Integer underflow vulnerability in catdoc 0.95's OLE Document DIFAT (Double-Indirect File Allocation Table) Parser that enables heap-based memory corruption through specially crafted malformed files. An attacker can exploit this local vulnerability (no privileges required) by providing a malicious OLE document to trigger the integer underflow, potentially achieving arbitrary code execution or denial of service. While no active KEV status or widespread POC is confirmed in this dataset, the CVSS 8.4 score and high impact ratings (confidentiality, integrity, availability all marked 'H') indicate this is a critical local code execution risk for users who process untrusted OLE documents.
Heap buffer overflow vulnerability in the Shared String Table Record Parser of xls2csv utility version 0.95, allowing unauthenticated local attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability is triggered by processing a specially crafted malformed Excel file, presenting significant risk to users who process untrusted spreadsheet inputs. No confirmed active exploitation in the wild has been reported at this time, though the local attack vector and lack of privilege requirements suggest moderate real-world exploitability.
CVE-2024-52035 is an integer overflow vulnerability in catdoc 0.95's OLE Document File Allocation Table (FAT) parser that enables heap-based memory corruption when processing malformed files. The vulnerability affects users of catdoc 0.95 who process untrusted OLE documents (Microsoft Office legacy formats), allowing local attackers to corrupt heap memory and potentially achieve code execution. No active KEV status or widespread exploitation has been reported; however, the high CVSS score (8.4) and local attack vector indicate moderate real-world risk for environments processing user-supplied documents.
Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.
ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.
AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allows unauthenticated remote attackers to disclose sensitive information including LLM provider API keys, account passwords, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact and no authentication requirements. Patch is available in version 3.5.13 and later via Pull Request #1676.
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0, where the 'pass' parameter fails to properly validate user input, allowing unauthenticated attackers to inject arbitrary SQL queries over the network. This vulnerability can lead to confidentiality, integrity, and availability compromise with a CVSS score of 7.3 (High), though active exploitation status and proof-of-concept availability could not be verified from the provided data.
Heap-based buffer overflow vulnerability in Sonos Era 300 speakers that allows unauthenticated, network-adjacent attackers to execute arbitrary code with high severity (CVSS 8.8). The flaw exists in ALAC (Apple Lossless Audio Codec) data processing where insufficient length validation enables buffer overflow conditions. This vulnerability poses significant risk as it requires no authentication, no user interaction, and can be exploited by any attacker on the local network segment to achieve remote code execution in the context of the anacapa user.
Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, authenticated user with lower privileges to escalate to administrator-level access. Discovered during a penetration test by Truesec, this flaw affects Axis network devices and cameras utilizing the vulnerable VAPIX framework. With a CVSS score of 8.8 and local attack vector, the vulnerability poses significant risk to organizations deploying Axis devices in multi-user or untrusted environments, though it requires prior authentication and local access to exploit.
tar-fs versions prior to 3.0.9, 2.1.3, and 1.16.5 contain a path traversal vulnerability (CWE-22) that allows attackers to extract tar archives outside the intended directory using specially crafted tarballs. This affects all users of vulnerable tar-fs versions with network-accessible extraction endpoints; the high CVSS 8.7 score reflects the integrity impact and network-accessible attack vector, though no KEV status or widespread public exploits have been confirmed at this time.
A remote code execution vulnerability in A Allocation of Resources Without Limits or Throttling vulnerability in sslh (CVSS 8.7) that allows attackers. High severity vulnerability requiring prompt remediation.
Critical vulnerability in Diviotec professional series devices that combines arbitrary command injection via a web interface endpoint with hardcoded credentials, allowing authenticated attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The CVSS 8.6 score reflects the severity of command injection paired with hardcoded passwords that eliminate authentication barriers. This vulnerability affects network-accessible professional series devices and represents an immediate risk in environments where these devices are deployed, particularly where adjacent network access is possible.
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.
1-byte heap buffer overflow in NeKernal OS version 0.0.2's `rt_copy_memory` function, where a null terminator is unconditionally written beyond the destination buffer boundary when the copy length equals the buffer size (256 bytes). This vulnerability affects local attackers with no privilege requirements and can result in high-impact compromise of confidentiality, integrity, and availability. The patch (commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee) removes the overflow-causing null terminator write; no active exploitation or public POC is currently documented, but the CVSS 8.6 score reflects significant severity.
Denial-of-service vulnerability in Qt's private qDecodeDataUrl() function that triggers an assertion failure when processing malformed data URLs with incomplete charset parameters. This affects Qt versions up to 5.15.18, 6.0.0-6.5.8, 6.6.0-6.8.3, and 6.9.0, impacting applications using QTextDocument and QNetworkReply. An attacker can crash Qt-based applications by sending a specially crafted data URL, resulting in service disruption; the vulnerability requires user interaction (UI involvement) but has a high CVSS score of 8.4 due to integrity and availability impact.
CVE-2025-3260 is an authorization bypass vulnerability in Grafana's dashboard API endpoints (/apis/dashboard.grafana.app/*) that allows authenticated users to circumvent dashboard and folder permission controls across all API versions (v0alpha1, v1alpha1, v2alpha1). Affected users with viewer or editor roles can access, modify, or delete dashboards and folders they should not have permission to interact with, while organization isolation boundaries and datasource access controls remain unaffected. With a CVSS score of 8.3 and requiring only low-privilege authentication, this represents a significant risk to multi-tenant Grafana deployments and requires immediate patching.
Cross-site scripting (XSS) vulnerability in Dot desktop application (versions through 0.9.3) that allows unauthenticated local attackers to execute arbitrary commands with high complexity due to unsafe DOM manipulation via innerHTML. The vulnerability chains user input and LLM output directly into the DOM without sanitization, combined with Electron's Node.js API access, enabling command execution. This is a local attack vector with high impact on confidentiality, integrity, and availability.
Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.
Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.
Local privilege escalation vulnerability in Realtek Bluetooth HCI adaptor drivers that exploits a symlink-following flaw (CWE-59) to enable arbitrary file deletion. Local attackers with standard user privileges can create symbolic links to trick the driver into deleting critical system files, subsequently leveraging file deletion to gain elevated privileges. The vulnerability has a CVSS score of 7.8 (High) with complete integrity and confidentiality impact; exploitation status and POC availability require vendor advisory correlation to assess active exploitation risk.
Buffer over-read vulnerability in Arm GPU userspace drivers (Bifrost, Valhall, and 5th Gen architectures) that allows unprivileged local users to access memory outside allocated buffer bounds through valid GPU operations including WebGL and WebGPU. The vulnerability affects multiple driver versions across three GPU architectures and has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability; exploitation status and POC availability are not documented in the provided data.
Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.
A security vulnerability in Arm Ltd Bifrost GPU Kernel Driver (CVSS 7.8) that allows a local non-privileged user process. High severity vulnerability requiring prompt remediation.
GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.
DLL hijacking vulnerability in Yandex Telemost for Desktop versions before 2.7.0, where the application searches for dynamic libraries in untrusted paths, allowing local attackers with user-level privileges to execute arbitrary code through malicious DLL injection. The vulnerability has a high CVSS score of 7.8 and requires user interaction (running the application), but poses significant risk as DLL hijacking is a well-understood and commonly exploitable attack vector with publicly available proof-of-concept techniques.
Local privilege escalation vulnerability in SolarWinds Dameware Mini Remote Control caused by incorrect permission assignments on system resources. An authenticated attacker with low-privilege local access can exploit this vulnerability to gain elevated privileges (SYSTEM/Administrator level), achieving complete system compromise including confidentiality, integrity, and availability violations. This vulnerability requires valid local credentials and user interaction is not required for exploitation, making it a significant risk for multi-user systems or those with shared access.
Nil-pointer dereference vulnerability in quic-go's path probe loss recovery logic introduced in v0.50.0 that allows unauthenticated remote attackers to crash QUIC servers. A malicious client can trigger a denial-of-service by sending valid QUIC packets from multiple addresses to initiate path validation, then crafting specific ACKs to dereference a null pointer. The vulnerability affects quic-go versions from v0.50.0 through v0.50.0 (patched in v0.50.1), with a CVSS score of 7.5 and high availability impact but no known active exploitation or public POC at time of disclosure.
Time-based SQL injection vulnerability in the mydetailsstudent.php file of CloudClassroom PHP Project version 1.0, where the 'myds' parameter fails to properly validate user input, allowing unauthenticated remote attackers to inject and execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 (High), indicating potential for data theft, modification, and service disruption. No KEV status or active exploitation data is provided in the current intelligence; however, the network-accessible nature (CVSS:3.1/AV:N) and low attack complexity suggest this represents a significant real-world risk if the affected application is internet-facing.
Critical SQL injection vulnerability in Marwal Infotech CMS 1.0 affecting the /page.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has public exploit disclosure and proof-of-concept availability, but the vendor has not responded to early disclosure notifications, leaving affected deployments unpatched and at active risk.
Critical SQL injection vulnerability in Aem Solutions CMS versions up to 1.0, affecting the /page.php file's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands. With a CVSS score of 7.3, a publicly disclosed exploit, and unresponsive vendor engagement, this vulnerability poses significant risk to confidentiality, integrity, and availability of affected systems.
Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.
MyBB versions prior to 1.8.39 contain a local file inclusion (LFI) vulnerability in the upgrade component due to improper input validation (CWE-22). This vulnerability allows authenticated administrators or unauthenticated attackers with access to an unlocked installer to read arbitrary files from the server filesystem. The vulnerability requires either the installer to be accessible via re-installation or the attacker to have administrative privileges, significantly limiting real-world exploitability despite the CVSS 7.2 score.