PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%.
Multiple ipTIME router models have a command injection vulnerability in the upnp_relay() function, allowing remote attackers to execute arbitrary OS commands through crafted UPnP requests.
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled data past an allocated heap buffer by submitting a maliciously crafted XBM file, affecting all versions prior to 7.1.2-13 and 6.9.13-38. Because any read or identify operation triggers the flaw, it is reachable through ordinary image upload and conversion pipelines, raising the risk of memory corruption and potential remote code execution. Publicly available exploit code exists and a vendor patch is available, though EPSS exploitation probability remains low (0.08%) and it is not listed in CISA KEV.
MedDream PACS Premium 7.3.6.870 has an arbitrary file read vulnerability in the encapsulatedDoc feature that allows attackers to read sensitive server files including DICOM medical records.
Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.
Server-side request forgery in Chainlit before 2.9.4 lets an authenticated user coerce the server into fetching an attacker-supplied URL, exposing internal network services and cloud metadata endpoints. The flaw lives in the /project/element update flow specifically when Chainlit is deployed with the SQLAlchemy data layer backend, whose element-creation logic issues an outbound HTTP GET against a user-controlled url field and persists the response through the configured storage provider. Publicly available exploit code exists (documented in Zafran's 'ChainLeak' research), though the flaw is not listed in CISA KEV and its EPSS probability is low at 0.04%.
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). [CVSS 7.5 HIGH]
A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. [CVSS 7.5 HIGH]
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components. [CVSS 7.5 HIGH]
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. [CVSS 7.5 HIGH]
Arbitrary file read in Chainlit versions prior to 2.9.4 lets an authenticated user disclose any file readable by the Chainlit service process by abusing the /project/element update flow with a user-controlled path. The server copies the referenced file into the attacker's session and returns a chainlitKey usable at /project/file/<chainlitKey> to exfiltrate contents. Publicly available exploit code exists (documented as part of the 'ChainLeak' research by Zafran), though EPSS is very low (0.03%) and it is not on CISA KEV.
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
Oracle HTTP Server and WebLogic Server Proxy Plug-in have a CVSS 10.0 access control vulnerability allowing unauthenticated network attackers to fully compromise the middleware layer.
Node.js has a CVSS 10.0 permission model bypass that allows Unix Domain Socket connections to completely bypass network restrictions when --allow-net is configured.
Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing meeting participants to execute OS commands on the router.
Cloudflare Wrangler CLI has a CVSS 9.9 command injection vulnerability in the 'wrangler pages deploy' command that allows arbitrary code execution during deployment.
Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.
Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthenticated remote attackers to fully compromise the system.
Advanced Custom Fields: Extended plugin for WordPress has a privilege escalation vulnerability allowing unauthenticated users to gain admin access in all versions up to the latest.
PrismX MX100 AP controller by BROWAN has hard-coded credentials that allow remote attackers to gain full administrative access to the wireless network controller.
Chrome Split View prior to 144.0.7559.59 has a UI spoofing vulnerability that allows remote attackers to display misleading content in the split view interface.
Chrome for Android prior to 144.0.7559.59 has a security UI spoofing vulnerability that allows remote attackers to display misleading security indicators.