Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution. [CVSS 7.2 HIGH]
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. [CVSS 7.2 HIGH]
SQL injection in WeGIA's Atendido_ocorrenciaControle endpoint allows authenticated attackers to manipulate the id_memorando parameter and extract entire databases, exposing sensitive personal information and potentially reading arbitrary files on misconfigured systems. Public exploit code exists for this vulnerability affecting WeGIA versions prior to 3.6.2. A patch is available in version 3.6.2 and should be deployed immediately to affected charitable institution management systems.
Authenticated command injection in TOA Corporation TRIFORA 3 series network cameras allows low-privilege monitoring users to execute arbitrary OS commands on affected devices. The vulnerability requires valid credentials but no user interaction, making it exploitable by insiders or accounts obtained through credential compromise. No patch is currently available for this high-severity flaw affecting network infrastructure.
All-in-One Video Gallery (WordPress plugin) versions up to 4.5.7. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Arbitrary file upload in Joomla's Easy Discuss component allows authenticated attackers to bypass file validation by spoofing extensions, since the component relies solely on extension checks without verifying MIME types. An attacker with user privileges can upload malicious files to achieve remote code execution on affected systems. No patch is currently available.
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server. [CVSS 8.8 HIGH]
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server. [CVSS 8.8 HIGH]
Stored cross-site scripting in ConnectWise PSA versions before 2026.1 allows authenticated users to inject malicious scripts into Time Entry notes that execute in other users' browsers when viewed in the audit trail. An attacker with legitimate access could leverage this to steal session tokens, perform unauthorized actions, or compromise other users within the PSA system. No patch is currently available.
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server. [CVSS 8.4 HIGH]
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. [CVSS 8.4 HIGH]
Restrict Content versions up to 3.2.16 is affected by authorization bypass through user-controlled key (CVSS 8.2).
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. [CVSS 8.1 HIGH]
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120. [CVSS 8.1 HIGH]
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files. [CVSS 8.1 HIGH]
Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.
The wlc Weblate command-line client prior to version 1.17.2 is vulnerable to arbitrary file write attacks through path traversal when downloading multi-translations from a malicious or compromised server. An authenticated attacker can exploit this vulnerability by crafting a specially designed server response to write files to arbitrary locations on the victim's system, potentially compromising system integrity. This vulnerability affects wlc versions before 1.17.2 and is fixed in the patched version.
SteelSeries Nahimic 3 1.10.7 allows Directory traversal. [CVSS 7.8 HIGH]
Delta Electronics DIAView has Command Injection vulnerability. [CVSS 7.8 HIGH]
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 7.8 HIGH]
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
Arbitrary file read vulnerability in Kafka Connect BigQuery Connector prior to version 2.11.0 allows authenticated attackers to read sensitive files by injecting malicious credential configurations through improperly validated credential_source parameters. An attacker with connector configuration privileges can exploit this to access arbitrary files on the system or perform server-side request forgery attacks against internal endpoints. No patch is currently available for affected Apache Kafka deployments.
Umbraco Forms versions up to 8.13.16 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.5).
Gotac's Statistics Database System lacks authentication controls on query functionality, enabling unauthenticated remote attackers to directly access and retrieve sensitive database contents. With a CVSS score of 7.5, this vulnerability poses a significant confidentiality risk to organizations running affected versions, and no patch is currently available.
Gotac's Statistics Database System is vulnerable to unauthenticated path traversal attacks that enable remote attackers to read arbitrary files from affected systems without authentication. The vulnerability affects industrial and statistics database deployments, allowing an attacker to download sensitive system files and potentially obtain confidential data. No patch is currently available for this high-severity vulnerability.
Gotac's Police Statistics Database System is vulnerable to unauthenticated arbitrary file read attacks via absolute path traversal, enabling remote attackers to download sensitive system files without authentication. The vulnerability carries high severity (CVSS 7.5) with broad network accessibility and no user interaction required. No patch is currently available, leaving affected deployments at risk until remediation is released.
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or la...
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. [CVSS 7.5 HIGH]
pyasn1 is a generic ASN.1 library for Python. versions up to 0.6.2 is affected by allocation of resources without limits or throttling (CVSS 7.5).
The Librarian's web_fetch tool can be exploited via SSRF to perform unauthorized GET requests against internal IP addresses and cloud services within the Hertzner environment, allowing attackers to conduct port scanning and reconnaissance of the infrastructure. This unauthenticated network-based attack requires no user interaction and could expose sensitive internal services and their configurations. While the vendor has released patches, exploitation remains possible on unpatched instances.
TheLibrarian's web_fetch tool can expose the Adminer interface, enabling unauthenticated remote attackers to obtain credentials for the internal backend system. This high-severity vulnerability affects AI/ML deployments and TheLibrarian installations, with no patch currently available. An attacker with network access could leverage the exposed interface to gain unauthorized administrative access to the backend infrastructure.
The Librarian's web_fetch tool permits attackers to retrieve arbitrary external content and proxy requests through the application's infrastructure without authentication, resulting in information disclosure. This network-accessible vulnerability affects all versions of The Librarian AI/ML product and has high severity due to its ease of exploitation and potential for infrastructure abuse. A vendor patch is currently unavailable.
HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk [CVSS 7.4 HIGH]
Gradle versions before 9.3.0 fail to properly handle certain exceptions during dependency resolution, allowing attackers who control a repository to serve malicious artifacts by disrupting legitimate repository services. When transient errors occur, Gradle incorrectly continues to the next configured repository instead of disabling the failing source, enabling attackers to intercept and redirect dependency resolution to attacker-controlled repositories. This vulnerability affects Java builds using vulnerable Gradle versions and requires network-level control over a repository to exploit.
Gradle before version 9.3.0 fails to treat certain dependency resolution exceptions as fatal errors, allowing builds to continue using alternate repositories when encountering unresolvable hostnames. An attacker could exploit this by registering a domain matching a typo or lapsed registration to intercept and supply malicious dependencies to affected builds. This affects Java projects using vulnerable Gradle versions with multiple configured repositories.
blank indicator in custom-sized new windows in Dia versions up to 1.9.0 is affected by improper restriction of rendered ui layers or frames (CVSS 7.4).
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. [CVSS 7.4 HIGH]
The Librarian's web_fetch tool can access the supervisord status page, exposing information about running backend processes to unauthenticated remote attackers. This information disclosure vulnerability (CVSS 7.3) affects AI/ML deployments and could enable attackers to map internal service architecture and identify targets for further exploitation. No patch is currently available for this vulnerability.
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication. [CVSS 7.2 HIGH]
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image. [CVSS 7.2 HIGH]
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. [CVSS 7.1 HIGH]
Chromium-based Microsoft Edge contains a privilege management flaw that enables local authenticated users to circumvent security controls through improper access restrictions. An authorized attacker can exploit this vulnerability to gain unauthorized capabilities on the affected system, though the specific security feature being bypassed is not detailed. No patch is currently available for this high-severity issue.
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios. [CVSS 7.1 HIGH]