A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. [CVSS 6.5 MEDIUM]
Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.
Panda3D's deploy-stub executable up to version 1.10.16 is vulnerable to denial of service through unvalidated stack allocation based on command-line argument counts, allowing local attackers to crash the application by supplying excessive arguments. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw can trigger reliable crashes and undefined behavior during Python interpreter initialization.
Heap buffer overflow in iccDEV's ToneMap parser (versions prior to 2.3.1.2) allows local attackers with user interaction to achieve information disclosure and denial of service, with potential for code execution. Public exploit code exists for this vulnerability. Update to version 2.3.1.2 or later to remediate.
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Denial of service in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to crash applications processing ICC color profiles through a type confusion vulnerability in the XML profile parser. Public exploit code exists for this vulnerability. Users of the iccDEV library should upgrade to version 2.3.1.2 to remediate the issue.
iccDEV versions prior to 2.3.1.2 contain a null pointer dereference vulnerability in ICC color profile processing that causes denial of service when malicious or malformed profiles are processed. Public exploit code exists for this vulnerability, and no patched version is currently available. Users of the iccDEV library who handle untrusted color profiles are at risk of application crashes.
Arbitrary file disclosure in REDAXO's Backup addon allows authenticated users with backup permissions to read any file within the webroot by bypassing directory validation in the file export function. An attacker can manipulate the EXPDIR parameter with path traversal sequences to include unauthorized files in exported archives. Public exploit code exists; a patch is available in version 5.20.2 and later.
iccDEV before version 2.3.1.2 contains a type confusion vulnerability in the XML tag processing function that allows attackers to trigger information disclosure, data modification, or denial of service when processing specially crafted ICC color profiles. Public exploit code exists for this vulnerability, affecting users who process untrusted color profile files with the iccDEV library. A patch is available in version 2.3.1.2 and should be applied immediately.
A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. [CVSS 6.1 MEDIUM]
Cross-site scripting (XSS) in MediaWiki's ProofreadPage extension (versions 1.39, 1.43, 1.44, 1.45) allows attackers to inject malicious scripts through improper input sanitization during web page generation. Public exploit code exists for this vulnerability, which requires user interaction to trigger. A patch is available to remediate the issue.
iccDEV versions before 2.3.1.2 are vulnerable to a null pointer dereference in the CIccTagSparseMatrixArray function when processing ICC color profiles, allowing local attackers with user interaction to cause denial of service or data corruption. Public exploit code exists for this vulnerability. Users should upgrade to version 2.3.1.2 or later to remediate the issue.
House Rental And Property Listing Project versions up to 1.0 is affected by improper access control (CVSS 7.3).
iccDEV versions prior to 2.3.1.2 suffer from denial of service due to undefined behavior triggered by invalid enum values in ICC color profile processing. A local attacker with user interaction can crash the application or cause system instability, and public exploit code exists. The vulnerability affects users of the iccDEV library on affected systems, with patches available in version 2.3.1.2 and later.
Local denial of service in iccDEV versions prior to 2.3.1.2 stems from a stack overflow in the calculator parser component, allowing unauthenticated users to crash the application through crafted input. Public exploit code exists for this vulnerability, which affects Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied immediately.
iccDEV versions prior to 2.3.1.2 are vulnerable to stack overflow through malformed XML calculator macro expansion, allowing local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, which affects ICC color profile manipulation tools used in Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied promptly to mitigate exploitation risk.
iccDEV versions prior to 2.3.1.2 are vulnerable to denial of service through a null pointer dereference in the XML tag parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.
iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the XML parser, allowing local attackers with user interaction to crash the application. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2 and later.
iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the XML calculator parser that allows local attackers to crash the application and cause a denial of service. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 and later.
iccDEV versions before 2.3.1.2 crash when processing specially crafted ICC color profile tags due to improper null pointer validation, causing denial of service on systems using the library. Local attackers with user interaction can trigger this crash through a malicious color profile file. Public exploit code exists for this vulnerability.
iccDEV versions prior to 2.3.1.2 suffer from a null pointer dereference in the signature parser that allows local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, and the issue affects all users of iccDEV's ICC color profile manipulation libraries and tools. A patch is available in version 2.3.1.2 and should be applied immediately.
iccDEV versions prior to 2.3.1.2 are susceptible to denial of service through a null pointer dereference in the CIccProfileXml::ParseBasic() function, which can be triggered by local users with minimal privileges through user interaction. Public exploit code exists for this vulnerability, allowing attackers to crash the application and disrupt ICC color profile processing. A patch is available in version 2.3.1.2 and should be applied to affected systems.
iccDEV versions prior to 2.3.1.2 contain a type confusion vulnerability in the CIccTag::IsTypeCompressed() function that allows unauthenticated attackers to cause integrity violations or service disruption by crafting malicious ICC color profiles. The vulnerability requires user interaction to exploit and affects applications using the iccDEV library to process color management profiles. Public exploit code exists, and a patch is available in version 2.3.1.2.
Visualdata versions up to - is affected by inefficient regular expression complexity (redos) (CVSS 5.3).
MONAI versions up to 1.5.1 contain a path traversal vulnerability in the `_download_from_ngc_private()` function that fails to validate extracted archive contents, allowing attackers to write files outside the intended directory during package extraction. An attacker with user interaction can exploit this via a malicious ZIP file to overwrite arbitrary files on the system. Public exploit code exists for this vulnerability, and a patch is available in commit 4014c8475626f20f158921ae0cf98ed259ae4d59.
Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. [CVSS 4.3 MEDIUM]
RustFS is a distributed object storage system built in Rust. [CVSS 4.0 MEDIUM]
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware [CVSS 6.8 MEDIUM]
Memory corruption while accessing a synchronization object during concurrent operations. [CVSS 6.7 MEDIUM]
Memory corruption while performing sensor register read operations. [CVSS 6.7 MEDIUM]
Memory corruption while parsing clock configuration data for a specific hardware type. [CVSS 6.7 MEDIUM]
Memory corruption while processing shared command buffer packet between camera userspace and kernel. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. [CVSS 6.7 MEDIUM]
Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]
Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. [CVSS 6.7 MEDIUM]
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. [CVSS 6.7 MEDIUM]
Memory corruption while handling sensor utility operations. [CVSS 6.7 MEDIUM]
Memory corruption while processing a config call from userspace. [CVSS 6.7 MEDIUM]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
The Bit Form - Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. [CVSS 6.5 MEDIUM]
The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. [CVSS 6.5 MEDIUM]
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. [CVSS 6.5 MEDIUM]
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. [CVSS 6.5 MEDIUM]
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7. [CVSS 6.5 MEDIUM]
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. [CVSS 6.5 MEDIUM]
Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. [CVSS 6.5 MEDIUM]
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. [CVSS 6.5 MEDIUM]