Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. [CVSS 8.0 HIGH]
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. [CVSS 8.0 HIGH]
XXE injection in Atlassian Crowd Data Center and Server 7.1.0+ enables authenticated attackers to read local and remote files, significantly compromising confidentiality and availability. The vulnerability requires high privileges to exploit but accepts no user interaction, affecting multiple Crowd versions until patching to 7.1.3 or later. No patch is currently available for all affected versions.
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]
Linux kernel perf subsystem denial of service via improper hrtimer cleanup allows local users with standard privileges to cause a system crash when perf events are freed with active hrtimerss still pending. The vulnerability stems from insufficient timer cancellation during event destruction, enabling resource exhaustion. No patch is currently available.
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. [CVSS 7.8 HIGH]
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. [CVSS 7.8 HIGH]
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. [CVSS 7.8 HIGH]
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. [CVSS 7.8 HIGH]
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. [CVSS 7.8 HIGH]
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. [CVSS 7.8 HIGH]
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. [CVSS 7.6 HIGH]
DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.
The Frontend File Manager Plugin for WordPress through version 23.5 lacks proper authorization checks on a file sharing AJAX endpoint, allowing unauthenticated attackers to enumerate and exfiltrate sensitive uploaded files via sequential ID manipulation. By exploiting this flaw, an attacker can email arbitrary files to themselves or others, potentially exposing restricted administrative data. No patch is currently available for this high-severity vulnerability.
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. [CVSS 7.5 HIGH]
Http Client Manager versions up to 9.3.13 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).
Discourse is an open source discussion platform. [CVSS 7.5 HIGH]
Unauthenticated attackers can exploit time-based SQL injection in the VidShop plugin for WordPress (versions up to 1.1.4) through the unescaped 'fields' parameter to extract sensitive database information. The vulnerability stems from insufficient input validation and improper query preparation, allowing attackers to inject malicious SQL commands without authentication. No patch is currently available for this high-severity flaw affecting WooCommerce installations.
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. [CVSS 7.5 HIGH]
New User Approve (WordPress plugin) versions up to 3.2.2. is affected by missing authorization (CVSS 7.3).
Arbitrary file upload in AI Engine WordPress plugin versions up to 3.3.2 allows authenticated Editor-level users to bypass file type validation and execute remote code by uploading files through the `update_media_metadata` REST endpoint. An attacker can upload a benign image file and then rename it to PHP, placing executable code in the web-accessible uploads directory. The vulnerability affects WordPress installations with the plugin installed and requires Editor or higher privileges to exploit.
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config....
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. [CVSS 7.1 HIGH]
WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 7.0 HIGH]
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]