A SQL injection vulnerability exists in LangGraph SQLite Checkpoint, an implementation of LangGraph CheckpointSaver for SQLite databases. The vulnerability affects versions 3.0.0 and below of the langgraph-checkpoint-sqlite Python package, allowing attackers with local access and low privileges to manipulate SQL queries through unvalidated metadata filter keys in checkpoint search operations. A proof-of-concept exploit is publicly available, though the EPSS score of 0.02% (6th percentile) suggests minimal active exploitation in the wild currently.
Out-of-bounds write in AzeoTech DAQFactory release 20.7 (Build 2555) enables arbitrary code execution or denial of service when a local user opens or interacts with attacker-supplied content. The flaw was reported through CISA ICS-CERT and disclosed in ICS advisory ICSA-25-345-03, indicating ICS/SCADA operational technology impact, though no public exploit identified at time of analysis and no CISA KEV listing exists.
Arbitrary code execution in AzeoTech DAQFactory release 20.7 (Build 2555) is possible when a local user opens or interacts with attacker-supplied content that triggers an access-of-uninitialized-pointer condition. The flaw was reported through CISA ICS-CERT and is tracked in ICS advisory ICSA-25-345-03; no public exploit identified at time of analysis and the CVSS 4.0 vector (AV:L/AC:L/PR:N/UI:A) indicates local vector with required user interaction rather than remote network exploitation.
HTTP request smuggling in libsoup, GNOME's HTTP client/server library, lets remote unauthenticated attackers exploit inconsistent Host header parsing: libsoup accepts multiple Host: headers and processes the last occurrence, while common front-end proxies honor the first. Supplying duplicate Host headers creates a proxy/backend mismatch enabling vhost confusion, request smuggling, cache poisoning, and bypass of host-based access controls. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but Red Hat has shipped fixes across numerous products (15 RHSA errata).
Authorization bypass in Netiket Information Technologies' ApplyLogic platform (all versions through 01.12.2025) allows authenticated remote attackers to manipulate user-controlled identifiers to access or modify resources belonging to other users. The flaw is classified as an Insecure Direct Object Reference (IDOR) pattern with high integrity impact, and no public exploit has been identified at time of analysis. EPSS exploitation probability is low (0.07%, 22nd percentile), and the CVE is not on the CISA KEV list.
Authorization bypass in Aksis AxOnboard versions 3.2.0 through 3.2.x allows authenticated low-privileged users to manipulate user-controlled identifiers (IDOR pattern) and access or modify resources belonging to other users or tenants. Türkiye's national CSIRT USOM (TR-25-0446) coordinated disclosure, and while no public exploit code has been identified, the high integrity impact in a multi-tenant onboarding platform makes this a meaningful escalation-of-privilege risk for organizations using version 3.2.x.
Type confusion in AzeoTech DAQFactory 20.7 (Build 2555) enables arbitrary code execution when a user opens a maliciously crafted .ctl project file, corrupting memory in the parser and running attacker-controlled code in the process context. Reported through CISA ICS-CERT and tracked in ICS advisory ICSA-25-345-03, the flaw affects industrial data acquisition and HMI deployments; no public exploit identified at time of analysis and EPSS data was not provided.
Local code execution in AzeoTech DAQFactory release 20.7 (Build 2555) is possible when a user opens a maliciously crafted .ctl project file, triggering a use-after-free condition (CWE-416) in the parser. The flaw was reported by ICS-CERT (DHS) and documented in CISA ICS advisory ICSA-25-345-03, but there is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Shopware, an open commerce platform, contains a reflected cross-site scripting (XSS) vulnerability in its authentication controller where the 'waitTime' URL parameter from the login page is rendered directly into the Twig template without validation or sanitization. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 are affected, allowing attackers to inject malicious JavaScript code through crafted URLs. With an EPSS score of only 0.04% (11th percentile), active exploitation appears low despite the availability of patches and public advisories.