Memory corruption in libxml2's processing of schematron sch:name elements allows remote attackers to trigger crashes or potentially execute code via maliciously crafted XML files. Affects widespread deployments including Red Hat Enterprise Linux 7-10, OpenShift Container Platform 4.12-4.20, Ubuntu, and Debian distributions. CVSS 9.1 critical severity with network-exploitable vector requiring no authentication. Publicly available exploit code exists (POC confirmed). EPSS score of 0.49% suggests relatively low observed exploitation attempts despite critical rating. Not listed in CISA KEV, indicating no confirmed mass exploitation campaigns at time of analysis. Vendor patches available across all affected Red Hat products with specific versions documented.
Use-after-free in libxml2 XPath parsing allows remote attackers to crash applications via malicious XML Schematron documents. The vulnerability (CVSS 9.1) affects widespread Red Hat ecosystem products including RHEL 7-10 and OpenShift 4.12-4.20, with vendor patches available. Public exploit code exists but CISA KEV does not list active exploitation. EPSS score of 0.11% (30th percentile) suggests low observed exploitation probability despite critical CVSS rating and POC availability, indicating targeted research interest rather than mass exploitation.
A denial of service vulnerability in This (CVSS 4.2). Risk factors: actively exploited (KEV-listed).
Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.
Critical remote buffer overflow vulnerability in UTT 进取 750W network devices affecting the /goform/setSysAdm API endpoint. An unauthenticated remote attacker can exploit improper use of strcpy() in the passwd1 parameter to achieve complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit exists, and the vendor has not provided patches or response despite early disclosure notification.
Critical arbitrary code execution vulnerability in conda-build prior to version 25.4.0, where unsafe eval() function usage on meta.yaml recipe selectors allows unauthenticated remote attackers to execute arbitrary code during the package build process with no required privileges or user interaction. This vulnerability affects all users and systems using vulnerable conda-build versions to process potentially malicious or compromised recipe files, with a CVSS score of 9.8 indicating critical severity across confidentiality, integrity, and availability impacts.
Conda-build versions prior to 25.3.0 are vulnerable to dependency confusion/namespace squatting attacks where an attacker can claim the unpublished 'conda-index' package on PyPI and inject malicious code that gets installed when users run pip install on conda-build projects. This is a critical supply-chain attack vector with CVSS 9.8 (CRITICAL) affecting all users who install conda-build from source or install projects that depend on it via pip, potentially compromising developer environments and CI/CD pipelines. The vulnerability is network-accessible, requires no privileges or user interaction, and provides complete system compromise (confidentiality, integrity, availability).
Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensions and gain unauthorized access to Developer Mode on managed Chrome devices. The vulnerability is exploited using the ExtHang3r and ExtPrint3r tools to load arbitrary extensions, affecting enterprise-managed deployments with a CVSS score of 9.8 (critical severity). Active exploitation status and proof-of-concept availability should be verified through CISA KEV and security advisories.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.
Critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/SafeMacFilter endpoint. An authenticated remote attacker can exploit the 'page' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is actively exploitable.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwarding configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the ingress_name_%d, sched_name_%d, or name_%d parameters to achieve remote code execution with high integrity and confidentiality impact. The vulnerability has public exploit code available and affects only end-of-life products no longer receiving vendor support, significantly elevating real-world risk for exposed legacy deployments.
Critical remote buffer overflow vulnerability in Tenda FH1203 firmware version 2.0.1.6 affecting the /goform/AdvSetLanip endpoint. An authenticated attacker can exploit improper input validation of the lanMask parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit exists, indicating active disclosure and potential real-world exploitation risk.
Critical buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7 affecting the lanMask parameter in the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit this to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, making this an active exploitation risk.
Critical stack-based buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7(775) affecting the /goform/VirtualSer endpoint's 'page' parameter. An authenticated remote attacker can exploit this to achieve complete system compromise including arbitrary code execution, data exfiltration, and service disruption. The vulnerability has public exploit disclosure and demonstrated proof-of-concept availability, elevating immediate risk despite requiring valid credentials.
NULL pointer dereference in libxml2's XPath processing engine crashes applications parsing untrusted XML. Affects all major Linux distributions including Red Hat Enterprise Linux 10, Ubuntu (10 releases), Debian (8 releases), and SUSE. Remote unauthenticated attackers can trigger denial of service by sending crafted XPath expressions embedded in XML documents. Publicly available exploit code exists (GitHub gist). EPSS score is low (0.15%, 36th percentile) indicating limited widespread exploitation observed, and not currently listed in CISA KEV. Vendor patches available from Red Hat (2.12.5-7.el10_0), SUSE, and upstream libxml2 project.
Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.
A path traversal vulnerability in Liferay Portal 7.0.0 (CVSS 9.8) that allows remote attackers. Critical severity with potential for significant impact on affected systems.
Critical unauthenticated SQL injection vulnerability in HAMASTAR Technology's WIMP website co-construction management platform that allows remote attackers to execute arbitrary SQL commands without authentication. Attackers can exploit this flaw to read, modify, or delete entire database contents, potentially compromising sensitive project management data, user credentials, and financial information. With a CVSS score of 9.8 and no authentication required, this vulnerability presents an immediate and severe threat to all deployed instances of the WIMP platform.
Buffer overflow vulnerability in the Apache NuttX RTOS xmlrpc example application where device statistics structures use hardcoded buffer sizes that do not account for the CONFIG_XMLRPC_STRINGSIZE configuration parameter, allowing remote attackers to overflow memory without authentication. This affects Apache NuttX RTOS versions 6.22 through 12.8.x, with a critical CVSS score of 9.8 indicating high severity across confidentiality, integrity, and availability. The vulnerability is particularly dangerous because developers may have copied the vulnerable example code into production implementations, extending the attack surface beyond the example application itself.
A buffer overflow vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.
Critical permission vulnerability in the BoomPlayer mobile application (com.afmobi.boomplayer) that allows unauthenticated remote attackers to perform unauthorized operations with complete compromise of confidentiality, integrity, and availability. The vulnerability carries a maximum CVSS score of 9.8 and is classified as an improper authentication/authorization defect (CWE-287); exploitation requires no user interaction and can be triggered over the network, making it a severe risk to all users of this application.
Critical SQL injection vulnerability in Chanjet CRM 1.0 affecting the /sysconfig/departmentsetting.php endpoint via the gblOrgID parameter. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure and demonstrates active exploitation potential, making it a high-priority remediation target despite the moderate CVSS score.
Critical SQL injection vulnerability in code-projects Restaurant Order System version 1.0, affecting the /tablelow.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the restaurant database. The vulnerability has been publicly disclosed with proof-of-concept availability, increasing real-world exploitation risk.
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A security vulnerability in UTT 进取 750W (CVSS 5.3). Risk factors: public PoC available.
A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.
A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506. An authenticated attacker can remotely execute arbitrary operating system commands via the 'ipaddress' parameter in /billing/pms_check.php, achieving complete system compromise. Public exploit code exists, the vendor has not responded to early disclosure, and this vulnerability meets criteria for immediate exploitation in real-world environments.
A critical OS command injection vulnerability exists in Wifi-soft UniBox Controller versions up to 20250506 within the /billing/test_accesscodelogin.php file's Password parameter, allowing authenticated remote attackers to execute arbitrary system commands with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the vendor has not responded to early disclosure notifications, indicating active exploitation risk and lack of official patches.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506, exploitable through the mac_address parameter in /authentication/logout.php. An authenticated attacker can remotely execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and the vendor has not responded to early disclosure attempts, significantly elevating real-world risk.
A SQL injection vulnerability in Customer Support System (CVSS 8.8) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.
A cross-site scripting vulnerability (CVSS 8.7) that allows an attacker. High severity vulnerability requiring prompt remediation.
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.
Privilege escalation flaw in authd's temporary user record handling during pre-authentication NSS operations that causes first-time SSH login users to be incorrectly assigned root group membership within their session context. This allows authenticated users (PR:L) to gain elevated group privileges over the network (AV:N) with low complexity, affecting system confidentiality (C:H) and integrity (I:L). The vulnerability has a high CVSS score of 8.5, though real-world exploitation requires valid login credentials and depends on authentication infrastructure specifics.
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Race condition vulnerability in ASUS Armoury Crate that exploits a Time-of-check Time-of-use (TOCTOU) flaw to bypass authentication mechanisms. An authenticated local attacker can exploit this vulnerability to escalate privileges and potentially achieve integrity and availability impacts on the affected system. While the CVSS score of 8.4 is elevated, real-world exploitation requires local access and existing user privileges, limiting widespread impact.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Apache Commons FileUpload contains a Denial of Service vulnerability in multipart header processing due to insufficient resource allocation limits (CWE-770). Affected versions are 1.0 through 1.5.x and 2.0.0-M1 through 2.0.0-M3. An unauthenticated remote attacker can exploit this with a network request to cause resource exhaustion and service unavailability without requiring user interaction or elevated privileges. CVSS 7.5 (High) reflects the high availability impact; KEV and EPSS data availability would determine exploitation likelihood in the wild.
A remote code execution vulnerability in Apache Tomcat (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Liferay Portal and DXP versions fail to implement depth limiting on GraphQL queries, enabling unauthenticated remote attackers to execute deeply nested queries that consume excessive server resources and cause denial-of-service. This affects Liferay Portal 7.4.0-7.4.3.97 and multiple DXP versions (2023.Q3.1-2023.Q3.2, 7.4 GA-Update 92, 7.3 GA-Update 35, 7.2 FP 8-20). With a CVSS 7.5 score, high network exploitability, and no authentication required, this represents a significant availability risk to exposed Liferay installations.