Signal K Server (for boats) before 2.19.0 allows unauthenticated attackers to hijack the backup restore function by polluting the internal restoreFilePath state via the /validateBackup endpoint. This enables overwriting security.json and other critical files to achieve OS command injection.
Signal K Server before 2.19.0 exposes two features that chain together to steal JWT tokens without authentication: WebSocket-based request enumeration plus unauthenticated polling of access request status. An attacker can hijack admin sessions remotely. PoC available.
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). [CVSS 7.5 HIGH]
Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack (CVSS 7.5).
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. [CVSS 7.2 HIGH]
Signal K Server is a server application that runs on a central hub in a boat. [CVSS 6.3 MEDIUM]
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. [CVSS 7.3 HIGH]
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. [CVSS 7.3 HIGH]
A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. [CVSS 7.3 HIGH]
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.
Online Guitar Store versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Signal K Server is a server application that runs on a central hub in a boat. [CVSS 5.3 MEDIUM]
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. [CVSS 4.3 MEDIUM]
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. [CVSS 8.1 HIGH]
Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. [CVSS 8.1 HIGH]
A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. [CVSS 7.8 HIGH]
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CVSS 7.5 HIGH]
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]
The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the `upload_function()` method. [CVSS 6.4 MEDIUM]
A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. [CVSS 6.3 MEDIUM]
A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. [CVSS 6.3 MEDIUM]
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. [CVSS 4.7 MEDIUM]
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. [CVSS 2.4 LOW]
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. [CVSS 5.3 MEDIUM]
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. [CVSS 5.3 MEDIUM]
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. [CVSS 3.3 LOW]
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. [CVSS 5.3 MEDIUM]
Eopkg package manager versions before 4.4.0 fail to enforce the --destdir installation path, allowing malicious packages to write files to arbitrary locations on the host filesystem. An attacker can exploit this by distributing a compromised package that bypasses the intended installation directory, potentially overwriting system files or placing malicious content outside the sandboxed installation path. Users are only at risk if installing packages from untrusted or compromised sources; Solus repository packages are unaffected.
Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.
The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet. [CVSS 5.3 MEDIUM]
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists. [CVSS 5.3 MEDIUM]
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). [CVSS 4.9 MEDIUM]
The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'my_sticky_elements_bulks' function in all versions up to, and including, 2.3.3. [CVSS 4.3 MEDIUM]
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. [CVSS 3.4 LOW]
A flaw has been found in go-sonic sonic versions up to 1.1.4. is affected by server-side request forgery (ssrf) (CVSS 4.7).
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.