iccDEV versions before 2.3.1.2 crash when processing specially crafted ICC color profile tags due to improper null pointer validation, causing denial of service on systems using the library. Local attackers with user interaction can trigger this crash through a malicious color profile file. Public exploit code exists for this vulnerability.
iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the signature parser that allows local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, and the issue affects all users of iccDEV's ICC color profile manipulation libraries and tools. A patch is available in version 2.3.1.2 and should be applied immediately.
iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the CIccProfileXml::ParseBasic() function, which can be triggered by local users with minimal privileges through user interaction. Public exploit code exists for this vulnerability, allowing attackers to crash the application and disrupt ICC color profile processing. A patch is available in version 2.3.1.2 and should be applied to affected systems.
iccDEV versions prior to 2.3.1.2 contain a type confusion vulnerability in the CIccTag::IsTypeCompressed() function that allows unauthenticated attackers to cause integrity violations or service disruption by crafting malicious ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to process color management profiles. Public exploit code exists, and a patch is available in version 2.3.1.2.
Authentication bypass in OpenFlagr (the openflagr/flagr feature-flag service) versions up to and including 1.1.18 lets remote unauthenticated attackers reach protected API endpoints by exploiting flawed path normalization in the HTTP middleware's prefix whitelist. Attackers can read and modify feature flags and export sensitive configuration data with no credentials. A public technical writeup ('0day speedrun') exists, but there is no public exploit identified as weaponized and no active exploitation has been confirmed; EPSS is low at 0.13%.
Visualdata versions up to - is affected by inefficient regular expression complexity (redos) (CVSS 5.3).
WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.
MONAI versions up to 1.5.1 contain a path traversal vulnerability in the `_download_from_ngc_private()` function that fails to validate extracted archive contents, allowing attackers to write files outside the intended directory during package extraction. An attacker with user interaction can exploit this via a malicious ZIP file to overwrite arbitrary files on the system. Public exploit code exists for this vulnerability, and a patch is available in commit 4014c8475626f20f158921ae0cf98ed259ae4d59.
Uniffle HTTP client (before 0.10.0) trusts all SSL certificates and disables hostname verification by default, exposing all REST API communication between the CLI and Coordinator to man-in-the-middle attacks.
Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.
Uncontrolled resource consumption in the Python urllib3 HTTP client library (versions 1.22 through 2.6.2) lets a malicious or compromised server crash or exhaust memory on the client by serving a compressed redirect response. When an application streams from an untrusted source with preload_content=False and has not disabled redirects, urllib3 eagerly drains and decompresses the entire redirect body before any read call, ignoring configured read limits, leaving no defense against decompression bombs. EPSS is low (0.03%), there is no public exploit identified at time of analysis, and it is not in CISA KEV, but the bug is broadly reachable given urllib3's ubiquity.
WP Enable WebP (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles through the ParseBasic() function. An attacker can exploit this vulnerability by crafting a specially formatted ICC profile file that triggers memory corruption with high impact on confidentiality, integrity, and availability. Users of the iccDEV library should upgrade to version 2.3.1.2 immediately, as no workarounds are available.
Type confusion in iccDEV versions before 2.3.1.2 allows remote attackers to execute arbitrary code by crafting malicious ICC color profiles that trigger improper type handling in the profile evaluation function. This vulnerability affects any application or user processing ICC profiles through the iccDEV library and requires minimal user interaction to exploit. A patch is available in version 2.3.1.2.
Google Chrome versions prior to 143.0.7499.192 fail to properly enforce policies on WebView tags, allowing attackers who trick users into installing malicious extensions to inject arbitrary scripts and HTML into privileged pages. This vulnerability affects all Chrome users and requires user interaction to exploit, resulting in potential code execution with high impact to confidentiality, integrity, and availability. No patch is currently available.
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. [CVSS 8.8 HIGH]
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. [CVSS 8.8 HIGH]
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. [CVSS 8.8 HIGH]
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. [CVSS 8.6 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. [CVSS 4.3 MEDIUM]
Unauthenticated attackers can manipulate WooCommerce orders and expose customer data in the iPaymu Payment Gateway for WooCommerce plugin (versions up to 2.0.2) due to missing webhook signature verification. An attacker can forge payment confirmations to mark orders as paid without actual payment and enumerate order details to harvest PII including customer names, addresses, and purchase history. No patch is currently available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8. [CVSS 8.1 HIGH]
Concurrent requests in axios4go prior to version 0.6.4 trigger unsynchronized mutations to the shared HTTP client configuration, allowing attackers to manipulate transport settings, timeouts, and redirect handlers across simultaneous operations. Applications using async requests or multiple goroutines with different proxy configurations or handling sensitive credentials are vulnerable to request interception, credential leakage, or denial of service. Upgrade to version 0.6.4 or later to resolve this race condition.
RustFS is a distributed object storage system built in Rust. [CVSS 4.0 MEDIUM]
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. [CVSS 8.0 HIGH]
Unsafe deserialization in Bio-Formats up to version 8.3.0 allows local attackers to execute arbitrary code or cause denial of service by crafting malicious .bfmemo cache files that are automatically loaded during image processing without validation. The Memoizer class deserializes untrusted data from these files, enabling potential remote code execution if suitable Java gadget chains are available on the classpath. No patch is currently available for this vulnerability (CVSS 7.8).
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]
Memory corruption when accessing resources in kernel driver. [CVSS 7.8 HIGH]
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]
Memory corruption while preprocessing IOCTLs in sensors. [CVSS 7.8 HIGH]
Memory Corruption when multiple threads concurrently access and modify shared resources. [CVSS 7.8 HIGH]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Video Collaboration Vc3 Platform Firmware versions up to - contains a security vulnerability (CVSS 7.8).
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Fujitsu Security Solution AuthConductor Client Basic V2 version 2.0.25.0 and earlier contains an origin validation flaw that allows authenticated local attackers to execute arbitrary code with SYSTEM privileges and modify registry values. An attacker with login access to an affected Windows system can exploit this vulnerability to achieve complete system compromise. No patch is currently available.
Frontend File Manager Plugin WordPre versions up to 23.5 contains a security vulnerability (CVSS 7.7).
OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF. [CVSS 7.5 HIGH]
OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack. [CVSS 7.5 HIGH]
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]
Latest Registered Users (WordPress plugin) versions up to 1.4. is affected by missing authorization (CVSS 7.5).
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. [CVSS 7.5 HIGH]
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6. [CVSS 7.5 HIGH]
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. [CVSS 7.1 HIGH]
iccDEV versions before 2.3.1.2 contain an undefined behavior runtime error in ICC color profile processing that allows remote attackers to cause denial of service or data corruption via malformed profile files, requiring only user interaction to trigger. The vulnerability affects all users processing ICC color profiles through the iccDEV library with no available workarounds currently available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1. [CVSS 7.1 HIGH]
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3. [CVSS 7.1 HIGH]