Lucene search
K
PtsecurityRecent

184319 matches found

Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51692

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...

7.5CVSS6AI score0.00347EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52085

Name of the Vulnerable Software and Affected Versions HP Accessory WMI Provider installer affected versions not specified Description A security issue exists in the HP Accessory WMI Provider installer used for certain HP Docking Stations. This flaw could allow an attacker to achieve escalation of...

7.3CVSS6AI score0.00096EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•3 views

PT-2026-55690

Root has patched GHSA-64g7-mvw6-v9qj in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•4 views

PT-2026-55716

Root has patched GHSA-h8r8-wccr-v5f2 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-55715

Root has patched GHSA-cjmm-f4jc-qw8r in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52040

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An inappropriate implementation in the Autofill feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved by using a...

6.5CVSS5.8AI score0.00138EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52055

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52041

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52050

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.9AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-52042

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description Insufficient validation of untrusted input in the Navigation component allows a remote attacker who has already compromised the renderer process to bypass site isolation. This is...

4.2CVSS5.7AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52048

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker to obtain potentially sensitive information from process memory. This is achieved by inducing the victim t...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52044

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.9AI score0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52043

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A race condition in DevTools allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved by using a crafted HTML...

8.3CVSS5.8AI score0.00184EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52046

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.197 Description A use after free issue exists in WebGL, which could allow a remote attacker to potentially perform a sandbox escape by inducing the user to visit a crafted HTML page. A use...

9.6CVSS5.8AI score0.00217EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-55713

Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-52098

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS5.9AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51989

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where kprobe write ctx can be abused via freplace. Because the actual program type of uprobe is KPROBE, it can be used to modify struct pt regs when ...

8.4CVSS6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51996

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the mt76 WiFi driver. The function mt76 connac mcu alloc sta req allocates a socket buffer skb that should be freed by mt76 mcu skb send msg. However, if the...

6AI score0.00156EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51992

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mt7915 WiFi driver. When an mt7915 PCI chip is detached, the mt7915 coredump unregister function releases mt7915 crash data. However, a race conditio...

6AI score0.00168EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51838

Name of the Vulnerable Software and Affected Versions MailerUp versions prior to 1.0.1 Description Missing authentication for a critical function in the RegisterView apps/accounts/views.py allows a remote, unauthenticated attacker to self-register an account on instances where registration should...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51757

Name of the Vulnerable Software and Affected Versions TortoiseGit affected versions not specified Description Argument injection is possible in TortoiseGitBlame through the use of malicious git history filenames. This flaw allows for arbitrary file write operations within TortoiseGit...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51777

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...

6.9CVSS5.9AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•17 views

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52113

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52018

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ublk component where the per-IO canceled flag may remain set if a ublk server dies after issuing some, but not all, fetch commands during device recovery. Because...

6AI score0.00145EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF sock ops program when accessing ctx fields where the destination register dst reg is the same as the source register src reg. In the !fullsock or !locked tcp...

7.8CVSS5.7AI score0.00112EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51886

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write occurs in the ADFS file system when processing a crafted image with a zero zone count. During boot block validation, if the nzones variable is 0, the adfs read map...

6AI score0.00184EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51839

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 and 6.1 Description An issue exists in the WireGuard driver where the decryption side can stop working completely for a specific peer under heavy networking load. This occurs when the system is under pressure and the...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51855

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Ceph component of the Linux kernel. The issue occurs because the required blob size computation was moved before the build xattrs call. Since build xattrs...

5.9AI score0.00198EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mt76 wireless driver for the mt7996 PCI chip. A race condition occurs when the chip is detaching; the mt7996 coredump unregister function releases...

5.8AI score0.00168EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52127

Name of the Vulnerable Software and Affected Versions MP4Box version 2.5-DEV-rev1593-gfe88c3545-master Description A heap use-after-free occurs when the gf filter pid inst swap delete task function in the filter core/filter pid.c component improperly accesses objects after they have been freed...

5.5CVSS5.8AI score0.0013EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the erofs component where the lcn variable was typed as unsigned long or unsigned int. On 32-bit platforms, this variable is only 32 bits wide, leading to the truncati...

5.9AI score0.00168EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52095

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.2 Rocket.Chat versions prior to 8.3.4 Rocket.Chat versions prior to 8.2.4 Rocket.Chat versions prior to 8.1.5 Rocket.Chat versions prior to 8.0.6 Rocket.Chat versions prior ...

2.3CVSS5.8AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51891

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dualpi2 change function within the sch dualpi2 module. When a configuration change occurs for the dualpi2 qdisc queueing discipline, the function fails to correctl...

6.1AI score0.00173EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51923

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfs iomap begin 1. Since runs was not touched yet, run lookup entry immediately fails and returns false, which makes the value of "len" 0...

5.7AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51844

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists within the drm/xe/dma-buf component. The flaw occurs in a retry loop where a buffer object is freed upon an error, allowing subsequent access to the fre...

7.8CVSS6.2AI score0.00132EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51860

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A logical error exists within the Direct Rendering Manager DRM change handle logic. The issue occurs when the system fails to replace the original ID pointer with the newly generated IDR...

6.1AI score0.00186EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-52021

In the Linux kernel, the following vulnerability has been resolved: block: fix zones cond memory leak on zone revalidation error paths When blk revalidate disk zones fails after disk revalidate zone resources has allocated args.zones cond, the memory is leaked because no error path frees it...

5.7AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51983

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists when querying information for an offloaded BPF map or program. The functions bpf map offload info fill ns and bpf prog offload info fill ns use get netdev...

6AI score0.00145EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51648

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51853

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sev-guest component when issuing an extended guest request SVM VMGEXIT EXT GUEST REQUEST. The get ext report function allocates a buffer to retrieve a certificate...

7.8CVSS6AI score0.00093EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51997

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock exists in the mt7925 roc abort sync function within the mt76 wireless driver. The issue occurs when roc abort sync invokes cancel work sync, which waits for roc work...

5.6CVSS6AI score0.00166EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52012

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the vdpa component. When a driver is probed through the driver attach function, the bus match callback is executed without holding the device lock...

5.9AI score0.00155EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51788

Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...

10CVSS6.4AI score0.00134EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51903

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the ice network driver occurs during network packet transmission. When the ice tso or ice tx csum functions fail, the error path in ice xmit frame ring frees the network buffer...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51859

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/ttm component where a failure in ttm tt swapout can lead to an infinite loop during the LRU Least Recently Used list walk. This occurs because ttm resource mov...

6AI score0.00167EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51872

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The dev-set and key-rotate netlink operations allow the modification of shared device state, specifically the PSP version configuration and cryptographic key material. These operations...

6AI score0.00173EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52030

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable 01 until 0.2026.05.06.15.42.stable 01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52071

Name of the Vulnerable Software and Affected Versions Ghost versions 5.18.0 through 6.21.0 Description A discrepancy in responses from the members signin endpoints allows an unauthenticated attacker to determine if a specific email address is registered as a member of the site. Recommendations...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51779

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist app v2 RPC function that allows unauthenticated attackers to enumerate app ids by calling POST /rest/v1/rpc/exist app v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
Total number of security vulnerabilities184319