XXE injection in Atlassian Crowd Data Center and Server 7.1.0+ enables authenticated attackers to read local and remote files, significantly compromising confidentiality and availability. The vulnerability requires high privileges to exploit but accepts no user interaction, affecting multiple Crowd versions until patching to 7.1.3 or later. No patch is currently available for all affected versions.
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]
Linux kernel perf subsystem denial of service via improper hrtimer cleanup allows local users with standard privileges to cause a system crash when perf events are freed with active hrtimerss still pending. The vulnerability stems from insufficient timer cancellation during event destruction, enabling resource exhaustion. No patch is currently available.
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. [CVSS 7.8 HIGH]
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. [CVSS 7.8 HIGH]
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. [CVSS 7.8 HIGH]
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. [CVSS 7.8 HIGH]
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. [CVSS 7.8 HIGH]
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. [CVSS 7.8 HIGH]
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. [CVSS 7.6 HIGH]
DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.
The Frontend File Manager Plugin for WordPress through version 23.5 lacks proper authorization checks on a file sharing AJAX endpoint, allowing unauthenticated attackers to enumerate and exfiltrate sensitive uploaded files via sequential ID manipulation. By exploiting this flaw, an attacker can email arbitrary files to themselves or others, potentially exposing restricted administrative data. No patch is currently available for this high-severity vulnerability.
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. [CVSS 7.5 HIGH]
Http Client Manager versions up to 9.3.13 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).
Discourse is an open source discussion platform. [CVSS 7.5 HIGH]
Unauthenticated attackers can exploit time-based SQL injection in the VidShop plugin for WordPress (versions up to 1.1.4) through the unescaped 'fields' parameter to extract sensitive database information. The vulnerability stems from insufficient input validation and improper query preparation, allowing attackers to inject malicious SQL commands without authentication. No patch is currently available for this high-severity flaw affecting WooCommerce installations.
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. [CVSS 7.5 HIGH]
New User Approve (WordPress plugin) versions up to 3.2.2. is affected by missing authorization (CVSS 7.3).
Arbitrary file upload in AI Engine WordPress plugin versions up to 3.3.2 allows authenticated Editor-level users to bypass file type validation and execute remote code by uploading files through the `update_media_metadata` REST endpoint. An attacker can upload a benign image file and then rename it to PHP, placing executable code in the web-accessible uploads directory. The vulnerability affects WordPress installations with the plugin installed and requires Editor or higher privileges to exploit.
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config....
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. [CVSS 7.1 HIGH]
WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 7.0 HIGH]
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]
Discourse is an open source discussion platform. [CVSS 6.9 MEDIUM]
Stored cross-site scripting in DNN versions 9.0.0 through 10.1.x allows content editors to inject malicious scripts into module headers and footers that execute in the browsers of other users. An authenticated editor with content creation privileges can exploit this to steal session tokens, perform actions on behalf of other users, or redirect them to malicious sites. Updates to version 9.13.10 or 10.2.0 are required to remediate the vulnerability.
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 6.7 MEDIUM]
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not f...
The 2100 Technology Document Management System contains an authorization bypass that permits authenticated users to access and read all official documents by manipulating front-end code. An attacker with valid credentials can exploit this vulnerability to disclose sensitive documents without requiring additional privileges or user interaction. No patch is currently available for this vulnerability.
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_uploads` admin report which should be restricted to admins only. [CVSS 6.5 MEDIUM]
Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow moderators with insufficient permissions to convert private messages into public topics, potentially exposing sensitive user communications. The vulnerability affects any Discourse instance where untrusted moderators have access to moderation features. Site administrators can mitigate this by temporarily removing moderator privileges or disabling personal message access for moderator groups until patching to a fixed version.
Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allow non-admin moderators to access restricted staff action logs containing sensitive data such as webhook secrets, API keys, private messages, and restricted category information. An attacker with moderator privileges could extract confidential information and use leaked webhook credentials to spoof events to integrated services. No patch is currently available for this access control bypass.
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. [CVSS 6.5 MEDIUM]
headless content management system. versions up to 0.2.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Passster - Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and including, 4.2.24. [CVSS 6.4 MEDIUM]
The Buy Now Plus plugin for WordPress versions up to 1.0.2 allows authenticated users with Contributor access or higher to execute arbitrary JavaScript in pages through improper sanitization of the 'buynowplus' shortcode attributes. This stored cross-site scripting vulnerability enables attackers to inject malicious scripts that execute whenever visitors view affected pages. No patch is currently available for this vulnerability.
Stored cross-site scripting in Forms Bridge - Infinite integrations plugin for WordPress versions up to 4.2.5 allows authenticated contributors and higher-privilege users to inject malicious scripts through the 'id' shortcode parameter. The vulnerability stems from insufficient input sanitization and output escaping, enabling attackers to execute arbitrary JavaScript in pages viewed by other users. No patch is currently available for this vulnerability.
The BlockArt Blocks - Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BlockArt Counter in all versions up to, and including, 2.2.14 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
The Interactions - Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. [CVSS 6.4 MEDIUM]
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Insufficient input validation in OpenProject's BlockNote editor extension allows authenticated users to craft malicious documents containing relative links that trigger arbitrary GET requests to any URL within the OpenProject instance when opened. An attacker with document creation privileges can exploit this to access sensitive information or perform unauthorized actions on behalf of other users. A patch is available in OpenProject 17.0.2 and op-blocknote-extensions 0.0.22.
Command injection in Totolik A7000R firmware (version 4.1cu.4154) via the CloudACManualUpdateUserdata function allows authenticated remote attackers to execute arbitrary commands through a crafted url parameter. Public exploit code exists for this vulnerability and no patch is currently available.
Command injection in Totolik A7000R firmware allows authenticated remote attackers to execute arbitrary commands through the plugin_name parameter in the setUnloadUserData function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.
SQL injection in jshERP up to version 3.6 allows authenticated remote attackers to manipulate the barCodes parameter in the DepotItem import function, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available. The vendor has not responded to early notification of this issue.