Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users.
Bambuddy 3D printer management system has missing authentication (CVSS 9.8) allowing unauthenticated access to printer control and print archive.
AutoGPT has a second SSRF vulnerability (CVSS 9.8) in a different endpoint, providing an additional path to access internal network resources.
AutoGPT has a Server-Side Request Forgery vulnerability (CVSS 9.8) allowing unauthenticated attackers to make the AI platform access internal network resources.
Langroid LLM framework prior to 0.5 has a code injection vulnerability (CVSS 9.6) allowing attackers to execute arbitrary code through the AI agent system.
Prototype pollution in the Locutus JavaScript library (npm package, versions >= 2.0.12 and < 2.0.39) lets attacker-influenced input passed to the php.strings.parse_str function pollute Object.prototype, bypassing a prior guard. The earlier fix rejected forbidden keys using String.prototype.includes(), but an attacker able to override that method - or supply crafted keys such as constructor[prototype][polluted]=yes - defeats the check; publicly available exploit code exists in the GHSA advisory. EPSS exploitation probability is very low (0.01%, 1st percentile), it is not on CISA KEV, and no public exploit is identified as active in the wild.
SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file operations on the server.
RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure or crashes on IoT devices.
Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. [CVSS 8.8 HIGH]
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. [CVSS 8.8 HIGH]
Path traversal in Alist prior to version 3.57.0 allows authenticated users to manipulate filename parameters and bypass directory restrictions within the same storage mount. Attackers can exploit this vulnerability to perform unauthorized file operations including deletion, movement, and copying across user boundaries. Public exploit code exists for this vulnerability.
FacturaScripts is open-source enterprise resource planning and accounting software. [CVSS 8.8 HIGH]
Authenticated users can execute arbitrary SQL commands against FacturaScripts REST API endpoints through unsanitized sort parameters in the ModelClass::getOrderBy() method, allowing data theft, modification, or deletion. Public exploit code exists for this vulnerability affecting all versions prior to 2025.81. Organizations using vulnerable FacturaScripts instances should immediately apply the available patch and restrict API access to trusted users.
Devtron is an open source tool integration platform for Kubernetes. [CVSS 8.8 HIGH]
Compressing library versions 1.10.3 and prior, and 2.0.0 fail to validate symbolic link targets during TAR archive extraction, allowing attackers to write files to arbitrary locations on the filesystem. Public exploit code exists for this vulnerability, which could enable overwriting critical system files or establishing persistence. Patched versions 1.10.4 and 2.0.1 are available.
AutoGPT platform versions prior to v0.6.46 expose API keys and authentication secrets in application logs due to insecure logging of decrypted credentials across three Stagehand integration blocks. Authenticated users can access these plaintext secrets through log files, enabling credential theft and unauthorized access to integrated services. Public exploit code exists for this vulnerability, though a patch is available in v0.6.46 and later.
Stack buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to corrupt memory, leak sensitive information, or execute arbitrary code by supplying malformed ICC color profile files. The vulnerability exists in the CIccTagFloatNum<>::GetValues() function and is triggered during profile processing, affecting users who handle untrusted ICC files. Public exploit code exists for this vulnerability.
Out-of-bounds memory read in iccDEV versions prior to 2.3.1.3 allows local attackers to disclose sensitive memory contents or trigger application crashes by crafting malformed ICC color profiles that bypass array bounds validation. The vulnerability exists in IccCmm.cpp during profile index processing and has public exploit code available. Update to version 2.3.1.3 or later to remediate.
Heap buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to achieve code execution with high privileges by crafting malformed ICC color profile files that trigger unsafe memory operations during file parsing. Public exploit code exists for this vulnerability. All users of iccDEV should upgrade to version 2.3.1.3 or later immediately.
Heap buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers with user interaction to read sensitive memory and potentially execute code by supplying malformed XML files to the iccFromXml tool during ICC profile conversion. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.3 and later.
jsonwebtoken prior to version 10.3.0 allows attackers to bypass JWT time-based validation checks through type confusion when standard claims like nbf or exp are provided with incorrect JSON types. The library incorrectly treats malformed claims as absent rather than invalid, enabling bypass of critical security restrictions if validation is enabled but the claim is not explicitly marked as required. Public exploit code exists for this vulnerability.
Navigatum contains a vulnerability that allows attackers to overwrite files in directories writable by the application user (e (CVSS 7.5).
The Terraform/OpenTofu Proxmox Provider prior to version 0.93.1 contains a path traversal vulnerability in its SSH sudoer configuration documentation that permits attackers to escape directory restrictions using ../ sequences and modify arbitrary files on the system. Public exploit code exists for this vulnerability, affecting users who implement the documented SSH configuration. The vulnerability has been patched in version 0.93.1 and a fix is available.
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. [CVSS 7.5 HIGH]
Integer overflow in the Bytes library versions 1.2.1 through 1.11.0 allows attackers to corrupt the BytesMut capacity value, leading to out-of-bounds memory access and undefined behavior in release builds. Public exploit code exists for this vulnerability, affecting applications that depend on Bytes for buffer management. A patch is available in version 1.11.1.
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. [CVSS 7.3 HIGH]
OpenClaw versions prior to 2026.1.30 suffer from a path traversal vulnerability in the isValidMedia() function that permits authenticated agents to read arbitrary files on the system by crafting malicious MEDIA output directives. An attacker with agent access can leverage this flaw to exfiltrate sensitive data accessible to the application process. Public exploit code exists for this vulnerability, and no patch is currently available.
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). [CVSS 6.5 MEDIUM]
Coto versions up to 11.4.0 is affected by unrestricted upload of file with dangerous type (CVSS 6.5).
Navidrome versions prior to 0.60.0 allow authenticated users to trigger denial of service by requesting image resizing with extremely large parameters, causing uncontrolled memory allocation and potential disk exhaustion. Public exploit code exists for this vulnerability, which can crash the server process via the OOM killer or fill the cache directory with massive files. An attacker with valid credentials can achieve complete service outage without administrative privileges.
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level. [CVSS 6.5 MEDIUM]
Navidrome versions before 0.60.0 contain a stored cross-site scripting vulnerability in song comment metadata that allows attackers to inject malicious scripts and steal user credentials when victims view affected music files. Public exploit code exists for this vulnerability. Administrators should upgrade to version 0.60.0 or later to remediate the risk.
A product has an authenticated command injection vulnerability (CVSS 10.0) allowing execution of arbitrary OS commands on the underlying system.
Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0), enabling unauthenticated control of serial devices.
n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.
n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.
n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.
n8n has a TOCTOU race condition vulnerability (CVSS 9.9) enabling bypass of execution restrictions in workflow processing.
The unstructured Python library for document ingestion has a path traversal vulnerability allowing arbitrary file read/write during document processing.
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 allows unauthenticated users to execute certain cryptographic operations that should require elevated privileges.
JinJava template engine has a server-side template injection vulnerability enabling arbitrary code execution through crafted Jinja-style templates.
An Emit Informatics product has a SQL injection vulnerability allowing unauthenticated attackers to compromise the database through unsanitized input.
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]
Unauthenticated file upload in Cisco Meeting Management's Certificate Management interface allows authenticated attackers to write arbitrary files and execute commands with root privileges on affected systems. An attacker with valid credentials can exploit improper input validation in the web management interface to overwrite system files processed with elevated privileges, leading to complete system compromise. No patch is currently available for this vulnerability.
Server-side request forgery in Group Office's WOPI service discovery allows authenticated System Administrators to access internal hosts, ports, and files on the affected server. The vulnerability enables attackers to exfiltrate SSRF response bodies through the debug system, effectively converting a blind SSRF into a visible information disclosure attack. Public exploit code exists for this medium-severity flaw, which has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
N8N versions up to 1.118.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
WP FOFT Loader (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Karel Electronics Industry and Trade Inc. ViPort is affected by cross-site scripting (xss) (CVSS 8.8).
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be...