Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution with user interaction by crafting malicious ICC color profiles. Public exploit code exists for this vulnerability affecting organizations that process color management profiles through the iccDEV libraries. A patch is available in version 2.3.1.2 with no known workarounds prior to upgrading.
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the iccDEV library to manage color data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. Update to version 2.3.1.2 or later to remediate.
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes including code execution, data theft, and denial of service when processing malicious ICC color profiles. The vulnerability exists in the CIccSegmentedCurveXml::ToXml() function and affects any application using the iccDEV library to handle color management data. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2 and later.
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution through malicious ICC color profiles processed by the ToXmlCurve() function. Public exploit code exists for this vulnerability, affecting any application or system using the vulnerable iccDEV library to parse color management profiles. A patch is available in version 2.3.1.2 and should be applied immediately.
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the library to handle color management data. An attacker can trigger the vulnerability through a crafted profile file requiring only user interaction to open, potentially achieving complete system compromise. Public exploit code exists and no patch is currently available.
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the CIccLocalizedUnicode::GetText() function with minimal attack complexity. The vulnerability affects users of the ICC color profile manipulation library and has public exploit code available. Organizations using vulnerable versions should upgrade to 2.3.1.2 or later immediately.
Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows malicious package authors to serve different tarball content on each install because HTTP/HTTPS tarball and git-hosted tarball dependencies are recorded in the lockfile without integrity hashes. Publicly available exploit code exists in the GHSA-7vhp-vf5g-r2fw advisory PoC, though EPSS remains low at 0.01% and the issue is not on CISA KEV. Any project transitively depending on a package that uses an HTTP/git tarball is exposed, and a committed lockfile offers no protection.
{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primarily threatens CI/CD build environments where untrusted inputs may flow into env vars or .npmrc files, and publicly available exploit code exists, though it is not listed in CISA KEV and EPSS is very low at 0.08%.
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows local attackers with user interaction to achieve arbitrary code execution through malicious ICC color profile manipulation in the IccTagXml() function. Public exploit code exists for this vulnerability, which affects all users of the vulnerable iccDEV libraries and tools. A patch is available in version 2.3.1.2.
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. [CVSS 7.5 HIGH]
The MediaWiki CSS extension in versions 1.39, 1.43, and 1.44 contains a path traversal vulnerability that allows unauthenticated remote attackers to read arbitrary files from the server. Public exploit code exists for this vulnerability, enabling attackers to access sensitive information outside the intended directory restrictions. A patch is available and should be applied immediately to affected installations.
Filesystem-Mcp versions up to 0.5.8 contains a vulnerability that allows attackers to bypass directory restrictions by leveraging symlinks within the allowed director (CVSS 7.5).
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. [CVSS 7.5 HIGH]
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . [CVSS 7.2 HIGH]
Missing Origin/Host header validation in Microsoft's Playwright MCP Server (versions before 0.0.40) lets a remote web page reach a developer's locally bound MCP HTTP endpoint through a DNS rebinding attack, causing unauthorized invocation of MCP tool endpoints that drive an automated browser. Publicly available exploit code exists (a proof-of-concept gist and a VulnCheck advisory), though the flaw is not listed in CISA KEV and EPSS probability is low (0.25%, 48th percentile). Exploitation requires that a victim with the server running visit an attacker-controlled page, so this is opportunistic rather than mass-scannable.
The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]
iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagCurve constructor that allows attackers to cause denial of service or data integrity issues when processing malicious ICC color profiles. The vulnerability requires user interaction to trigger and affects anyone using the library to handle color management profiles, with public exploit code already available. Administrators should upgrade to version 2.3.1.2 immediately as no workarounds exist.
Undefined behavior in iccDEV's ICC color profile validation function (versions before 2.3.1.2) allows attackers to cause denial of service or integrity violations when processing specially crafted color profiles. The vulnerability requires user interaction to trigger and affects any application using the iccDEV library to handle ICC profiles. Public exploit code exists for this vulnerability; patched version 2.3.1.2 is available.
iccDEV versions before 2.3.1.2 contain undefined behavior in the CIccTagLut16::Read() function that allows attackers to cause denial of service or data corruption when processing specially crafted ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to handle color management profiles. Public exploit code exists for this issue, though a patch is available in version 2.3.1.2.
Undefined behavior in iccDEV versions before 2.3.1.2 allows remote attackers to cause denial of service or data corruption through maliciously crafted ICC color profiles processed by the library. The vulnerability requires user interaction to open a malicious profile and public exploit code exists. Organizations using iccDEV should upgrade to version 2.3.1.2 or later.
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]
Uncontrolled resource consumption in the Python urllib3 HTTP client library (versions 1.22 through 2.6.2) lets a malicious or compromised server crash or exhaust memory on the client by serving a compressed redirect response. When an application streams from an untrusted source with preload_content=False and has not disabled redirects, urllib3 eagerly drains and decompresses the entire redirect body before any read call, ignoring configured read limits, leaving no defense against decompression bombs. EPSS is low (0.03%), there is no public exploit identified at time of analysis, and it is not in CISA KEV, but the bug is broadly reachable given urllib3's ubiquity.
WP Enable WebP (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles through the ParseBasic() function. An attacker can exploit this vulnerability by crafting a specially formatted ICC profile file that triggers memory corruption with high impact on confidentiality, integrity, and availability. Users of the iccDEV library should upgrade to version 2.3.1.2 immediately, as no workarounds are available.
Type confusion in iccDEV versions before 2.3.1.2 allows remote attackers to execute arbitrary code by crafting malicious ICC color profiles that trigger improper type handling in the profile evaluation function. This vulnerability affects any application or user processing ICC profiles through the iccDEV library and requires minimal user interaction to exploit. A patch is available in version 2.3.1.2.
Google Chrome versions prior to 143.0.7499.192 fail to properly enforce policies on WebView tags, allowing attackers who trick users into installing malicious extensions to inject arbitrary scripts and HTML into privileged pages. This vulnerability affects all Chrome users and requires user interaction to exploit, resulting in potential code execution with high impact to confidentiality, integrity, and availability. No patch is currently available.
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. [CVSS 8.8 HIGH]
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. [CVSS 8.8 HIGH]
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. [CVSS 8.8 HIGH]
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. [CVSS 8.6 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Unauthenticated attackers can manipulate WooCommerce orders and expose customer data in the iPaymu Payment Gateway for WooCommerce plugin (versions up to 2.0.2) due to missing webhook signature verification. An attacker can forge payment confirmations to mark orders as paid without actual payment and enumerate order details to harvest PII including customer names, addresses, and purchase history. No patch is currently available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8. [CVSS 8.1 HIGH]
Concurrent requests in axios4go prior to version 0.6.4 trigger unsynchronized mutations to the shared HTTP client configuration, allowing attackers to manipulate transport settings, timeouts, and redirect handlers across simultaneous operations. Applications using async requests or multiple goroutines with different proxy configurations or handling sensitive credentials are vulnerable to request interception, credential leakage, or denial of service. Upgrade to version 0.6.4 or later to resolve this race condition.
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. [CVSS 8.0 HIGH]
Unsafe deserialization in Bio-Formats up to version 8.3.0 allows local attackers to execute arbitrary code or cause denial of service by crafting malicious .bfmemo cache files that are automatically loaded during image processing without validation. The Memoizer class deserializes untrusted data from these files, enabling potential remote code execution if suitable Java gadget chains are available on the classpath. No patch is currently available for this vulnerability (CVSS 7.8).
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]
Memory corruption when accessing resources in kernel driver. [CVSS 7.8 HIGH]
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]
Memory corruption while preprocessing IOCTLs in sensors. [CVSS 7.8 HIGH]
Memory Corruption when multiple threads concurrently access and modify shared resources. [CVSS 7.8 HIGH]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Video Collaboration Vc3 Platform Firmware versions up to - contains a security vulnerability (CVSS 7.8).
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Fujitsu Security Solution AuthConductor Client Basic V2 version 2.0.25.0 and earlier contains an origin validation flaw that allows authenticated local attackers to execute arbitrary code with SYSTEM privileges and modify registry values. An attacker with login access to an affected Windows system can exploit this vulnerability to achieve complete system compromise. No patch is currently available.
Frontend File Manager Plugin WordPre versions up to 23.5 contains a security vulnerability (CVSS 7.7).
OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF. [CVSS 7.5 HIGH]