Maker.js versions up to 0.19.1 improperly validate object properties in the `extendObject` function, allowing inherited and malicious properties to be copied to target objects without filtering. Applications using the library are vulnerable to property injection attacks, and public exploit code exists for this vulnerability. A patch is available in version 0.19.2.
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. [CVSS 6.5 MEDIUM]
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. [CVSS 6.5 MEDIUM]
A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero. [CVSS 6.5 MEDIUM]
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. [CVSS 6.5 MEDIUM]
A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]
A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]
A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. [CVSS 6.5 MEDIUM]
A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. [CVSS 6.5 MEDIUM]
A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]
Symfony versions up to 5.4.51 contains a vulnerability that allows attackers to operations being performed on an unintended path, up to and including deletion o (CVSS 6.3).
NocoDB versions prior to 0.301.0 contain an open redirect vulnerability in the login flow where the `continueAfterSignIn` parameter is not validated, allowing attackers to redirect authenticated users to arbitrary external websites. Public exploit code exists for this vulnerability, which enables phishing attacks by abusing user trust in the legitimate login process to facilitate credential theft through social engineering. Authenticated users are at risk of being redirected to attacker-controlled domains immediately after successful login.
Cross-site scripting (XSS) in Drupal Form Builder 7.x versions 1.0 through 1.22 allows unauthenticated attackers to inject malicious scripts through improperly sanitized form inputs, affecting users who interact with compromised forms. Public exploit code exists for this vulnerability, and no patch is currently available, leaving vulnerable installations at active risk of session hijacking, credential theft, and defacement.
HTTP header injection in libsoup through CRLF sequences in the Content-Disposition header allows unauthenticated remote attackers to inject arbitrary headers or split responses without user interaction. Public exploit code exists for this vulnerability. The flaw affects any application using vulnerable versions of libsoup to process untrusted HTTP headers, with no patch currently available.
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in Online Music Site 1.0's AdminReply.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary SQL queries, potentially compromising database confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in Online Music Site 1.0's AdminEditUser.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling potential data theft, modification, or service disruption. No patch is currently available, leaving affected installations vulnerable.
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. [CVSS 5.4 MEDIUM]
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. [CVSS 5.4 MEDIUM]
Remote denial of service in Open5GS up to version 2.7.6 allows unauthenticated attackers to crash the SGWC component by manipulating bearer resource failure indication messages. Public exploit code exists for this vulnerability, and a patch is available in commit 69b53add90a9479d7960b822fc60601d659c328b.
Remote denial of service in Open5GS up to version 2.7.6 affects the SGWC component's bearer response handler, allowing unauthenticated attackers to crash the service over the network. Public exploit code exists for this vulnerability, though a patch (commit b19cf6a) is available to resolve it.
Prototype pollution in NocoDB's connection test endpoint allows authenticated org-level creators to disrupt all database write operations application-wide until server restart, with public exploit code available. Although the vulnerability can bypass SUPER_ADMIN authorization checks, the resulting denial of service prevents actual exploitation of elevated privileges. The issue affects versions prior to 0.301.0 with no patch currently available.
NocoDB versions prior to 0.301.0 contain a blind SSRF vulnerability in the uploadViaURL feature where an unvalidated HEAD request allows authenticated attackers to probe arbitrary URLs and internal networks before SSRF protections are enforced. Public exploit code exists for this vulnerability, though it has limited impact due to the lack of response data exfiltration. Users should upgrade to version 0.301.0 or later, though no patch is currently available for older versions.
Dokploy versions up to 0.26.6 is affected by improper restriction of rendered ui layers or frames (CVSS 4.7).
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. [CVSS 4.0 MEDIUM]
Discourse is an open source discussion platform. [CVSS 6.9 MEDIUM]
Stored cross-site scripting in DNN versions 9.0.0 through 10.1.x allows content editors to inject malicious scripts into module headers and footers that execute in the browsers of other users. An authenticated editor with content creation privileges can exploit this to steal session tokens, perform actions on behalf of other users, or redirect them to malicious sites. Updates to version 9.13.10 or 10.2.0 are required to remediate the vulnerability.
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 6.7 MEDIUM]
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not f...
The 2100 Technology Document Management System contains an authorization bypass that permits authenticated users to access and read all official documents by manipulating front-end code. An attacker with valid credentials can exploit this vulnerability to disclose sensitive documents without requiring additional privileges or user interaction. No patch is currently available for this vulnerability.
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_uploads` admin report which should be restricted to admins only. [CVSS 6.5 MEDIUM]
Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow moderators with insufficient permissions to convert private messages into public topics, potentially exposing sensitive user communications. The vulnerability affects any Discourse instance where untrusted moderators have access to moderation features. Site administrators can mitigate this by temporarily removing moderator privileges or disabling personal message access for moderator groups until patching to a fixed version.
Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow non-admin moderators to access restricted staff action logs containing sensitive data such as webhook secrets, API keys, private messages, and restricted category information. An attacker with moderator privileges could extract confidential information and use leaked webhook credentials to spoof events to integrated services. No patch is currently available for this access control bypass.
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. [CVSS 6.5 MEDIUM]
headless content management system. versions up to 0.2.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Passster - Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and including, 4.2.24. [CVSS 6.4 MEDIUM]
The Buy Now Plus plugin for WordPress versions up to 1.0.2 allows authenticated users with Contributor access or higher to execute arbitrary JavaScript in pages through improper sanitization of the 'buynowplus' shortcode attributes. This stored cross-site scripting vulnerability enables attackers to inject malicious scripts that execute whenever visitors view affected pages. No patch is currently available for this vulnerability.
Stored cross-site scripting in Forms Bridge - Infinite integrations plugin for WordPress versions up to 4.2.5 allows authenticated contributors and higher-privilege users to inject malicious scripts through the 'id' shortcode parameter. The vulnerability stems from insufficient input sanitization and output escaping, enabling attackers to execute arbitrary JavaScript in pages viewed by other users. No patch is currently available for this vulnerability.
The BlockArt Blocks - Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
The Interactions - Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. [CVSS 6.4 MEDIUM]
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Insufficient input validation in OpenProject's BlockNote editor extension allows authenticated users to craft malicious documents containing relative links that trigger arbitrary GET requests to any URL within the OpenProject instance when opened. An attacker with document creation privileges can exploit this to access sensitive information or perform unauthorized actions on behalf of other users. A patch is available in OpenProject 17.0.2 and op-blocknote-extensions 0.0.22.
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
Cross-site scripting (XSS) in Billboard.js versions before 3.18.0 enables remote attackers to inject and execute arbitrary JavaScript through inadequately sanitized chart configuration options, affecting any application using the vulnerable library. The attack requires user interaction but can compromise confidentiality and integrity of affected web applications. No patch is currently available.
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1. [CVSS 6.1 MEDIUM]