Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.

Severity rating
Date
Vendor
Vulnerable systems
High8.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:H

PT-2025-19: Remote code execution in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

Vendor:BroadcomVulnerable product:Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E familyBDU ID:BDU:2025-01825Publication date:14 July 2025Fixed on:10 April 2025
High8.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

PT-2025-18: Denial of Service (DoS) in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

Vendor:BroadcomVulnerable product:Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E familyBDU ID:BDU:2025-01824Publication date:14 July 2025Fixed on:10 April 2025
Medium4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

PT-2025-17: Unrestricted memory access to internal memory of networking adapter in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

Vendor:BroadcomVulnerable product:Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E familyBDU ID:BDU:2025-01796Publication date:14 July 2025Fixed on:10 April 2025
Medium4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

PT-2025-15: Kiosk restriction bypass in RED OS

Vendor:РЕД СОФТVulnerable product:RedOS (redos-kiosk-utils)BDU ID:BDU:2025-04865Publication date:14 May 2025Fixed on:13 May 2025
High8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-14: Local privilege escalation in RED OS

Vendor:РЕД СОФТVulnerable product:RedOS (share_directory)BDU ID:BDU:2025-04864Publication date:14 May 2025Fixed on:13 May 2025
High8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

PT-2025-13: Bypass Regular Expression Denial of Service (ReDoS) in jsPDF

Vendor:Parallax Agency LtdVulnerable product:jsPDFPublication date:7 May 2025Fixed on:18 March 2025
High8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

PT-2025-12: Deserialization of Untrusted Data in HTML2PDF

Vendor:SPIPUVulnerable product:HTML2PDFPublication date:7 May 2025Fixed on:26 February 2025
High7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

PT-2025-11: Server-Side Request Forgery (SSRF) in HTML2PDF

Vendor:SPIPUVulnerable product:HTML2PDFPublication date:7 May 2025Fixed on:25 April 2025
High7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

PT-2025-10: Server-Side Request Forgery (SSRF) in HTML2PDF

Vendor:SPIPUVulnerable product:HTML2PDFPublication date:7 May 2025Fixed on:25 April 2025
High8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

PT-2025-09: Path Traversal in TCPDF

Vendor: Tecnick.com LTD Vulnerable product: TCPDF Publication date:7 May 2025Fixed on:3 April 2025
  • ...

Thinking about the best way to protect your company?

Contact us.

During the consultation we'll propose a solution precisely tailored to your organization.

 

General questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.

Email
Country