Threatscape

    All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.

    Severity rating
    Date
    Vendor
    Vulnerable systems
    Medium4.8
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

    PT-2025-15: Kiosk restriction bypass in RED OS

    Vendor:РЕД СОФТVulnerable product:RedOS (redos-kiosk-utils)BDU ID:BDU:2025-04865Publication date:14 May 2025Fixed on:13 May 2025
    High8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

    PT-2025-14: Local privilege escalation in RED OS

    Vendor:РЕД СОФТVulnerable product:RedOS (share_directory)BDU ID:BDU:2025-04864Publication date:14 May 2025Fixed on:13 May 2025
    High8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

    PT-2025-13: Bypass Regular Expression Denial of Service (ReDoS) in jsPDF

    Vendor:Parallax Agency LtdVulnerable product:jsPDFPublication date:7 May 2025Fixed on:18 March 2025
    High8.8
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

    PT-2025-12: Deserialization of Untrusted Data in HTML2PDF

    Vendor:SPIPUVulnerable product:HTML2PDFPublication date:7 May 2025Fixed on:26 February 2025
    High7.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

    PT-2025-11: Server-Side Request Forgery (SSRF) in HTML2PDF

    Vendor:SPIPUVulnerable product:HTML2PDFPublication date:7 May 2025Fixed on:25 April 2025
    High7.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

    PT-2025-10: Server-Side Request Forgery (SSRF) in HTML2PDF

    Vendor:SPIPUVulnerable product:HTML2PDFPublication date:7 May 2025Fixed on:25 April 2025
    High8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

    PT-2025-09: Path Traversal in TCPDF

    Vendor: Tecnick.com LTD Vulnerable product: TCPDF Publication date:7 May 2025Fixed on:3 April 2025
    High8.8
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

    PT-2025-08: Deserialization of untrusted data in TCPDF

    Vendor: Tecnick.com LTD Vulnerable product: TCPDF Publication date:7 May 2025Fixed on:20 April 2025
    High8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

    PT-2025-07: Path Traversal in TCPDF

    Vendor: Tecnick.com LTD Vulnerable product: TCPDF Publication date:7 May 2025Fixed on:3 April 2025
    Medium6.9
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

    PT-2025-02: Access to files or directories to external paties in TCPDF

    Vendor: Tecnick.com LTD Vulnerable product: TCPDF BDU ID:BDU:2025-02153Publication date:28 February 2025Fixed on:26 January 2025
    • ...

    Get in touch

    Fill in the form and our specialists will contact you shortly.

    General questions

    We're happy to answer any questions you may have.

    Partnership

    Join us in making the world a safer place.

    Request a pilot

    Test drive our solutions with a customized pilot program.

    Phone number
    Email
    Country