English
Russian
Korean
Support
Search
Search
Solutions
Products
Services
Analytics
Partners
About
ICS/SCADA
Critical infrastructure on the frontline
Vulnerability Management
Stop being an easy target
Financial Services
Can your security keep up with you?
Protection from targeted attacks (anti-apt)
Early detection, rapid investigation
PT Industrial Cybersecurity Suite
PT ICS is an integrated platform for cyberthreat detection and response in industrial systems
Utilities
Industrial-grade cybersecurity
ERP Security
Take control of your ERP security
Security Compliance
Turn policies into protection
MaxPatrol 8
Vulnerability and compliance management system.
MaxPatrol SIEM
Knows your infrastructure, delivers pinpoint detection.
PT Application Firewall
Intelligent protection of business applications.
PT Application Inspector
Source code analysis tool.
PT ISIM
Cyberthreat detection and incident response in ICS.
PT Network Attack Discovery
NDR system to detect attacks on the perimeter and inside the network.
PT Sandbox
Advanced sandbox with customizable virtual environments
XSpider
Vulnerability scanner.
MaxPatrol VM
Next-generation vulnerability management system.
MaxPatrol SIEM All-in-One
Full-featured SIEM for mid-sized IT infrastructures.
PT MultiScanner
Multilayered protection against malware attacks.
PT BlackBox
Dynamic application security testing tool
ICS/SCADA Security Assessment
Full Range of ICS-specific Security Services
ATM Security Assessments
Uncover Your Weaknesses
Web Application Security Services
Black Box and White Box Analysis
Mobile Application Security Services
Security Analysis and Compliance Audit
Custom Application Security Services
Independent Expert Analysis of Your Source Code
Penetration Testing
A Comprehensive Approach
Forensic Services
Prevent Future Incidents
Advanced Border Control
Upgrade Your View of Perimeter Security
Threatscape
PT ESC Threat Intelligence
Cybersecurity glossary
Knowledge base
Clients
Press
News
Events
Contacts
Documents and Materials
Home
Analytics
Threatscape
Threatscape
All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High
(9,3) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
PT-2024-22: (Unauth Remote Code Execution) in MyQ Print Server
Fix date:
January 22, 2024
Vector:
Remote
Systems affected:
MyQ Print Server
Vendor:
MyQ, spol. s r.o
High
(9,2) CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N
PT-2024-21: OS Command Injection in Pandora FMS
Fix date:
June 11, 2024
Vector:
Remote
Systems affected:
Pandora FMS
Vendor:
Pandora FMS
High
(9,3) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
PT-2024-20: Unauth Time-Based SQL Injection in Pandora FMS
Fix date:
June 11, 2024
Vector:
Remote
Systems affected:
Pandora FMS
Vendor:
Pandora FMS
Medium
(6,8) CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
PT-2024-18: Stored Cross-Site Scripting (Stored XSS) in Moodle
Fix date:
April 19, 2024
Vector:
Remote
Systems affected:
Moodle
Vendor:
Moodle
Medium
(6,8) CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
PT-2024-17: Stored Cross-Site Scripting (Stored XSS) in Moodle
Fix date:
April 19, 2024
Vector:
Remote
Systems affected:
Moodle
Vendor:
Moodle
High
(8,8) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
PT-2024-16: OS Command Injection in Pandora FMS
Fix date:
March 19, 2024
Vector:
Remote
Systems affected:
Pandora FMS
Vendor:
Pandora FMS
High
(8,8) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
PT-2024-15: Unauth Time-based SQL Injection in Pandora FMS
Fix date:
March 19, 2024
Vector:
Remote
Systems affected:
Pandora FMS
Vendor:
Pandora FMS
High
(8,6) CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
PT-2024-14: Path Traversal and Untrusted Upload File in Pandora FMS
Fix date:
March 19, 2024
Vector:
Remote
Systems affected:
Pandora FMS
Vendor:
Pandora FMS
High
(8,8) CVSS:CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
PT-2024-13: Unauth Time-based SQL Injection
Fix date:
March 19, 2024
Vector:
Remote
Systems affected:
Pandora FMS
Vendor:
Pandora FMS
High
(8,7) CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
PT-2024-12: SQL Injection in Cacti
Fix date:
December 24, 2023
Vector:
Remote
Systems affected:
Cacti
Vendor:
Cacti
High
(8,7) CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
PT-2024-11: Local file Inclusion in Cacti
Fix date:
December 24, 2023
Vector:
Remote
Systems affected:
Cacti
Vendor:
Cacti
Medium
(5,1) CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
PT-2024-10: Cross-Site Scripting (DOM-based XSS) in Cacti
Fix date:
May 13, 2024
Vector:
Remote
Systems affected:
Cacti
Vendor:
Cacti
High
(7,0) CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
PT-2024-09: Creating arbitrary files during project creation in PT Application Inspector (PT AI)
Fix date:
July 31, 2024
Vector:
Remote
Systems affected:
PT Application Inspector (PT AI)
Vendor:
Positive Technologies
High
(8,4) CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
PT-2024-08: Reading arbitrary files when scanning a project linked to a git repository in PT Application Inspector (PT AI)
Fix date:
July 31, 2024
Vector:
Remote
Systems affected:
PT Application Inspector (PT AI)
Vendor:
Positive Technologies
High
(8,4) CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
PT-2024-07: Reading arbitrary files via API in PT Application Inspector (PT AI)
Fix date:
July 31, 2024
Vector:
Remote
Systems affected:
PT Application Inspector (PT AI)
Vendor:
Positive Technologies
High
(8,4) CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L
PT-2024-06: Reading arbitrary files in the component Web IDE in PT Application Inspector (PT AI)
Fix date:
July 31, 2024
Vector:
Remote
Systems affected:
PT Application Inspector (PT AI)
Vendor:
Positive Technologies
High
(9,3) CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:L
PT-2024-05: Remote Code Execution when creating a project from a git repository in PT Application Inspector (PT AI)
Fix date:
July 31, 2024
Vector:
Remote
Systems affected:
PT Application Inspector (PT AI)
Vendor:
Positive Technologies
High
(8,7) CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
PT-2024-04: Remote Code Execution at scan startup in PT Application Inspector (PT AI)
Fix date:
July 31, 2024
Vector:
Remote
Systems affected:
PT Application Inspector (PT AI)
Vendor:
Positive Technologies
Medium
(5,1) CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
PT-2024-03: Vulnerability of reading internal application files in OpenKeychain
Fix date:
February 6, 2024
Vector:
Local
Systems affected:
OpenKeychain
Vendor:
OpenKeychain
High
(8,8) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
PT-2024-02: Stack Buffer Overflow to Remote Code Execution (RCE) in Moxa NPort W2150a/W2250a
Fix date:
March 7, 2024
Vector:
Remote
Systems affected:
NPort W2150a/W2250a
Vendor:
MOXA Inc.
Severity level
All levels
High
Medium
Low
Date filters
Date range
Year
Year
All
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
Month
Month
All
January
February
March
April
May
June
July
August
September
October
November
December
Starts:
Year
Year
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
Month
Month
January
February
March
April
May
June
July
August
September
October
November
December
Ends:
Year
Year
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
Month
Month
January
February
March
April
May
June
July
August
September
October
November
December
Vendor
Company name
Company name
Systems affected
Software name
Software name
Show threats with CVE-ID
Reset filter
Editor’s Choice
May 26, 2023
Positive Research 2023
June 17, 2022
Positive Research 2022
June 7, 2021
Positive Research 2021