OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD parameters, enabling potential RCE.
Victor Cms versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory. [CVSS 8.8 HIGH]
Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. [CVSS 8.2 HIGH]
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. [CVSS 8.2 HIGH]
Arbitrary file deletion in ConvertX prior to version 0.17.0 allows authenticated attackers to remove files outside the intended upload directory by exploiting insufficient path validation in the POST /delete endpoint. The vulnerability enables attackers to supply path traversal sequences that bypass directory restrictions, with impact limited only by server process permissions. Public exploit code exists for this HIGH severity flaw, though a patch is available in version 0.17.0.
MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes in HTML reports, allowing attackers to inject malicious JavaScript by uploading crafted APK files. Public exploit code exists for this vulnerability, and successful exploitation enables session hijacking and account takeover of security analysts using the framework. Upgrade to version 4.4.5 or later to remediate.
its Windows service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. [CVSS 7.8 HIGH]
MotoHelperService.exe service contains a vulnerability that allows attackers to potentially inject malicious code (CVSS 7.8).
PST Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup. [CVSS 7.8 HIGH]
ElevationService executable contains a vulnerability that allows attackers to potentially inject malicious code (CVSS 7.8).
its service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. [CVSS 7.8 HIGH]
Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
Stack-based buffer overflow in GnuPG's tpm2daemon (versions before 2.5.17) allows a local attacker to corrupt the daemon's stack by sending a crafted PKDECRYPT command targeting TPM-backed RSA or ECC keys, potentially achieving arbitrary code execution in the daemon's context. The flaw affects GnuPG and the bundled Gpg4win distribution and has been patched by upstream and major Linux vendors (Red Hat, SUSE). Publicly available exploit code exists, though the EPSS score is negligible (0.01%) and it is not listed in CISA KEV (no public exploit identified as actively exploited in the wild).
Kyverno versions up to 1.16.3 is affected by allocation of resources without limits or throttling (CVSS 7.7).
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. [CVSS 7.5 HIGH]
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability. [CVSS 7.5 HIGH]
Tapinradio versions up to 2.13.7 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Anythingllm versions up to 1.10.0 contains a vulnerability that allows attackers to complete compromise of the semantic search / retrieval functionality and indirec (CVSS 7.5).
Arbitrary file write in python-multipart prior to 0.0.22 lets remote attackers place uploaded files outside the intended upload directory by supplying a filename that begins with an absolute path (e.g. '/etc/...'). The flaw only manifests in deployments that enable the non-default options UPLOAD_DIR plus UPLOAD_KEEP_FILENAME=True, where os.path.join silently discards the configured directory. Publicly available exploit code exists (Exploit-DB 52543, GHSA-wp53-j4wj-2cfg), though EPSS is very low (0.03%, 7th percentile) and it is not in CISA KEV.
Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.
AnythingLLM versions prior to 1.10.0 contain a path traversal vulnerability in the DrupalWiki integration that allows malicious administrators or attackers with admin privileges to write arbitrary files to the server, potentially achieving remote code execution through configuration file overwriting or malicious script injection. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. The attack requires high-level privileges but carries critical risk due to the ability to completely compromise server integrity.
vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. The vulnerability affects users running vLLM's multimodal features with untrusted input.
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. [CVSS 7.1 HIGH]
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes. [CVSS 8.8 HIGH]
Firefox versions prior to 147.0.2 contain a use-after-free vulnerability in the Layout: Scrolling and Overflow component that can be triggered by user interaction, allowing remote attackers to achieve code execution with high integrity and confidentiality impact. The vulnerability requires network access and user interaction but does not require authentication, making it exploitable through malicious web content. No patch is currently available for this vulnerability.
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 8.8).
Ghost is an open source content management system. [CVSS 8.8 HIGH]
A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service.
Dashboard permission API fails to validate scope boundaries, allowing authenticated users with permission management rights on any single dashboard to read and modify permissions across all organization dashboards. This privilege escalation affects multi-user dashboard environments where permission isolation is expected. No patch is currently available.
Unsafe deserialization in PHPUnit versions before 8.5.52, 9.6.33, 10.5.62, 11.5.50, and 12.5.8 allows local attackers to execute arbitrary code by placing malicious serialized objects in `.coverage` files that are deserialized without validation during PHPT test execution. An attacker with file write access can exploit the `cleanupForCoverage()` method's lack of object class restrictions to trigger gadget chains through `__wakeup()` methods. This high-severity vulnerability (CVSS 7.8) affects developers and CI/CD systems running PHPUnit on Linux systems.
Memory corruption in ThreadX RTOS CreateCounter() function allows local attackers with user privileges to trigger hard faults or corrupt kernel memory by exhausting the counter pool, which causes an unchecked error code to be cast as a wild pointer. The vulnerability stems from incorrect error validation logic that fails to detect counter allocation failures, enabling subsequent writes to arbitrary memory addresses. No patch is currently available.
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access. [CVSS 7.8 HIGH]
An integer overflow vulnerability in yoyofr modizer before version 4.1.1 allows local attackers with user interaction to achieve high-impact compromise including confidentiality, integrity, and availability violations. The vulnerability requires local access and user interaction to trigger, enabling attackers to execute arbitrary code or cause denial of service through integer wraparound conditions. No patch is currently available for this vulnerability.
Out-of-bounds memory read in Rinnegatamante lpp-vita before version r6 allows local attackers with user interaction to read sensitive data, modify memory, or crash the application. The vulnerability requires local access and user interaction to trigger, affecting the integrity and confidentiality of affected systems. No patch is currently available.
ASDA-Soft Stack-based Buffer Overflow Vulnerability [CVSS 7.8 HIGH]
NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. [CVSS 7.5 HIGH]
Unauthenticated remote attackers can crash core system services on Tapo C220 and C520WS cameras by sending specially crafted files to the firmware update endpoint, bypassing authentication and integrity checks. This results in a persistent denial of service condition that requires manual device reboot to restore functionality. No patch is currently available for affected firmware versions.
Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3 traffic triggers excessive memory consumption, potentially exhausting system memory and causing the service to crash. An unauthenticated attacker on the network can exploit this by sending malicious DNP3 packets to cause the IDS/IPS engine to become unavailable. A patch is available in the latest versions, and users can mitigate the risk by disabling the DNP3 parser if not required.
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. [CVSS 7.5 HIGH]
A memory leak in is-Engine before version 3.3.4 allows remote attackers to cause a denial of service by exhausting server memory without requiring authentication or user interaction. The vulnerability affects all versions of is-Engine prior to 3.3.4 and has a high CVSS score of 7.5 due to its network-accessible nature and ease of exploitation. No patch is currently available for this issue.
Commander-Genius prior to pull request 358 contains an out-of-bounds write vulnerability that allows remote attackers to cause denial of service through network access without authentication or user interaction. The vulnerability stems from improper memory boundary validation in the application, enabling attackers to crash the service or potentially execute arbitrary code. No patch is currently available for this issue.
Ix Ray Engine 1.6 before version 1.3 contains an infinite loop vulnerability that allows remote attackers to cause denial of service without authentication or user interaction. The flaw stems from an unreachable exit condition in a processing loop, enabling attackers to exhaust system resources and render the application unresponsive. No patch is currently available for this high-severity issue.
Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation and cause denial of service by sending specially crafted DCERPC traffic. The vulnerability affects versions prior to 8.0.3 and 7.0.14 across DCERPC/UDP, DCERPC/TCP, and SMB protocols, with TCP being partially protected by default stream depth limits. Patches are available, and administrators can mitigate by disabling vulnerable parsers or configuring stream reassembly depth limits.
web-based management interface of HPE Aruba Networking Fabric Composer is affected by path traversal (CVSS 7.5).