The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
tar-fs versions prior to 3.0.9, 2.1.3, and 1.16.5 contain a path traversal vulnerability (CWE-22) that allows attackers to extract tar archives outside the intended directory using specially crafted tarballs. This affects all users of vulnerable tar-fs versions with network-accessible extraction endpoints; the high CVSS 8.7 score reflects the integrity impact and network-accessible attack vector, though no KEV status or widespread public exploits have been confirmed at this time.
A remote code execution vulnerability in A Allocation of Resources Without Limits or Throttling vulnerability in sslh (CVSS 8.7) that allows attackers. High severity vulnerability requiring prompt remediation.
Critical vulnerability in Diviotec professional series devices that combines arbitrary command injection via a web interface endpoint with hardcoded credentials, allowing authenticated attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The CVSS 8.6 score reflects the severity of command injection paired with hardcoded passwords that eliminate authentication barriers. This vulnerability affects network-accessible professional series devices and represents an immediate risk in environments where these devices are deployed, particularly where adjacent network access is possible.
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.
1-byte heap buffer overflow in NeKernal OS version 0.0.2's `rt_copy_memory` function, where a null terminator is unconditionally written beyond the destination buffer boundary when the copy length equals the buffer size (256 bytes). This vulnerability affects local attackers with no privilege requirements and can result in high-impact compromise of confidentiality, integrity, and availability. The patch (commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee) removes the overflow-causing null terminator write; no active exploitation or public POC is currently documented, but the CVSS 8.6 score reflects significant severity.
Denial-of-service vulnerability in Qt's private qDecodeDataUrl() function that triggers an assertion failure when processing malformed data URLs with incomplete charset parameters. This affects Qt versions up to 5.15.18, 6.0.0-6.5.8, 6.6.0-6.8.3, and 6.9.0, impacting applications using QTextDocument and QNetworkReply. An attacker can crash Qt-based applications by sending a specially crafted data URL, resulting in service disruption; the vulnerability requires user interaction (UI involvement) but has a high CVSS score of 8.4 due to integrity and availability impact.
A security vulnerability in juzaweb CMS (CVSS 4.3). Risk factors: public PoC available.
CVE-2025-3260 is an authorization bypass vulnerability in Grafana's dashboard API endpoints (/apis/dashboard.grafana.app/*) that allows authenticated users to circumvent dashboard and folder permission controls across all API versions (v0alpha1, v1alpha1, v2alpha1). Affected users with viewer or editor roles can access, modify, or delete dashboards and folders they should not have permission to interact with, while organization isolation boundaries and datasource access controls remain unaffected. With a CVSS score of 8.3 and requiring only low-privilege authentication, this represents a significant risk to multi-tenant Grafana deployments and requires immediate patching.
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
Cross-site scripting (XSS) vulnerability in Dot desktop application (versions through 0.9.3) that allows unauthenticated local attackers to execute arbitrary commands with high complexity due to unsafe DOM manipulation via innerHTML. The vulnerability chains user input and LLM output directly into the DOM without sanitization, combined with Electron's Node.js API access, enabling command execution. This is a local attack vector with high impact on confidentiality, integrity, and availability.
Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.
Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.
Local privilege escalation vulnerability in Realtek Bluetooth HCI adaptor drivers that exploits a symlink-following flaw (CWE-59) to enable arbitrary file deletion. Local attackers with standard user privileges can create symbolic links to trick the driver into deleting critical system files, subsequently leveraging file deletion to gain elevated privileges. The vulnerability has a CVSS score of 7.8 (High) with complete integrity and confidentiality impact; exploitation status and POC availability require vendor advisory correlation to assess active exploitation risk.
Buffer over-read vulnerability in Arm GPU userspace drivers (Bifrost, Valhall, and 5th Gen architectures) that allows unprivileged local users to access memory outside allocated buffer bounds through valid GPU operations including WebGL and WebGPU. The vulnerability affects multiple driver versions across three GPU architectures and has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability; exploitation status and POC availability are not documented in the provided data.
Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.
A security vulnerability in Arm Ltd Bifrost GPU Kernel Driver (CVSS 7.8) that allows a local non-privileged user process. High severity vulnerability requiring prompt remediation.
GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.
DLL hijacking vulnerability in Yandex Telemost for Desktop versions before 2.7.0, where the application searches for dynamic libraries in untrusted paths, allowing local attackers with user-level privileges to execute arbitrary code through malicious DLL injection. The vulnerability has a high CVSS score of 7.8 and requires user interaction (running the application), but poses significant risk as DLL hijacking is a well-understood and commonly exploitable attack vector with publicly available proof-of-concept techniques.
Local privilege escalation vulnerability in SolarWinds Dameware Mini Remote Control caused by incorrect permission assignments on system resources. An authenticated attacker with low-privilege local access can exploit this vulnerability to gain elevated privileges (SYSTEM/Administrator level), achieving complete system compromise including confidentiality, integrity, and availability violations. This vulnerability requires valid local credentials and user interaction is not required for exploitation, making it a significant risk for multi-user systems or those with shared access.
A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The name of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Nil-pointer dereference vulnerability in quic-go's path probe loss recovery logic introduced in v0.50.0 that allows unauthenticated remote attackers to crash QUIC servers. A malicious client can trigger a denial-of-service by sending valid QUIC packets from multiple addresses to initiate path validation, then crafting specific ACKs to dereference a null pointer. The vulnerability affects quic-go versions from v0.50.0 through v0.50.0 (patched in v0.50.1), with a CVSS score of 7.5 and high availability impact but no known active exploitation or public POC at time of disclosure.
Time-based SQL injection vulnerability in the mydetailsstudent.php file of CloudClassroom PHP Project version 1.0, where the 'myds' parameter fails to properly validate user input, allowing unauthenticated remote attackers to inject and execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 (High), indicating potential for data theft, modification, and service disruption. No KEV status or active exploitation data is provided in the current intelligence; however, the network-accessible nature (CVSS:3.1/AV:N) and low attack complexity suggest this represents a significant real-world risk if the affected application is internet-facing.
Critical SQL injection vulnerability in Marwal Infotech CMS 1.0 affecting the /page.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has public exploit disclosure and proof-of-concept availability, but the vendor has not responded to early disclosure notifications, leaving affected deployments unpatched and at active risk.
Critical SQL injection vulnerability in Aem Solutions CMS versions up to 1.0, affecting the /page.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands. With a CVSS score of 7.3, a publicly disclosed exploit, and unresponsive vendor engagement, this vulnerability poses significant risk to confidentiality, integrity, and availability of affected systems.
Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.
MyBB versions prior to 1.8.39 contain a local file inclusion (LFI) vulnerability in the upgrade component due to improper input validation (CWE-22). This vulnerability allows authenticated administrators or unauthenticated attackers with access to an unlocked installer to read arbitrary files from the server filesystem. The vulnerability requires either the installer to be accessible via re-installation or the attacker to have administrative privileges, significantly limiting real-world exploitability despite the CVSS 7.2 score.
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.
A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.
Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker - potentially leading to account takeover. Version 1.1.0.3 fixes the issue.
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.