An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in Emlog Pro up to 2.5.18. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in saitoha libsixel up to 1.10.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.
A vulnerability was found in Tenda AC10 16.03.10.13. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.
A vulnerability was determined in cmake 4.1.20250725-gb5cce23. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.