Denial of service in Juniper Junos SIP application layer gateway allows unauthenticated remote attackers to crash critical processes by sending malformed SIP messages over TCP, affecting SRX Series and MX Series devices with specific service cards. The vulnerability exploits improper header parsing that triggers an infinite loop and watchdog timer expiration, disabling network traffic flow without requiring authentication or user interaction. No patch is currently available for this high-severity flaw.
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). [CVSS 7.5 HIGH]
An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services. [CVSS 7.5 HIGH]
Juniper SRX Series devices are vulnerable to denial-of-service attacks when processing malformed GTP Modify Bearer Request messages, which trigger an improper lock condition that freezes packet processing threads and causes watchdog timeouts. An unauthenticated network attacker can exploit this without user interaction to crash the forwarding processor and cause complete traffic outages requiring device restart. No patch is currently available for affected Junos OS versions.
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a speci...
Memory-exhaustion denial of service in Google Keras 3.0.0 through 3.13.0 lets a remote attacker crash the Python interpreter by getting a victim to load a malicious .keras model archive. The crafted archive embeds a valid model.weights.h5 HDF5 file whose dataset declares an enormously large shape, so the weight loader attempts to allocate unbounded memory during deserialization. There is no public exploit identified at time of analysis, EPSS risk is low (0.03%), and a vendor fix is available.
Juniper Junos OS and Junos OS Evolved contain a use-after-free vulnerability in the 802.1X authentication daemon that allows authenticated, network-adjacent attackers to crash the process or achieve arbitrary code execution as root by triggering specific port state changes. Exploitation requires precise timing of a change-of-authorization event during port transitions, making reliable exploitation difficult but possible. Systems with 802.1X port-based network access control enabled are affected, and no patch is currently available.
Repeated telemetry collector subscriptions in Juniper Junos OS and Junos OS Evolved trigger a use-after-free vulnerability in the chassis daemon, allowing authenticated network attackers to crash critical processes and cause denial of service. Affected versions prior to 22.4R3-S8, 23.2R2-S5, and 23.4R2 are vulnerable when telemetry-capable daemons experience continuous sensor subscription cycles. No patch is currently available, leaving affected systems exposed until updates are released.
Denial-of-service in Juniper Junos OS Packet Forwarding Engine allows authenticated attackers to crash Forwarding Processor Cards by subscribing to telemetry sensors at scale, forcing service restarts and network disruption. The vulnerability affects Junos versions before 22.4R3-S7, 23.2R2-S4, and 23.4R2, with no patch currently available. Installation of specific YANG sensor packages mitigates the issue.
MAC learning failures in Juniper Junos OS Evolved's Layer 2 Control Protocol Daemon can be triggered by a network-adjacent attacker who repeatedly toggles the management interface, causing label-switched interface MAC address learning to halt while generating excessive logs and consuming high CPU resources. This calculation error (CWE-682) affects availability through denial of service and currently has no available patch. The attack requires network adjacency but no authentication or user interaction.
EVPN-VXLAN traffic interruption in Juniper Junos on EX4k and QFX5k Series platforms allows adjacent network attackers to trigger interface link flaps that cause inter-VNI traffic to drop in configurations using Virtual Port-Link Aggregation Groups. An unauthenticated attacker can exploit this condition to deny service to VXLAN traffic between virtual network identifiers when multiple load-balanced next-hop routes exist for the same destination. No patch is currently available for this vulnerability.
Denial of service in Juniper Junos OS and Junos OS Evolved allows an adjacent IS-IS neighbor to trigger a memory leak in the routing protocol daemon by sending specially crafted update packets. Repeated exploitation exhausts available memory and crashes the rpd process, rendering routing unavailable. No patch is currently available.
Juniper Junos OS Forwarding Plane Crash (FPC) denial of service occurs when a network-adjacent attacker sends a specially crafted ICMPv4 packet with a malformed IP header, causing the affected line card to crash and restart. The attack is limited to directly adjacent networks since upstream routers filter such malformed packets before forwarding. No patch is currently available for this vulnerability affecting multiple Junos OS versions.
The AffiliateX - Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. [CVSS 6.4 MEDIUM]
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. [CVSS 6.1 MEDIUM]
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section [CVSS 6.1 MEDIUM]
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. [CVSS 6.1 MEDIUM]
libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing delegate URI entries in XML catalogs, allowing remote attackers to trigger stack exhaustion and crash applications. This configuration-dependent denial of service requires specially crafted XML input but no authentication, affecting any application using the vulnerable library to parse untrusted catalogs. No patch is currently available.
Denial of service in Traefik versions prior to 2.11.35 and 3.6.7 allows unauthenticated remote attackers to exhaust server resources by establishing incomplete ACME TLS-ALPN connections and leaving them open indefinitely. An attacker can send minimal ClientHello messages with the acme-tls/1 protocol and cease responding, causing goroutines and file descriptors to be held until the entry point becomes unavailable. The vulnerability affects systems with ACME TLS challenge enabled.
Junos Space versions up to 24.1 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these...
An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]
A race condition in Juniper Junos OS on MX10k Series with LC480 or LC2101 line cards allows low-privileged local users to crash line card and potentially chassis daemons by repeatedly executing the 'show system firmware' command. Affected versions include all releases before 21.2R3-S10 and multiple later branches up to 23.2R, with no patch currently available. This denial of service vulnerability requires local access and can be triggered without elevated privileges.
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control...
WP-Members Membership Plugin (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 5.4).
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. [CVSS 5.3 MEDIUM]
Incoming Goods Suite contains a vulnerability that allows attackers to hijack the user's session and gain unauthorized access (CVSS 5.3).
TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated remote attackers over the network. An attacker could extract these hashes and potentially recover credentials to gain unauthorized access to the device. No patch is currently available for this vulnerability.
Zitadel versions prior to 4.9.1 and 3.4.6 contain a user enumeration vulnerability in their login interfaces that allows unauthenticated attackers to discover valid user accounts by testing usernames and user IDs. An attacker can leverage this information disclosure to build lists of existing users for targeted attacks against the identity management platform. The vulnerability has been patched in versions 4.9.1 and 3.4.6.
Incoming Goods Suite exposes component names, versions, and license details to unauthenticated users, enabling attackers to identify and exploit known vulnerabilities in those dependencies. This information disclosure affects any organization running the application and allows remote adversaries to conduct targeted attacks without authentication.
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody. [CVSS 5.3 MEDIUM]
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. [CVSS 4.9 MEDIUM]
Stored XSS in Cisco ISE's web management interface allows authenticated administrators to inject malicious scripts that execute in other users' browsers, potentially compromising sensitive information or hijacking administrative sessions. Exploitation requires valid admin credentials and user interaction, making it suitable for insider threats or compromised accounts. No patch is currently available.
Stored XSS in Cisco Prime Infrastructure and EPNM web management interfaces allows authenticated administrators with high privileges to inject malicious scripts that execute in other users' browsers, potentially enabling session hijacking or credential theft. The vulnerability stems from insufficient input validation in specific data fields and requires valid admin credentials to exploit. No patch is currently available.
Cisco ISE and ISE-PIC's web management interface fails to properly sanitize user input, enabling authenticated admins to inject malicious scripts that execute in other users' browsers. Successful exploitation allows attackers with valid administrative credentials to steal session data or perform actions on behalf of legitimate users through reflected XSS attacks. No patch is currently available.
Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper input handling at a system endpoint, resulting in resource exhaustion and service unavailability. The vulnerability requires valid credentials and network access but no user interaction, affecting the availability of affected devices. No patch is currently available for this medium-severity issue.
Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authenticated users to attacker-controlled websites. This allows threat actors to harvest credentials and conduct phishing attacks against unsuspecting users following successful authentication. The vulnerability requires user interaction but carries minimal complexity, affecting systems accessible over the network.
TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigger system functions like reboot or factory reset without appropriate restrictions. This could enable attackers with low-level credentials to disrupt service availability or erase device configurations. No patch is currently available for this vulnerability.
Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files in restricted directories on the device. The low-privileged access requirement and network-based attack vector create risk for exposure of sensitive data stored on affected devices. No patch is currently available for this vulnerability.
Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended actions on maliciously crafted pages. An attacker could leverage this vulnerability to trick users into divulging sensitive information or modifying device settings without their knowledge or consent.
Incoming Goods Suite exposes sensitive internal system information through error messages accessible to authenticated users, enabling attackers to gather reconnaissance data such as file paths and database details for further exploitation. With network accessibility and low complexity requirements, an attacker with valid credentials can leverage this information disclosure to map the application's architecture and identify additional vulnerabilities.
TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauthenticated attackers to inject malicious scripts executed in authenticated users' browsers. Successful exploitation enables attackers to steal sensitive data from compromised sessions without user knowledge. No patch is currently available.
TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls, enabling unauthorized system modification. The vulnerability requires valid credentials and affects the device's integrity but not confidentiality or availability. No patch is currently available for this firmware issue.
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data. [CVSS 3.8 LOW]
Drag and Drop Multiple File Upload for Contact Form 7 (WordPress plugin) is affected by missing authorization (CVSS 3.7).
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. [CVSS 3.7 LOW]
The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks. [CVSS 3.7 LOW]
A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. [CVSS 3.7 LOW]
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. [CVSS 2.9 LOW]