Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers is affected by improper access control (CVSS 7.8).
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]
An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. [CVSS 7.8 HIGH]
WordPress Currency Switcher Professional versions up to 1.2.0.4. is affected by code injection (CVSS 7.3).
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. [CVSS 7.5 HIGH]
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network. [CVSS 7.5 HIGH]
through 7.2.1 and 7.1.0 versions up to 7.1.1 is affected by cross-site request forgery (csrf) (CVSS 7.5).
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. [CVSS 7.5 HIGH]
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
A vulnerability classified as critical has been found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).
A vulnerability classified as critical was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. [CVSS 7.3 HIGH]
gestione_utenti.php endpoint of HotelDruid 3.0.7 is affected by cross-site request forgery (csrf) (CVSS 7.3).
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. [CVSS 7.2 HIGH]
Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. [CVSS 7.2 HIGH]
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attac...
Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. [CVSS 7.1 HIGH]
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering. [CVSS 7.1 HIGH]
Stored cross-site scripting in Featured Posts Grid WordPress plugin (versions up to 1.7) allows remote attackers to inject malicious scripts that execute in administrator browsers. Patchstack reporting indicates this is a CSRF-to-Stored-XSS chain, meaning attackers can trick authenticated administrators into unknowingly storing malicious payloads. EPSS probability is low (0.09%, 26th percentile) with no CISA KEV listing, indicating targeted rather than widespread exploitation risk. The Changed scope (S:C) in CVSS vector indicates the vulnerability can affect resources beyond the vulnerable component's security scope.
Stored cross-site scripting (XSS) in the Custom top bar WordPress plugin versions up to 2.0.2 allows remote attackers to inject malicious scripts that execute in victim browsers when they view affected pages. The vulnerability is exploitable via network access without authentication but requires user interaction (victim visiting a page with injected payload). EPSS score of 0.09% (26th percentile) indicates low probability of mass exploitation at time of analysis. Patchstack reporting suggests this may be chained with CSRF based on reference URL pattern, though not explicitly confirmed in the CVE description.
Incorrect behavior order in some Zoom Workplace App versions up to 6.3.0 contains a vulnerability that allows attackers to an authenticated user to conduct a denial of service via network access (CVSS 7.1).
CSRF vulnerability in the MaxA/B WordPress plugin (versions ≤2.2.2) chains into stored cross-site scripting, allowing remote attackers to inject malicious scripts into the WordPress admin interface via social engineering. The vulnerability requires user interaction (administrator must be tricked into visiting an attacker-controlled page while authenticated) but requires no authentication by the attacker. EPSS probability is low (0.05%, 14th percentile) indicating minimal observed exploitation attempts. No CISA KEV listing or public POC identified at time of analysis, suggesting limited real-world targeting.
Stored XSS via CSRF in Insert Code WordPress plugin versions through 2.4 allows unauthenticated remote attackers to inject malicious scripts by tricking authenticated administrators into executing forged requests. The CSRF weakness (CWE-352) enables attackers to bypass normal access controls and store XSS payloads in the plugin's code insertion functionality. With CVSS 7.1 (High) and changed scope (S:C), successful exploitation impacts confidentiality, integrity, and availability across security boundaries. EPSS score of 0.05% (14th percentile) indicates low probability of mass exploitation, and no public exploit code or CISA KEV listing identified at time of analysis.
Stored cross-site scripting (XSS) in DevriX Hashtags WordPress plugin 0.3.2 and earlier allows remote attackers to inject malicious scripts via CSRF-chained attack. Unauthenticated attackers can trick authenticated administrators into executing malicious requests that persist XSS payloads in the application. EPSS score of 0.05% (14th percentile) indicates low automated exploitation likelihood despite network attack vector. No active exploitation confirmed via CISA KEV, though publicly available exploit code exists. Scope change in CVSS vector indicates malicious script executes in victim's browser context, enabling session hijacking or privilege escalation.
Stored cross-site scripting (XSS) in WordPress plugin WATI Chat and Notification versions through 1.1.2 can be triggered via CSRF attack, enabling attackers to inject persistent malicious scripts into the WordPress site. The vulnerability requires user interaction from an authenticated administrator but no direct authentication by the attacker, allowing scope change (S:C) that affects resources beyond the vulnerable component. EPSS score of 0.05% (14th percentile) indicates low current exploitation probability. Reported by Patchstack security research team, no CISA KEV listing or public POC identified at time of analysis.
Cross-site scripting (stored XSS) via CSRF in No Disposable Email WordPress plugin through version 2.5.1 allows remote attackers to inject malicious scripts into the site's database. An attacker tricks an authenticated administrator into submitting a crafted request, which bypasses CSRF protections and stores XSS payload that executes when other users access affected pages. EPSS score of 0.05% (14th percentile) indicates low probability of widespread exploitation, with no active exploitation (not in CISA KEV) or public POC identified at time of analysis.
CSRF vulnerability in the Go To Top WordPress plugin through version 0.0.8 enables attackers to store malicious JavaScript via cross-site request forgery. An authenticated administrator or privileged user can be tricked into executing a forged request that injects persistent XSS payloads into the plugin's settings or content areas. The CVSS score of 7.1 reflects changed scope and multi-step exploitation requirements (CSRF leading to stored XSS). EPSS score of 0.05% (14th percentile) indicates very low probability of mass exploitation, consistent with a targeted attack against WordPress administrators requiring social engineering.