Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1.
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Arbitrary file deletion in WP User Manager plugin versions up to 2.9.12 allows authenticated attackers with Subscriber-level privileges to delete critical files via improper validation of the 'current_user_avatar' parameter when custom avatar functionality is enabled. The vulnerability exploits PHP's filter_input() function's handling of array inputs combined with insufficient path validation, enabling a two-stage attack that can facilitate remote code execution by deleting essential files. No public exploit code has been identified at the time of analysis, though the low EPSS score (0.29%) suggests limited real-world exploitation likelihood despite the moderate CVSS rating.
FaceTime caller ID spoofing vulnerability in Apple operating systems allows remote attackers to spoof their caller identity due to inconsistent user interface state management. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires no user interaction or authentication and carries low real-world exploitation risk (EPSS 0.07%, percentile 21%), with no public exploit code or active exploitation confirmed.
Use-after-free memory corruption in Apple WebKit allows remote attackers to crash Safari and iOS/iPadOS applications via maliciously crafted web content, resulting in denial of service. The vulnerability affects Safari 26.2, iOS 18.7.2 and 26.2, iPadOS 18.7.2 and 26.2, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. No public exploit code has been identified, and the vulnerability is not confirmed as actively exploited; however, the network-accessible attack vector and low complexity make it a moderate priority despite the low EPSS score.
Stored Cross-Site Scripting in Bold Timeline Lite WordPress plugin up to version 1.2.7 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via the 'title' parameter of the 'bold_timeline_group' shortcode, executing malicious scripts whenever users view affected pages. CVSS 6.4 reflects moderate impact (confidentiality and integrity compromise across trust boundaries); EPSS 0.04% indicates low real-world exploitation probability. No public exploit code or active exploitation confirmed.
Stored Cross-Site Scripting in BUKAZU Search widget plugin for WordPress allows authenticated attackers with Contributor-level access and above to inject arbitrary JavaScript through the 'shortcode' parameter of the 'bukazu_search' shortcode. The vulnerability affects all versions up to and including 3.3.2 and results from insufficient input sanitization and output escaping. Malicious scripts execute in the context of any user accessing affected pages. EPSS score of 0.04% indicates low real-world exploitation probability despite moderate CVSS 6.4 severity.
Stored Cross-Site Scripting in NewStatPress WordPress plugin versions up to 1.4.3 allows authenticated attackers with contributor-level or higher privileges to inject arbitrary JavaScript into pages via a regex bypass in the nsp_shortcode function. When site visitors access pages containing the injected malicious shortcode attribute, the attacker's script executes in their browsers, enabling session hijacking, credential theft, or malware distribution. No public exploit code has been identified; EPSS score of 0.04% reflects the requirement for authenticated access and user interaction.
Stored cross-site scripting in Better Elementor Addons plugin for WordPress up to version 1.5.5 allows authenticated attackers with contributor-level or higher privileges to inject arbitrary JavaScript through insufficiently sanitized Slider widget attributes, which executes when any user views the affected page. This is a stored XSS vulnerability affecting a widely-deployed WordPress plugin; no public exploit code or active exploitation has been confirmed at time of analysis, but the low CVSS complexity (AC:L) and moderate EPSS exploitation probability make this a practical concern for any WordPress site running the vulnerable plugin versions with user roles permitted to edit pages.
Reflected cross-site scripting (XSS) in Accept Stripe Payments Using Contact Form 7 WordPress plugin versions up to 3.1 allows unauthenticated attackers to inject arbitrary JavaScript via the 'failure_message' parameter due to insufficient input sanitization and output escaping. An attacker can craft a malicious link that, when clicked by a victim, executes JavaScript in the victim's browser session with access to sensitive data or session tokens. No public exploit code or active exploitation has been confirmed at the time of analysis.
Local privilege escalation in macOS allows authenticated applications to access sensitive user data through insufficient permission restrictions on Sequoia, Sonoma, and Tahoe versions. The vulnerability requires local access and low-privilege user context but enables high-impact confidentiality compromise without requiring user interaction or elevated privileges to trigger. A vendor-released patch is available across all affected macOS versions.
Local authenticated applications can access protected user data on macOS due to improper access control restrictions (CWE-284). This affects macOS Sequoia, Sonoma, and Tahoe across multiple versions and is fixed in Sequoia 15.7.3, Sonoma 14.8.3, and Tahoe 26.2. The vulnerability requires local access and authenticated user privileges to exploit, limiting real-world risk despite the confidentiality impact; no public exploit code or confirmed active exploitation has been identified.
Denial-of-service vulnerability in Apple macOS allows local authenticated applications to crash the system or specific services through improper input validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.2). Attack requires local access and low privileges but no user interaction; however, real-world risk is minimal with EPSS probability of 0.02% and no public exploit identified.
Local privilege escalation in macOS allows unprivileged applications to access sensitive user data through a permissions bypass. Affects macOS Sequoia versions prior to 15.7.3 and macOS Tahoe prior to 26.2. Attack requires local system access and user interaction (UI:R). EPSS exploitation probability is very low at 0.02%, and no public exploit code or active exploitation has been reported.
Local apps can access sensitive user data through improved privacy controls in Apple operating systems across iOS, iPadOS, macOS, visionOS, and watchOS. The vulnerability requires local network access and an authenticated user session (PR:L), limiting exposure to installed applications with explicit permissions. Confirmed patches are available across all affected platforms, and exploitation probability is very low (EPSS 0.02%), indicating this is a privacy-boundary issue rather than a critical security flaw.
Local apps on Apple macOS and iPadOS can access sensitive user data through inadequate information disclosure controls, requiring local execution and low-level user privileges. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, and macOS Tahoe 26.1 and earlier. Apple has released patched versions (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2) with improved access controls to restrict unauthorized data exposure. With an EPSS score of 0.02% (4th percentile) and no public exploit code identified at time of analysis, this represents a low real-world exploitation probability despite the moderate CVSS score.
Local arbitrary applications on macOS can read sensitive location information due to a permissions validation flaw (CWE-284), affecting macOS Sequoia, Sonoma, and Tahoe. The vulnerability requires user interaction to trigger but grants unauthorized access to location data without proper authorization checks. Apple has released patches in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, and macOS Tahoe 26.2 to remediate the issue by removing the vulnerable code. No public exploit or active exploitation has been confirmed.
Improper file handling in macOS allows local applications to access protected user data through a logic flaw in the operating system's file access controls. The vulnerability affects macOS Sequoia, Sonoma, and Tahoe, requiring user interaction to trigger exploitation and resulting in unauthorized disclosure of sensitive information without the ability to modify or disable system access. Apple has released patched versions (macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2), with no public exploit code identified at time of analysis.
Improper data access control in macOS allows local applications to read sensitive user data without explicit user consent, exploitable through user interaction. The vulnerability affects macOS Sequoia (before 15.7.3), macOS Sonoma (before 14.8.3), and macOS Tahoe (before 26.2). No public exploit code or active exploitation has been identified; EPSS probability is extremely low at 0.01%, indicating minimal real-world attack likelihood despite the moderate CVSS score.
Path traversal vulnerability in macOS directory path handling allows local apps with user privileges to read sensitive user data through improper path validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.1). EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite moderate CVSS severity.
Local apps can access sensitive user data through inadequate log redaction in Apple's operating systems, affecting iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, iOS 26.1 and earlier, iPadOS 26.1 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires local app execution with limited user privileges but no interaction, resulting in unauthorized read access to sensitive data stored in application logs. While EPSS probability is minimal (0.01%), the local attack vector and high confidentiality impact warrant patching in environments where untrusted apps may be installed.
Local privilege escalation on Intel-based macOS systems allows unsigned or weakly-signed applications to access sensitive user data by downgrading code-signing protections through cryptographic validation bypass. The vulnerability affects macOS Sequoia prior to 15.7.3 and macOS Tahoe prior to 26.2, requires user interaction to execute a malicious app, and has an extremely low exploitation probability (EPSS 0.01%) despite moderate CVSS severity. No active exploitation or public exploit code has been identified.
BuddyTask plugin for WordPress versions up to 1.3.0 fails to enforce capability checks on multiple AJAX endpoints, allowing authenticated subscribers and above to view, create, modify, and delete task boards in any BuddyPress group regardless of membership or group privacy settings. The CVSS 5.4 (Medium) rating reflects confidentiality and integrity impacts limited to group task data with low attack complexity and no user interaction required, though the actual organizational risk depends on BuddyPress deployment scope and task board sensitivity.
Unauthenticated attackers can modify plugin settings and create arbitrary filter options in the Filter Plus plugin for WordPress (versions up to 1.1.6) due to missing capability checks on AJAX actions 'filter_save_settings' and 'add_filter_options'. This allows unauthorized data modification with no confidentiality impact but enables attackers to alter product filtering functionality without authentication. The vulnerability has a low EPSS score (0.08%, 23rd percentile) despite network accessibility, indicating limited real-world exploitation likelihood.
Premmerce Wishlist for WooCommerce plugin versions up to 1.1.10 fails to enforce authorization checks on the deleteWishlist() function, allowing authenticated Subscriber-level users to delete arbitrary wishlists belonging to other users. The vulnerability stems from missing capability validation rather than authentication bypass; while the CVSS vector indicates unauthenticated access (PR:N), the description specifies Subscriber-level authentication is required, suggesting the vector may reflect the function's accessibility rather than actual authentication bypass. With EPSS of 0.04% and no public exploit code identified, real-world exploitation risk is minimal despite the authorization flaw.
Unauthenticated payment bypass in Campay Woocommerce Payment Gateway plugin (versions up to 1.2.2) allows remote attackers to mark orders as successfully completed without actually processing payment, directly resulting in financial loss. The vulnerability stems from insufficient transaction validation in the payment processing workflow, enabling attackers to manipulate order status through the payment gateway interface.
Arbitrary file read in WatchTowerHQ WordPress plugin versions up to 3.16.0 allows authenticated administrators with valid access tokens to read sensitive server files via path traversal in the 'wht_download_big_object_origin' parameter. The vulnerability exploits insufficient path validation in the handle_big_object_download_request function, potentially exposing database credentials and authentication keys. No public exploit code or active exploitation has been confirmed at time of analysis.
Stored Cross-Site Scripting in WP Job Portal plugin for WordPress up to version 2.4.4 allows authenticated attackers with Editor-level access or higher to inject arbitrary JavaScript into job description fields by exploiting explicit whitelisting of the `<script>` tag in the WPJOBPORTAL_ALLOWED_TAGS configuration. The injected scripts execute when users view affected job listings, enabling session hijacking, credential theft, and other malicious activities. Impact is limited to multi-site installations or sites with unfiltered_html disabled. CVSS score of 4.4 reflects the high privilege requirement (PR:H) and high attack complexity (AC:H), though the vulnerability affects a potentially large number of WordPress installations.
Cross-Site Request Forgery in Resource Library for Logged In Users WordPress plugin (all versions up to 1.5) allows unauthenticated attackers to perform unauthorized administrative actions including creating, editing, and deleting resources and categories by tricking a site administrator into clicking a malicious link. The vulnerability stems from missing nonce validation on multiple administrative functions. With an EPSS score of 0.02% and low real-world exploitation probability despite the CVSS 4.3 score, this represents a lower-priority vulnerability requiring user interaction and administrative privileges on the target site.
Simple Bike Rental WordPress plugin versions up to 1.0.6 allow authenticated subscribers to retrieve sensitive customer booking data due to missing capability checks on the 'simpbire_carica_prenotazioni' AJAX action. Attackers with subscriber-level access can exfiltrate personally identifiable information including names, email addresses, and phone numbers from all booking records. CVSS 4.3 reflects the moderate severity of unauthorized information disclosure without requiring administrative access.
Authenticated attackers with Subscriber-level access can duplicate arbitrary WordPress posts via the PDF for Contact Form 7 + Drag and Drop Template Builder plugin (versions up to 6.3.3) due to missing capability checks in the 'rednumber_duplicate' function. This allows disclosure of sensitive content including password-protected and private posts. The vulnerability requires authentication but exploits insufficient privilege validation, creating a post enumeration and information disclosure risk for multi-user WordPress installations. No public exploit code or active exploitation has been confirmed at the time of analysis.
Authenticated attackers with WordPress Subscriber-level access and above can modify arbitrary plugin settings in the Vimeo SimpleGallery plugin versions up to 0.2 due to missing authorization checks on the vimeogallery_admin function. The vulnerability allows privilege escalation within WordPress, enabling lower-privileged users to alter plugin configurations they should not have access to. No public exploit code or active exploitation has been identified at the time of analysis.
Premmerce Brands for WooCommerce plugin versions up to 1.2.13 allow authenticated attackers with Subscriber-level access to modify brand permalink settings due to a missing capability check in the saveBrandsSettings function. The vulnerability requires only network access and low-privilege authentication, enabling unauthorized data modification of WordPress brand configuration without user interaction.