CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]
D-Link D-View 8 versions 2.0.1.107 and below allow authenticated users to bypass access controls on backend API endpoints and retrieve credential data for arbitrary accounts, including administrators. An attacker can leverage exposed credentials to directly authenticate as any user and gain full administrative control over the D-View system. A patch is available to address this high-severity improper access control vulnerability.
Unauthorized API access in Apache Solr 5.3.0 through 9.10.0 allows unauthenticated attackers to bypass the RuleBasedAuthorizationPlugin due to insufficient input validation in permission rule enforcement. This vulnerability affects only deployments using multiple roles with specific predefined permissions like config-read, config-edit, schema-read, metrics-read, or security-read without the "all" permission rule defined. Successful exploitation grants attackers unauthorized access to sensitive Solr APIs, potentially exposing configuration and security data.
Fleet device management software versions prior to 4.78.3 suffer from broken access control that permits any authenticated user, including low-privilege observers, to access debug and profiling endpoints. Attackers can leverage this vulnerability to extract sensitive server diagnostics, runtime profiling data, and application state, or trigger CPU-intensive operations resulting in denial of service. The vulnerability affects multiple Fleet versions and has patches available.
Arbitrary code execution in ServerView Agents for Windows installer results from insecure DLL loading, allowing local attackers with user privileges to execute malicious code with administrator rights during installation. The vulnerability affects Fsas Technologies Inc.'s installer component and currently has no available patch. An attacker with physical or local access can exploit this during the installation process to achieve full system compromise.
Arbitrary code execution in Seroval versions 1.4.0 and below allows authenticated attackers to execute malicious JavaScript through improper deserialization handling in the fromJSON and fromCrossJSON functions. Exploitation requires multiple requests to the affected function and partial knowledge of runtime data usage, but grants full code execution capabilities. A patch is available in version 1.4.1 and later.
to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 versions up to 9.18.43 is affected by reachable assertion (CVSS 7.5).
Claude Code versions prior to 2.0.65 allow attackers to steal Anthropic API keys from users by crafting malicious repositories that redirect API calls to attacker-controlled servers before the trust confirmation dialog appears. When a victim opens an infected repository, the tool automatically reads malicious configuration settings and sends API requests containing credentials before displaying any security prompt, enabling credential theft. Users should upgrade to version 2.0.65 or later, though auto-update users have already received the patch.
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. [CVSS 7.4 HIGH]
Seroval is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.3).
D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks that execute with administrator privileges when a user approves a UAC prompt. An attacker can place a malicious version.dll file in the installer directory to achieve arbitrary code execution with system-level access. This vulnerability affects users installing or updating D-View 8 on Windows systems.
Unauthenticated adjacent network attackers can exploit a logic vulnerability in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0 to execute administrative commands such as factory reset and device reboot without credentials. This allows attackers to cause loss of device configuration and service disruption on vulnerable routers. No patch is currently available for this high-severity vulnerability affecting both router models.
Apache Solr 8.6 through 9.10.0 in standalone mode fails to properly validate the "create core" API parameters, allowing authenticated users to bypass the allowPaths security restriction and access unauthorized filesystem locations. On Windows systems configured with UNC path support, this vulnerability can lead to NTLM credential hash disclosure. Affected deployments using the allowPaths setting are at risk of unauthorized core creation and information exposure.
Backstage Scaffolder actions and archive extraction utilities are vulnerable to symlink-based path traversal attacks, allowing authenticated users with template creation privileges to read sensitive files, delete arbitrary files outside the workspace, or write malicious files via crafted symlinks in tar/zip archives. This affects deployments where users can create or execute Scaffolder templates, with no patch currently available for versions prior to @backstage/backend-defaults 0.12.2.