Protection-mechanism bypass in BlueMail 1.140.103 and earlier on Windows lets attackers deliver files that are saved via the attachment-interaction feature without a Mark-of-the-Web (MOTW) tag, defeating Windows SmartScreen, Office Protected View, and third-party security software that rely on the MOTW zone identifier. Publicly available exploit code exists; the flaw is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no confirmed widespread exploitation yet. The practical effect is that a malicious document or executable arriving by email loses the 'downloaded from the Internet' provenance that would normally trigger a warning or block.
Protection-mechanism bypass in Canary Mail 5.1.40 and earlier on Windows lets attacker-supplied email attachments be written to disk without the Mark-of-the-Web (MOTW) NTFS tag, so files that reach a victim through the mail client are treated as trusted local content rather than internet-originated. This defeats SmartScreen, Office Protected View, and other MOTW-aware defenses in Windows and third-party software, materially easing malware delivery. Publicly available exploit code exists; the issue is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no evidence of widespread active exploitation.
Unauthenticated remote brute-force of the Dbit N300 T1 Pro wireless router (firmware V1.0.0) is trivially achievable because the /api/login endpoint imposes no rate limiting, account lockout, or throttling of any kind. Any attacker with network access to the management interface can attempt unlimited password guesses until admin credentials are found. A publicly available proof-of-concept exploit exists on GitHub; however, EPSS at 0.29% (21st percentile) and absence from CISA KEV suggest exploitation remains limited in practice, likely constrained by the product's small market footprint.
Use-after-free in Linux ksmbd IPC handler allows remote unauthenticated attackers to trigger memory corruption via race condition in generic netlink reply processing. The flaw (CVSS 9.8 critical, network-reachable) affects ksmbd's ipc_msg_send_request() function where concurrent access to response buffers occurs without proper locking. EPSS data not provided; no CISA KEV listing identified at time of analysis. Multiple upstream kernel commits available across stable branches indicate vendor-released patches exist.
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
SQL injection in LBG Zoominoutslider WordPress plugin versions through 5.4.4 allows authenticated attackers with low-level privileges to extract sensitive database information and potentially cause denial of service. The vulnerability enables cross-scope impact, meaning attackers can access resources beyond their authorized privilege level. EPSS probability is low (0.04%, 14th percentile), indicating limited observed exploitation activity, though Patchstack's disclosure suggests active security community awareness.
Network traffic sniffing in RTI Connext Professional 7.2.0-7.3.0 and 7.4.0-7.6.x exposes private personal information to unauthorized remote actors with low attack complexity. The vulnerability allows confidentiality breach (high impact) with limited integrity and availability impacts, affecting distributed data-sharing middleware used in critical infrastructure and industrial systems. EPSS exploitation probability is minimal (0.05%, 15th percentile) with no confirmed active exploitation or public exploit code identified at time of analysis.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.
Information disclosure in Menulux Mobile App versions prior to 9.5.8 allows remote unauthenticated attackers to access other users' data by manipulating trusted identifiers (IDOR-style flaw). The vulnerability falls under CWE-639 (Authorization Bypass Through User-Controlled Key) and was reported by Turkey's national CERT (USOM). There is no public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.04% (13th percentile).
Local file inclusion in PenciDesign Soledad WordPress theme versions through 8.7.0 allows authenticated attackers with low privileges to include and execute arbitrary PHP files via improper filename control in include/require statements. Attack complexity is high (AC:H), requiring specific server configuration or authenticated access to exploit. No active exploitation confirmed at time of analysis, but vulnerability class (CWE-98) is commonly targeted once POC becomes available. EPSS data not provided; exploitation status unknown beyond vendor disclosure.
Stored cross-site scripting (XSS) in ThemeNectar Salient Shortcodes WordPress plugin through version 1.5.4 allows authenticated users with low privileges to inject malicious scripts that execute in the context of higher-privileged administrators or other site visitors. The vulnerability requires user interaction (UI:R in CVSS vector) and affects the shortcode generation functionality, enabling persistence of malicious payloads in page content. EPSS score of 0.06% indicates low real-world exploitation probability despite the moderate CVSS 6.5 rating.
Stored cross-site scripting (XSS) in VK Google Job Posting Manager WordPress plugin versions up to 1.2.22 allows authenticated users with low privileges to inject malicious scripts that execute in the context of other users' browsers, potentially compromising site administrators. The vulnerability requires user interaction (clicking a link or viewing a malicious page) to trigger payload execution and affects the plugin's web page generation functionality. EPSS probability of exploitation is notably low at 0.04%, suggesting this is primarily a theoretical risk without documented active exploitation.
Stored cross-site scripting (XSS) in Premio Stars Testimonials WordPress plugin versions 3.3.4 and below allows authenticated users to inject malicious scripts that execute in the context of other users' browsers, potentially compromising site administrators or visitors. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting immediate risk, but the stored nature means injected payloads persist and affect multiple users. No public exploit code or active KEV status is documented, though the 6.5 CVSS score reflects moderate severity when considering cross-site impact.
Authorization bypass in Essential Real Estate WordPress plugin versions through 5.2.9 allows authenticated users to access sensitive real estate data they should not have permission to view through user-controlled key manipulation. The vulnerability exploits incorrectly configured access control at the application level, enabling privilege escalation from a standard user account to view confidential information such as property details or pricing. No public exploit code has been identified, and the EPSS score of 0.04% indicates low exploitation probability despite the CVSS 6.5 severity rating.
Improper authentication in Ningyuanda TC155 firmware version 57.0.2.0 allows unauthenticated RTSP Live Video Stream access from within the local network. The vulnerability, classified as an authentication bypass (CWE-287), requires no user interaction and can be exploited with low complexity. Publicly available exploit code exists, though active exploitation has not been confirmed via CISA KEV. EPSS score of 0.16% indicates low real-world exploitation likelihood despite the disclosure and POC availability, suggesting limited attacker interest or access constraints.
Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF Device Management Service allows unauthenticated local network attackers to trigger a factory reset by manipulating the FactoryDefault argument with 'Hard' input, resulting in information disclosure and configuration loss. Publicly available exploit code exists; vendor has not responded to disclosure attempts.
Denial of service in Ningyuanda TC155 firmware 57.0.2.0 via malformed RTSP requests to an unauthenticated RTSP service allows local network attackers to crash or degrade the device without authentication. Publicly available exploit code exists; the vendor did not respond to early disclosure notification. CVSS score of 2.1 reflects the low severity due to limited attack surface (local network only) and availability impact alone, but real-world risk depends on device deployment context and exposure to untrusted local networks.
Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.
Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF PTZ Control Interface (/onvif/device_service) allow unauthenticated local network attackers to gain unauthorized access with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the vendor has not responded to disclosure efforts despite early contact.
Keycloak's admin API endpoints for authorization resource management contain an IDOR vulnerability allowing authenticated administrators with fine-grained permissions for one client to delete or modify resources belonging to other clients within the same realm. The flaw exists in ResourceSetService and PermissionTicketService where authorization checks validate the resourceServer (client) ID from the API request, but backend database operations use only the resourceId, creating a permission bypass. Affected administrators can exploit this with standard HTTP requests to cross-client resource boundaries; no public exploit code identified at time of analysis.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7.
Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3.
Authenticated users with limited privileges can modify plugin settings and access functionality they should not have access to via missing authorization checks in Buttoner for Elementor through version 1.0.6. The vulnerability requires valid WordPress user credentials but no administrative role, allowing privilege escalation within the plugin's configuration interface. EPSS score of 0.05% indicates low exploitation probability despite network accessibility.
Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through <= 4.3.3.
Missing authorization in NinjaTeam FileBird Pro WordPress plugin versions up to 6.5.1 allows authenticated users to access and modify files they should not have permission to view or edit due to incorrectly configured access control security levels. The vulnerability requires valid user credentials but can lead to disclosure and modification of sensitive files within the plugin's file management interface. EPSS exploitation probability is low at 0.04%, and no public exploit code has been identified at the time of analysis.
Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0.
Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through <= 1.1.32.
Broken access control in ThemeFusion Avada WordPress theme through version 7.13.2 allows authenticated attackers with low privileges to access functionality improperly constrained by access control lists, potentially achieving full site compromise. With CVSS 8.8 (High) due to network-based access requiring only low-privilege authentication, attackers can achieve high confidentiality, integrity, and availability impact. EPSS probability remains low at 0.06% (18th percentile), and no public exploit identified at time of analysis, suggesting limited immediate exploitation risk despite the critical CVSS rating.
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through <= 1.1.7.
Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3.
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through <= 1.5.8.
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.
Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through <= 7.2.2.
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
Broken access control in Yaad Sarig Payment Gateway for WooCommerce (versions ≤2.2.11) allows unauthenticated remote attackers to bypass authorization checks and gain unauthorized access to payment gateway functions. With CVSS 9.1 (Critical) scoring reflecting network-accessible exploitation requiring no privileges or user interaction, attackers can read or modify sensitive payment data. EPSS score of 0.04% (14th percentile) suggests low observed exploitation probability despite severity. No public exploit identified at time of analysis, though the authentication bypass tag indicates potential for unauthorized transaction manipulation or data exposure in WordPress e-commerce environments.
Unauthenticated remote attackers can bypass access controls in ZEEN101 Leaky Paywall WordPress plugin versions up to 4.22.6, gaining unauthorized access to restricted content through incorrectly configured security levels. The vulnerability requires no user interaction and can be exploited over the network, though it is limited to information disclosure (CVSS 5.3, EPSS 0.04%). No public exploit code or active exploitation has been identified at time of analysis.