The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. [CVSS 6.8 MEDIUM]
Inspektor Gadget versions prior to 0.48.1 allow local attackers with limited privileges to execute arbitrary commands during custom gadget image builds due to insufficient input sanitization in Makefile generation. An attacker who can control buildOptions parameters can inject shell commands that execute with the privileges of the build process. Public exploit code exists for this vulnerability.
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. [CVSS 6.4 MEDIUM]
An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.2 MEDIUM]
An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. [CVSS 6.2 MEDIUM]
Oneflow versions up to 0.9.0 contains a vulnerability that allows attackers to cause a Denial of Service (DoS) via a crafted input (CVSS 6.2).
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality. [CVSS 6.2 MEDIUM]
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code. [CVSS 6.1 MEDIUM]
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the student_id parameter in /admin/edit_student_query.php, enabling unauthorized database queries and potential data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available, increasing the risk of active exploitation.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/faculty/index.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode School Management System 1.0 via the txtsearch parameter in /ramonsys/inquiry/index.php enables unauthenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Society Management System 1.0's expense administration interface allows unauthenticated remote attackers to manipulate the detail parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems expose confidentiality, integrity, and availability of underlying data.
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Denial of service in Open5GS up to version 2.7.6 allows remote attackers to crash the SGWC service by manipulating the Modify Bearer Request handler in s11-handler.c. Public exploit code exists for this vulnerability and no patch is currently available. Organizations running affected versions should apply updates as they become available and consider network-level mitigations to restrict access to the S11 interface.
Remote denial of service in Open5GS up to version 2.7.5 affects the SGWC component's TEID-to-IP conversion function, allowing unauthenticated attackers to crash the service over the network. Public exploit code exists for this vulnerability, and while a fix has been developed, no official patch is currently available for affected deployments.
TrustTunnel VPN protocol versions prior to 0.9.115 contain a rule bypass vulnerability where fragmented TLS ClientHello messages fail to extract the client random value, causing the rules engine to skip client_random_prefix matching conditions and allow traffic that should be blocked. Public exploit code exists for this medium-severity network-accessible vulnerability affecting Industrial and TrustTunnel products. A patch is available for affected versions.
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. [CVSS 5.3 MEDIUM]
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. [CVSS 4.8 MEDIUM]
TeamViewer DEX versions below 24.5 allow authenticated users with actioner privileges to execute arbitrary elevated commands on connected hosts through inadequate input validation in the 1E-Nomad-RunPkgStatusRequest instruction. An attacker with these credentials could inject malicious commands to gain unauthorized system access and control. The vulnerability requires user interaction and high-level privileges but carries a significant risk due to the potential for complete system compromise.
Log timestamp tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject malicious UDP Sync commands that corrupt event timestamps, undermining log integrity and forensic investigation capabilities. This input validation flaw affects Windows deployments of the NomadBranch service and could enable attackers to obscure the timeline of malicious activities or create misleading audit trails. No patch is currently available for this medium-severity vulnerability.
Log tampering in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to inject, modify, or forge entries in the NomadBranch.log file through the UDP network handler, compromising log integrity and audit trail reliability. An attacker with network access can send crafted packets to the Content Distribution Service to manipulate logging records without authentication, potentially obscuring malicious activity or creating false audit entries.
TeamViewer DEX Client versions prior to 26.1 contain a null pointer dereference in the NomadBranch.exe Content Distribution Service that allows adjacent network attackers to crash the process without authentication. An attacker can exploit this vulnerability to disable the Content Distribution Service, causing a denial-of-service condition on affected Windows systems. No patch is currently available.
TeamViewer DEX Client versions before 26.1 contain an out-of-bounds read in the Content Distribution Service that enables remote attackers to leak stack memory and trigger denial of service without authentication. Successful exploitation could disclose memory contents useful for bypassing address space layout randomization and chaining with other vulnerabilities. No patch is currently available for this medium-severity flaw affecting Windows deployments.
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 6.5 MEDIUM]
Authenticated users in Umbraco Forms versions 16 and 17 can exploit a path traversal vulnerability to read arbitrary files on Mac and Linux systems running the CMS. An attacker with backoffice access can enumerate and access sensitive files through the export endpoint by manipulating the fileName parameter. No patch is currently available, though the vulnerability is mitigated by restricting backoffice access and blocking path traversal sequences at the WAF level.
Denial-of-service in TeamViewer DEX Client versions prior to 26.1 allows adjacent network attackers to crash the NomadBranch.exe service by sending specially crafted UDP packets that trigger a heap buffer overflow. The vulnerability stems from an integer underflow in the UDP command handler that can be exploited without authentication or user interaction. Currently, no patch is available and the attack requires network adjacency to the affected system.
Digital Employee Experience is affected by cleartext transmission of sensitive information (CVSS 6.5).
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]
Tanium addressed a SQL injection vulnerability in Asset. [CVSS 6.3 MEDIUM]
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. [CVSS 6.3 MEDIUM]
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12. [CVSS 5.7 MEDIUM]
Digital Employee Experience versions up to 26.1 is affected by improper link resolution before file access (CVSS 5.7).
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [CVSS 5.7 MEDIUM]
Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [CVSS 5.7 MEDIUM]
Icinga 2 on Windows versions 2.3.0 through 2.15.1 fail to properly restrict file permissions on the `%ProgramData%\icinga2\var` directory, allowing any local user to read sensitive data including private keys and synchronized configurations. All Windows installations are affected, and attackers with local access can extract cryptographic material and configuration details for lateral movement or further compromise. Patches are available in versions 2.13.14, 2.14.8, and 2.15.2, with workarounds available through updated Icinga for Windows packages or manual ACL remediation.
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 5.5 MEDIUM]
Icinga PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 expose private certificate keys due to overly permissive directory permissions that allow all local users read access to the certificate folder. A local attacker with user-level privileges can retrieve these private keys to impersonate the Icinga service or intercept monitoring communications. No patch is currently available; manual ACL restrictions on the certificate directory are required as a temporary mitigation.
Stored XSS in RLE NOVA PlanManager allows authenticated users to inject malicious scripts via the comment and brand parameters, which are executed in other users' browsers without sanitization. An attacker can leverage this to hijack sessions, steal credentials, or perform unauthorized actions on behalf of victims. Exploitation requires user interaction and network access, with no patch currently available.
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. [CVSS 5.4 MEDIUM]
Information disclosure and denial-of-service in TeamViewer DEX Client versions before 26.1 allows adjacent network attackers to trigger an out-of-bounds read via specially crafted packets, potentially leaking sensitive memory that could be leveraged to bypass ASLR protections. Affected Windows systems running the NomadBranch.exe content distribution service are vulnerable to attacks requiring only network proximity, with no authentication or user interaction needed.
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls. [CVSS 5.3 MEDIUM]
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs. [CVSS 5.3 MEDIUM]
SmarterMail before build 9518 allows unauthenticated attackers to exploit a path traversal flaw in the background preview endpoint by supplying base64-encoded UNC paths, forcing the Windows service to initiate SMB connections to attacker-controlled servers. This enables credential coercion and NTLM relay attacks without requiring authentication or user interaction. No patch is currently available for this vulnerability.
birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. [CVSS 5.3 MEDIUM]
R PVI client versions up to 6.5 is affected by insertion of sensitive information into log file (CVSS 5.0).
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files. [CVSS 4.6 MEDIUM]
Information disclosure in Dell OpenManage Network Integration versions before 3.9 stems from improper authentication controls that allow low-privileged remote attackers to access sensitive data. The vulnerability requires valid credentials but no user interaction, making it exploitable by authenticated users with minimal privileges. No patch is currently available for affected deployments.