CVE ID :CVE-2026-56119 Published : June 24, 2026, 3:12 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51699

Name of the Vulnerable Software and Affected Versions WP Latest Posts versions prior to 5.0.12 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient output escaping in the field and loop functions. These functions use a regular expression to extract the raw src...

6.4CVSS6AI score0.00207EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52026

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable 00 until 0.2026.05.06.15.42.stable 01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52091

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52125

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the gfs2 module, the gfs2 logd function calls log flushing functions gfs2 ail1 start, gfs2 ail1 wait, and gfs2 ail1 empty without holding the sdp-sd log flush lock lock. These functio...

9.8CVSS5.8AI score0.00509EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51687

Name of the Vulnerable Software and Affected Versions Avalon23 Products Filter for WooCommerce versions prior to 1.1.7 Description Stored Cross-Site Scripting occurs via the avalon23 qr shortcode. The issue stems from insufficient input sanitization and output escaping of user-supplied shortcode...

6.4CVSS6AI score0.00193EPSS
Exploits0References9
Total number of security vulnerabilities184319