Unauthenticated access to live video and device data affects Xiongmai XM530-based IP cameras running firmware V5.00.R02.000807D8.10010.346624.S with ONVIF 21.06, where the ONVIF service fails to enforce authentication on 31 endpoints. Any remote attacker who can reach the camera's ONVIF port can pull sensitive device information and view real-time RTSP/ONVIF video streams without credentials. Publicly available exploit code exists, though the flaw is not listed in CISA KEV and EPSS is modest (0.85%, 54th percentile).
Full administrative takeover of ClipBucket 5.5.2 is possible because the video-sharing platform ships with hardcoded default administrative credentials, letting any unauthenticated remote attacker sign into the admin panel and control the entire application. Publicly available exploit material (a Medium write-up) documents the attack, and the CVSS 3.1 base score is 9.8 (AV:N/AC:L/PR:N/UI:N). This is a network-reachable, no-interaction flaw, though EPSS is modest at 0.57% (43rd percentile) and it is not currently listed in CISA KEV.
Stored cross-site scripting leading to code execution in Frappe Framework 15.89.0 (and the ERPNext application built on it) lets attackers upload a crafted XML/SVG file through the Attachments module that runs attacker-controlled script when a victim views it. Tagged as XSS/RCE/File Upload with a publicly available exploit code, though EPSS remains low at 0.44% (35th percentile) and it is not on CISA KEV. The CVSS 9.6 rating reflects a scope-changing, user-interaction-dependent attack rather than direct server-side compromise.
A Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify, a TypeScript library for building ActivityPub federated servers, where maliciously crafted HTML responses can cause catastrophic backtracking in the document loader's HTML parsing regex. The vulnerability affects versions prior to 1.6.13, 1.7.14, 1.8.15, and 1.9.2, allowing remote attackers to cause denial of service without authentication. A public proof-of-concept exploit is available, though the EPSS score of 0.13% indicates relatively low exploitation likelihood in the wild.
GetStreamUri ONVIF endpoint in Xiongmai XM530 IP cameras exposes RTSP video streams with hardcoded credentials, allowing remote unauthenticated attackers to view live camera feeds without authentication. Affects firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. Publicly available exploit code exists demonstrating credential extraction and direct stream access. EPSS data not available, but the combination of network-accessible attack vector (AV:N), no authentication requirement (PR:N), and public POC creates immediate risk for exposed internet-facing cameras.
Local privilege escalation in NetBT Consulting Services e-Fatura versions prior to 1.2.15 allows authenticated low-privileged users to leverage an unquoted Windows service path to execute arbitrary code with elevated privileges. Publicly available exploit code exists (Exploit-DB 52509), though EPSS scoring (0.20%, 42nd percentile) suggests limited widespread exploitation, and the issue is not currently listed in CISA KEV.
Stored cross-site scripting in Piranha CMS v12.1 allows an attacker who can submit content to the Media module to persist malicious JavaScript in the Name field, which then executes in victims' browsers when the Media section is viewed. A publicly available proof-of-concept exploit exists on GitHub, meaningfully lowering the barrier to exploitation. Despite the network-accessible attack vector and cross-context scope change (S:C), EPSS sits at 0.18% (8th percentile) with no CISA KEV listing, indicating limited real-world exploitation of this niche platform at time of analysis.
Stored cross-site scripting in Piranha CMS v12.1 allows script injection via the Excerpt field in the Page Settings module, executing arbitrary JavaScript in the browsers of users who subsequently view the affected page. The vulnerability carries a publicly available proof-of-concept exploit hosted on GitHub, though EPSS remains very low at 0.18% (8th percentile), indicating limited observed exploitation activity. No KEV listing exists, and no patch has been confirmed from available data at time of analysis.
Arbitrary code execution in Umbraco CMS 16.3.3 is claimed via upload of a crafted PDF file that abuses insufficient file-type validation (CWE-434), potentially leading to server-side code execution. The finding is explicitly DISPUTED by Umbraco, which states that enforcing upload validation is the deploying administrator's responsibility per documentation, mirroring the earlier CVE-2023-49279. No public exploit is confirmed and EPSS is low (0.50%, 39th percentile), so despite the nominal CVSS 10.0 this reflects a contested, configuration-dependent condition rather than a proven turnkey RCE.
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CouchCMS versions up to 2.4 use hard-coded cryptographic keys in the reCAPTCHA handler configuration, allowing remote attackers with high complexity to conduct information disclosure attacks against the reCAPTCHA mechanism. The vulnerability stems from improper handling of K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY parameters in couch/config.example.php, and publicly available exploit code exists, though real-world exploitation probability remains low (EPSS 0.06%).
Stored cross-site scripting (XSS) in Void Elementor WHMCS Elements for Elementor Page Builder through version 2.0.1.2 allows authenticated attackers to inject malicious scripts into web pages generated by the plugin, potentially compromising site visitors and administrators. The vulnerability stems from improper input sanitization in page generation functions. No public exploit code or active exploitation has been identified, but the low EPSS score (0.04%) reflects limited real-world attack probability despite the high-impact nature of XSS vulnerabilities.
ChestnutCMS up to version 1.5.8 allows authenticated remote attackers to upload arbitrary files by manipulating the File argument in the FilenameUtils.getExtension function of the /dev-api/common/upload endpoint. The vulnerability bypasses filename extension validation in the Filename Handler component, enabling unrestricted file uploads with low integrity and confidentiality impact. Publicly available exploit code exists; however, the low EPSS score (0.06%) and requirement for prior authentication significantly limit real-world exploitation risk compared to the CVSS base score.
SQL injection in DedeCMS up to version 5.7.118 via the orderby parameter in /freelist_main.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. Publicly available exploit code exists and the vulnerability requires valid user authentication (PR:L) to exploit, significantly limiting real-world risk despite network accessibility.
SQL injection in SeaCMS up to version 13.3 via the e_id parameter in admin_video.php allows authenticated high-privilege attackers to execute arbitrary SQL queries and manipulate database content. The vulnerability requires administrative credentials, limiting real-world impact despite public exploit availability. EPSS score of 0.05% reflects the high privilege requirement needed for exploitation.
Cross-site request forgery (CSRF) in Kunal Custom 404 Pro WordPress plugin through version 3.12.0 allows attackers to perform unauthorized actions on behalf of authenticated administrators without their knowledge or consent. The vulnerability affects all versions up to and including 3.12.0, with no CVSS score assigned at the time of analysis. No public exploit code has been identified, and the EPSS score of 0.02% indicates minimal likelihood of active exploitation despite the moderate technical severity of CSRF flaws.
Cross-site request forgery (CSRF) vulnerability in PluginOps Feather Login Page WordPress plugin versions up to 1.1.7 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users without their knowledge or consent. The vulnerability stems from missing CSRF token validation on plugin functionality, enabling attackers to craft malicious requests that execute when users visit attacker-controlled pages while logged into sites using the vulnerable plugin. No public exploit code or active exploitation has been identified at time of analysis; however, the low EPSS score (0.02%) and lack of CVSS data suggest this may represent a lower-severity implementation gap rather than a critical attack vector in typical WordPress deployments.
Stack-based buffer overflow in sokol_gfx.h function _sg_validate_pipeline_desc allows local authenticated attackers to corrupt stack memory with limited confidentiality and integrity impact. The vulnerability affects sokol up to commit 5d11344150973f15e16d3ec4ee7550a73fb995e0, with patch commit b95c5245ba357967220c9a860c7578a7487937b0 available. Publicly available exploit code exists, though EPSS exploitation probability remains very low at 0.03%, indicating limited real-world attack surface.
Linux kernel AMD platform management controller (PMC) driver lacks Van Gogh SoC suspend handler support, preventing S0ix suspend operations on affected devices and causing GPU driver crashes during resume due to power management failures. ASUS ROG Ally (non-X) handheld gaming devices are directly impacted. Local attackers or unprivileged users can trigger denial of service by attempting system suspend, rendering the device unresponsive and forcing a hard reboot. The vulnerability carries low exploitation probability (EPSS 0.03%) but affects a specific consumer hardware class; upstream patches are available in stable kernel branches.
In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next RIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0 RSP: 0018:ffff888117aafa30 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534 RDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010 RBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028 R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0 Call Trace: <TASK> __ext4_journal_get_create_access+0x42/0x170 ext4_getblk+0x319/0x6f0 ext4_bread+0x11/0x100 ext4_append+0x1e6/0x4a0 ext4_init_new_dir+0x145/0x1d0 ext4_mkdir+0x326/0x920 vfs_mkdir+0x45c/0x740 do_mkdirat+0x234/0x2f0 __x64_sys_mkdir+0xd6/0x120 do_syscall_64+0x5f/0xfa0 entry_SYSCALL_64_after_hwframe+0x76/0x7e The above issue occurs with us in errors=continue mode when accompanied by storage failures. There have been many inconsistencies in the file system data. In the case of file system data inconsistency, for example, if the block bitmap of a referenced block is not set, it can lead to the situation where a block being committed is allocated and used again. As a result, the following condition will not be satisfied then trigger BUG_ON. Of course, it is entirely possible to construct a problematic image that can trigger this BUG_ON through specific operations. In fact, I have constructed such an image and easily reproduced this issue. Therefore, J_ASSERT() holds true only under ideal conditions, but it may not necessarily be satisfied in exceptional scenarios. Using J_ASSERT() directly in abnormal situations would cause the system to crash, which is clearly not what we want. So here we directly trigger a JBD abort instead of immediately invoking BUG_ON.