Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server. [CVSS 6.5 MEDIUM]
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules. [CVSS 6.4 MEDIUM]
libsoup's improper handling of URL-decoded input in HTTP proxy configurations allows remote attackers to inject CRLF sequences into the Host header, enabling injection of arbitrary HTTP headers or request bodies. Public exploit code exists for this vulnerability, which could allow attackers to manipulate downstream services through compromised proxy requests. Affected applications using libsoup with HTTP proxy functionality are at risk of integrity compromise, though no patch is currently available.
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request. [CVSS 5.5 MEDIUM]
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. [CVSS 5.5 MEDIUM]
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive [CVSS 5.5 MEDIUM]
Path traversal in go-tuf versions 2.0.0 through 2.4.0 allows local attackers with low privileges to write metadata files outside the intended cache directory by injecting directory traversal sequences into the repository name parameter. An attacker supplying a malicious map file can escape the LocalMetadataDir boundary and create directories within the process's filesystem permissions. Public exploit code exists; update to version 2.4.1 or later.
Acronis Cloud Manager for Windows before build 6.4.25342.354 is vulnerable to local privilege escalation through improperly configured folder permissions, allowing authenticated users with low privileges to escalate to higher privileges. An attacker with local access and user interaction can exploit this vulnerability to gain full system control. No patch is currently available for this vulnerability.
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container. [CVSS 6.5 MEDIUM]
Heap-based buffer overflow in is-Engine before version 3.3.4 allows remote attackers to cause denial of service through out-of-bounds memory writes. The vulnerability requires user interaction and network access but has no patch currently available. Affected installations should upgrade to version 3.3.4 or later to mitigate this denial of service risk.
Firefox's Anti-Tracking privacy protection can be bypassed by unauthenticated remote attackers through user interaction, potentially allowing tracking mechanisms to function despite enabled privacy protections. The vulnerability affects Firefox versions below 147.0.2 and currently has no available patch. An attacker could exploit this to circumvent Firefox's tracking prevention features and monitor user activity.
Cross-origin data disclosure in Google Chrome's Background Fetch API prior to version 144.0.7559.110 enables remote attackers to steal sensitive information from other websites through specially crafted HTML pages, requiring only user interaction. The vulnerability affects all Chrome users and has a patch available in the latest version.
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. [CVSS 6.5 MEDIUM]
gmrtd library versions prior to 0.17.2 fail to validate TLV (Tag-Length-Value) data lengths, allowing attackers to specify values up to 4GB that trigger excessive memory allocation and CPU consumption. Applications using gmrtd to parse travel documents from NFC devices or external APIs are vulnerable to denial of service attacks, particularly on resource-constrained environments like mobile devices. A patch is available in version 0.17.2 and later.
The AI Engine plugin for WordPress versions up to 3.3.2 contains a server-side request forgery vulnerability in the 'get_audio' function that allows authenticated subscribers and higher-privileged users to make arbitrary web requests from the server. When the Public API setting is enabled and allow_url_fopen is active, attackers can query and modify data on internal services accessible to the web application. No patch is currently available for this vulnerability.
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 6.1).
Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]
Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a stack buffer overflow when processing oversized datasets with the save or state options enabled, allowing an attacker with network access to cause a denial of service. The vulnerability requires specific conditions to trigger but does not require authentication or user interaction. A patch is available in the latest versions.
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. [CVSS 5.9 MEDIUM]
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. [CVSS 5.9 MEDIUM]
OctoPrint versions up to 1.11.5 contain a timing attack vulnerability in API key validation that enables remote extraction of valid API keys through network-based response time analysis. An unauthenticated attacker with network access can exploit the character-by-character comparison method to gradually recover API keys by measuring authentication response delays. The attack's practicality depends heavily on network conditions, but a patch is available in version 1.11.6.
Path traversal in vlt versions before 1.0.0-rc.10 allows local attackers to write files outside their intended directories during tar archive extraction due to insufficient path sanitization. An attacker with local access could exploit this to overwrite arbitrary files on the system with elevated scope impact. No patch is currently available for this vulnerability.
Bun versions prior to 1.3.5 allow attackers to bypass the trusted dependencies allowlist by creating non-npm packages with names matching legitimate packages, enabling potential code execution through dependency confusion attacks. This local vulnerability affects systems using Bun's package management where an attacker can craft malicious packages with identical names to trusted dependencies. No patch is currently available for affected Node.js and GitHub integrations.
Processing a malformed PKCS#12 file in OpenSSL and related TLS libraries can trigger a null pointer dereference due to improper type validation in ASN.1 parsing, causing applications to crash. This vulnerability requires local user interaction to exploit and results only in denial of service, with no impact on data confidentiality or integrity. A patch is available to address this medium-severity issue.
SQL injection in Hisense TransTech Smart Bus Management System through version 20260113 allows unauthenticated remote attackers to manipulate the key parameter in the TireMng.aspx Page_Load function and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure attempts. An attacker can exploit this over the network without authentication to read, modify, or delete sensitive data.
Wasmtime versions 29.0.0 through 41.0.0 on x86-64 platforms with AVX contain an out-of-bounds memory read in the f64.copysign instruction compilation that can cause application crashes when signal-based traps are disabled. In configurations with disabled guard pages, this vulnerability could potentially leak out-of-sandbox data, though the data remains inaccessible to WebAssembly guests without additional Cranelift bugs. Patches are available in versions 36.0.5, 40.0.3, and 41.0.1.
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. [CVSS 5.5 MEDIUM]
GLib's Unicode case conversion function contains an integer overflow flaw that causes undersized memory allocation when processing extremely large strings, enabling out-of-bounds writes. Applications using GLib for string operations could experience crashes or instability when exposed to specially crafted input. No patch is currently available for this medium-severity vulnerability.
OpenSSL's PKCS#7 signature verification fails to validate ASN1_TYPE union members before access, allowing attackers to trigger null pointer dereference crashes by submitting malformed PKCS#7 data. Applications performing signature verification or using PKCS7_digest_from_attributes() directly are vulnerable to denial of service attacks. A patch is available to address this type confusion vulnerability.
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response. [CVSS 5.3 MEDIUM]
Ezcast Pro Dongle Ii Firmware versions up to 1.17478.146 is affected by improper input validation (CVSS 5.3).
Link Invoice Payment for WooCommerce (WordPress plugin) versions up to 2.8.0. is affected by missing authorization (CVSS 5.3).
Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).
HTTP header injection in the Gakido Python HTTP client prior to version 0.1.1 allows unauthenticated attackers to inject arbitrary headers into requests by embedding CRLF or null byte sequences in user-supplied header values and names. An attacker could leverage this to manipulate HTTP requests and potentially bypass security controls or perform request smuggling attacks. The vulnerability has been patched in version 0.1.1 with header sanitization functions, though no patch is currently available for affected systems.
Hono versions before 4.11.7 contain an information disclosure vulnerability in the static file serving middleware for Cloudflare Workers that allows unauthenticated remote attackers to read sensitive environment keys through path traversal. The lack of proper input validation enables attackers to access internal asset keys that should remain protected. A patch is available in version 4.11.7 and later.
Hono versions up to 4.11.7 contains a vulnerability that allows attackers to private or authenticated responses being cached and subsequently exposed to unau (CVSS 5.3).
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.
Hono's IP Restriction Middleware fails to properly validate IPv4 octet ranges, allowing attackers to bypass IP-based access controls by submitting malformed addresses with values exceeding 255. This affects all users relying on Hono's IP filtering mechanisms for authentication or authorization. A patch is available in version 4.11.7 and later.
Hono's ErrorBoundary JSX component before version 4.11.7 fails to properly sanitize user-controlled input, allowing attackers to inject and execute arbitrary JavaScript in victims' browsers through reflected XSS. The vulnerability requires user interaction and network access but can compromise the confidentiality and integrity of affected applications. A patch is available in version 4.11.7.
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. [CVSS 4.7 MEDIUM]
Insufficient authorization checks in SAP Fiori App Intercompany Balance Reconciliation allow authenticated users to access data beyond their intended permissions, resulting in privilege escalation with limited confidentiality impact. An attacker with valid credentials can exploit this flaw to view sensitive financial reconciliation information they should not have access to. No patch is currently available.
Pypdf versions up to 6.6.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 4.3).
GLib's Base64 encoder miscalculates buffer boundaries when handling extremely large inputs due to integer type misuse, potentially causing out-of-bounds memory writes. Applications processing untrusted large Base64 data could experience crashes or unpredictable behavior, though code execution is not indicated by the vector constraints. No patch is currently available for this medium-severity vulnerability.
The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. [CVSS 4.2 MEDIUM]
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. [CVSS 4.0 MEDIUM]