An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. [CVSS 6.1 MEDIUM]
Container management vulnerability allows authenticated users to escape to the host filesystem with read/write access. CVSS 9.9 with scope change.
NOAA PMEL Live Access Server (LAS) has unauthenticated RCE through PyFerret SPAWN commands embedded in requests. Scientific data servers running LAS are vulnerable to complete compromise.
Omnispace Agora Project (before 25.10) allows RCE through crafted PDF upload that exploits the ImageMagick MSL engine via the thumbnail function.
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file. [CVSS 5.5 MEDIUM]
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file. [CVSS 5.5 MEDIUM]
A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. [CVSS 5.5 MEDIUM]
A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 5.5 MEDIUM]
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file. [CVSS 5.5 MEDIUM]
Rdp Manager versions up to 4.9.9.3 is affected by allocation of resources without limits or throttling (CVSS 5.5).
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. [CVSS 5.5 MEDIUM]
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. [CVSS 5.5 MEDIUM]
Mitel MiVoice MX-ONE 7.3-7.8 SP1 has authentication bypass in the Provisioning Manager. Unauthenticated attackers can access user or admin accounts in the VoIP management system.
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer. [CVSS 5.4 MEDIUM]
Wireless Mini Router Wireless-N 300M Firmware versions up to 28k.minirouter.20190211 is affected by cross-site scripting (xss) (CVSS 5.4).
Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. [CVSS 5.4 MEDIUM]
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration. [CVSS 5.3 MEDIUM]
Improper URI path normalization in Vert.x Web's static file handler allows remote attackers to manipulate the cache and deny access to static files through specially crafted request URIs containing encoded path traversal sequences. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction to cause denial of service by returning HTTP 404 responses for normally accessible files. Public exploit code exists and patches are available.
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. [CVSS 5.3 MEDIUM]
Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise through malicious containers.
SvelteKit 2.19.0-2.49.4 has SSRF/DoS affecting applications with prerendered routes. Can be exploited to make the server perform arbitrary requests or become unresponsive. Patch available.
Altium Forum has stored XSS in forum posts with scope change (CVSS 9.0). Authenticated attackers can inject JavaScript that executes in other users' sessions, including accessing Altium design tools and project data.
Supreme Modules Lite (WordPress plugin) versions up to 2.5.62. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Agora-Project versions up to 25.10 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. [CVSS 4.8 MEDIUM]
A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges. [CVSS 8.8 HIGH]
Stored XSS in LaSuite Doc versions 3.8.0 through 4.3.0 allows authenticated users with document editing privileges to inject malicious JavaScript URLs into the Interlinking feature, which execute when other users click the crafted links. This vulnerability affects the collaborative documentation platform's security model by enabling arbitrary code execution in victims' browsers. A patch is available in version 4.4.0.
Pimcore versions up to 12.3.1 is affected by insertion of sensitive information into log file (CVSS 8.6).
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
Pimcore Admin Classic Bundle versions prior to 2.2.3 and 1.7.16 fail to enforce proper authorization on the Predefined Properties API endpoint, allowing authenticated backend users without explicit permissions to enumerate all property configurations. Public exploit code exists for this vulnerability. The flaw impacts any Pimcore deployment where backend user access controls rely on role-based restrictions for sensitive metadata definitions.
Pimcore versions prior to 12.3.1 and 11.5.14 fail to properly validate authorization on the static routes API endpoint, allowing authenticated users without proper permissions to view sensitive route configurations including regex patterns and controller mappings. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects both PHP and Pimcore installations where backend users with limited privileges could gain unauthorized access to routing infrastructure details.
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. [CVSS 8.2 HIGH]
Stored XSS in Altium Workflow Engine allows authenticated users to inject malicious scripts into workflow forms that execute with administrator privileges when viewed. An attacker can exploit this to escalate privileges, create new admin accounts, steal session tokens, and perform arbitrary administrative actions. No patch is currently available for the on-premises enterprise server deployment.
Stored XSS in Altium Live user profile fields allows authenticated attackers to inject malicious scripts that execute when other users view the compromised profile, potentially enabling session hijacking or phishing attacks. The vulnerability stems from inadequate server-side input validation that fails to properly sanitize whitespace-based attribute injection techniques. Exploitation requires a valid user account and victim interaction but carries high risk due to cross-site impact affecting other platform users.
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. [CVSS 7.5 HIGH]
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. [CVSS 7.5 HIGH]
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). [CVSS 7.5 HIGH]
GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. [CVSS 7.5 HIGH]
Malformed SSL packets can trigger a Denial-of-Service condition in Juniper SRX devices running Junos OS with UTM Web-Filtering enabled, causing Forwarding Processor Card (FPC) crashes and restarts without requiring authentication. An unauthenticated network-based attacker can exploit this input validation flaw in the Web-Filtering module to disrupt device availability across affected Junos versions (23.2R2-S2 through 24.4R2). No patches are currently available for earlier Junos versions, and affected systems remain vulnerable until updates are applied.
Unauthenticated remote attackers can crash Palo Alto Networks PAN-OS firewalls through repeated requests, forcing the devices into maintenance mode and causing denial of service. This vulnerability affects Palo Alto firewalls and Prisma Access deployments with no available patch, creating ongoing operational risk. The attack requires no authentication or user interaction and can be exploited over the network.
TDC X401gl devices with unpatched firmware lack proper authorization controls for critical system functions, enabling unauthenticated remote attackers to arbitrarily start, stop, or delete applications and cause denial of service. This network-accessible vulnerability requires no user interaction and affects all default configurations. No patch is currently available.
Stack memory disclosure in GNU C Library versions 2.0-2.42 allows unauthenticated remote attackers to leak sensitive stack contents via crafted DNS queries when getnetbyaddr functions are configured to use the DNS backend for network lookups. This vulnerability affects systems running vulnerable Glibc and DNS resolver combinations, with no available patch currently released.
SvelteKit versions 2.49.0 through 2.49.4 are vulnerable to denial-of-service attacks through the experimental form remote function, which fails to properly validate binary-encoded form payloads and can be exploited to exhaust server memory. An unauthenticated remote attacker can craft a malicious payload to trigger excessive memory allocation, rendering affected applications unavailable. The vulnerability is resolved in version 2.49.5.
TDC X401GL firmware contains hardcoded default credentials for privileged user accounts, enabling unauthenticated attackers to gain unauthorized administrative access over the network. This vulnerability affects all deployments using default configurations and could allow attackers to compromise system integrity and perform unauthorized operations. No patch is currently available.
Juniper Junos OS SRX Series suffers a denial of service vulnerability in the packet forwarding engine when PowerMode IPsec and GRE performance acceleration are both enabled, allowing remote attackers to crash the device by sending a specially crafted ICMP packet through a GRE tunnel. The crash results in immediate traffic loss and device restart, affecting systems with both features active on vulnerable SRX platforms. No patch is currently available.
Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.
Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.
Denial-of-service attacks against Juniper SRX Series devices running Junos OS 23.4 through 24.4 can be triggered remotely by sending a maliciously crafted DNS request, causing the flowd process to crash and interrupt service until recovery completes. The vulnerability stems from an unchecked return value in the DNS module that allows unauthenticated, network-based attackers to exploit DNS-enabled SRX configurations without any user interaction. No patch is currently available for affected versions.
Juniper Networks Junos OS on SRX and MX Series is vulnerable to a double free condition in the flow processing daemon that an unauthenticated network attacker can trigger via a specific TCP packet sequence, causing the daemon to crash and the Fabric Routing Card to restart. This denial-of-service vulnerability affects all versions before 22.4R3-S7, 23.2 before 23.2R2-S3, 23.4 before 23.4R2-S4, and 24.2 before 24.2R2, with no patch currently available. An attacker on the network can exploit this vulnerability without authentication or user interaction to disrupt service availability.
Unauthenticated network-based attackers can cause a denial of service on Juniper EX4000-48T, EX4000-48P, and EX4000-48MP switches by sending high-volume traffic that crashes the FXPC component and forces a device restart. The vulnerability stems from improper resource initialization in the Internal Device Manager and results in complete service outage until automatic recovery completes. Affected versions include Junos OS 24.4 before 24.4R2 and 25.2 before 25.2R1, with no patch currently available.