Lodash versions up to 4.17.22 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 5.3).
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. [CVSS 6.5 MEDIUM]
EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. [CVSS 6.5 MEDIUM]
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests. [CVSS 6.2 MEDIUM]
SQLBot is an intelligent data query system based on a large language model and RAG. [CVSS 6.1 MEDIUM]
Copier versions before 9.11.2 allow local attackers to read arbitrary files outside the template directory by exploiting symlink handling when the default `_preserve_symlinks: false` setting is enabled, bypassing the library's safety guarantees for templates that don't require the unsafe flag. An attacker with local access can leverage this to access sensitive files through a malicious or compromised template. Public exploit code exists for this vulnerability.
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. [CVSS 5.4 MEDIUM]
Stored XSS in Docmost 0.3.0-0.23.2 allows authenticated users to execute arbitrary JavaScript in the browsers of document viewers through malicious Mermaid diagram code blocks. The vulnerability exists because unsanitized SVG/HTML output from Mermaid rendering is directly injected into the DOM, and Mermaid's security controls can be disabled via diagram directives. Public exploit code exists for this vulnerability, which is fixed in version 0.24.0.
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. [CVSS 5.4 MEDIUM]
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. [CVSS 5.3 MEDIUM]
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. [CVSS 5.3 MEDIUM]
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. [CVSS 5.4 MEDIUM]
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. [CVSS 4.6 MEDIUM]
Everest EV charging software prior to version 2025.9.0 contains an improper pointer arithmetic flaw in error handling where integer values are concatenated to strings, allowing local operators with high privileges to read sensitive memory regions including heap and stack data. Public exploit code exists for this vulnerability. The flaw requires user interaction and is resolved in version 2025.9.0, though patches remain unavailable for affected earlier versions.
A null pointer dereference in the Linux kernel's socket error queue handling causes a denial of service when CONFIG_HARDENED_USERCOPY is enabled and applications attempt to retrieve error messages via recvmsg(). Local attackers with user privileges can trigger a kernel panic by reading from the socket error queue on affected systems running vulnerable kernel versions.
A flaw was found in the keycloak-services component of Keycloak. [CVSS 6.5 MEDIUM]
The resolveSafeChildPath function in Backstage's backend-plugin-api prior to version 0.1.17 improperly validates symlink chains and dangling symlinks, allowing authenticated attackers to bypass path traversal protections used by Scaffolder actions and other backend components. An attacker with low privileges could exploit this to access files outside the intended directory boundaries by chaining intermediate symlinks or creating symlinks pointing to non-existent paths that are later materialized during file operations. This affects Backstage installations relying on the vulnerable path validation function for security isolation.
Improper file permissions in Cisco Intersight Virtual Appliance's maintenance shell allow authenticated administrators to escalate privileges to root and gain full control of the system. An attacker with local administrative access can manipulate configuration files to bypass intended privilege restrictions, potentially compromising sensitive data and workload configurations. No patch is currently available for this vulnerability.
A null pointer dereference in the Linux kernel's QFQ packet scheduler (net/sched/sch_qfq) allows local attackers with user privileges to cause a denial of service by deactivating an inactive aggregate during qdisc reset operations. The vulnerability occurs when multiple QFQ qdisc instances share a leaf qdisc, causing incorrect state assumptions during cleanup. A patch is available to resolve this issue.
fleetdm/fleet is open source device management software. [CVSS 5.4 MEDIUM]
Authenticated staff users in Saleor e-commerce platform versions 3.0.0 through 3.22.26 can upload malicious HTML and SVG files containing JavaScript that execute in users' browsers when served from the same domain as the dashboard, potentially allowing token theft. An attacker with staff privileges could craft script injections to compromise other staff members' sessions and access tokens. This vulnerability affects deployments where media files are hosted on the same domain as the dashboard and patches are available in versions 3.20.108, 3.21.43, and 3.22.27.
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]
SSH service disruption in Cisco IEC6400 Wireless Backhaul Edge Compute Software allows unauthenticated remote attackers to trigger denial of service through connection flooding due to missing rate limiting protections. An attacker can render the SSH service unresponsive by launching a DoS attack against the SSH port, though other device operations remain functional during the attack. No patch is currently available.
Flux Operator versions 0.36.0 through 0.39.x contain an authentication bypass in the Web UI that allows authenticated users to escalate privileges and execute API requests with the operator's service account permissions. The vulnerability affects deployments where OIDC providers issue incomplete token claims or custom CEL expressions evaluate to empty values, bypassing Kubernetes RBAC impersonation controls. Cluster administrators running affected Flux Operator versions should upgrade to 0.40.0 or later.
M-Files Server before version 26.1.15632.3 can be crashed by authenticated administrators with vault privileges through an unsafe API endpoint, resulting in service disruption. This denial-of-service vulnerability requires high-level privileges and network access, making it a limited-scope threat to organizations running vulnerable versions. No patch is currently available.
Saleor is an e-commerce platform. [CVSS 4.8 MEDIUM]
Stored XSS vulnerabilities in Cisco Packaged CCE and Unified CCE web management interfaces allow authenticated attackers to inject malicious scripts by exploiting insufficient input validation. Successful exploitation enables arbitrary script execution within the management interface context or theft of sensitive browser-based information from authorized users. No patch is currently available; exploitation requires high-level privileges and user interaction.
Stored XSS vulnerabilities in Cisco Packaged CCE and Unified CCE web management interfaces allow authenticated attackers to inject malicious scripts that execute in the context of other users' browsers, potentially enabling session hijacking or sensitive data theft. The vulnerability stems from inadequate input validation on specific interface pages and requires high-privilege account access and user interaction to exploit. No patch is currently available for this medium-severity issue (CVSS 4.8).
Libocpp versions up to 0.30.1 is affected by allocation of resources without limits or throttling (CVSS 4.7).
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. [CVSS 4.3 MEDIUM]
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. [CVSS 4.3 MEDIUM]