Authenticated WordPress users with Contributor access or higher can inject persistent malicious scripts into pages through the Docus - YouTube Video Playlist plugin (versions up to 1.0.6) via improper handling of shortcode attributes. These injected scripts execute in the browsers of any visitor to the affected pages, potentially compromising user sessions and data. No patch is currently available for this stored XSS vulnerability.
Stored cross-site scripting in the Orange Confort+ accessibility toolbar WordPress plugin through version 0.7 allows authenticated contributors and higher-privileged users to inject malicious scripts via the ocplus_button shortcode's style parameter due to inadequate input sanitization. When other users visit pages containing the injected content, the arbitrary scripts execute in their browsers, potentially compromising sessions or stealing sensitive data.
Stored XSS in the Events Listing Widget plugin for WordPress (versions ≤1.3.4) allows authenticated users with Author privileges or higher to inject malicious scripts through the Event URL parameter due to inadequate input validation. An attacker exploiting this vulnerability can execute arbitrary JavaScript in pages viewed by other users. No patch is currently available for this medium-severity vulnerability.
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).
Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]
Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.9 MEDIUM]
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]
Pydantic AI versions 1.34.0 through 1.50.x contain a path traversal vulnerability in the web UI that allows unauthenticated attackers to inject arbitrary JavaScript by manipulating the CDN version parameter in a malicious URL. When a victim visits the crafted link, attacker-controlled code executes in their browser, enabling theft of chat history and other sensitive client-side data. No patch is currently available.
Stored cross-site scripting in Zulip Server versions 5.0 through 11.4 allows authenticated attackers to execute arbitrary JavaScript through malicious group or channel names when administrators interact with user profile management features. An attacker with the ability to create or modify groups/channels can inject payloads that execute in the context of an administrator's session, potentially compromising account security or sensitive data. A patch is available in version 11.5.
Cross-collection IDOR in Payload CMS before v3.74.0 allows authenticated users to read and delete preferences from other authentication collections when numeric user IDs overlap in PostgreSQL or SQLite deployments. This vulnerability affects multi-auth environments where default auto-increment IDs create collisions across separate user collections. An attacker with valid credentials in one authentication domain can access and manipulate sensitive preference data belonging to users in different authentication domains.
The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. [CVSS 5.3 MEDIUM]
Prestashop versions up to 8.2.4 contains a vulnerability that allows attackers to determine whether a customer account exists in the system by measuring response (CVSS 5.3).
Homarr versions prior to 1.52.0 contain an unauthenticated SSRF vulnerability in the widget.app.ping endpoint that accepts arbitrary URLs and performs server-side requests, allowing remote attackers to scan ports and probe internal networks without authentication. The vulnerability enables attackers to infer open versus closed ports through HTTP status codes and response timing, establishing a reliable reconnaissance primitive. No patch is currently available for affected deployments.
NanoCMS versions up to 0.4 contain an information disclosure vulnerability in the User Information Handler component that exposes sensitive data from the /data/pagesdata.txt file through unauthenticated remote requests. Public exploit code exists for this vulnerability, which allows attackers to retrieve partial confidential information without authentication. Users should update to a patched version or implement strict access controls on the affected file until an official patch is available.
Collabora Online is a collaborative online office suite based on LibreOffice technology. [CVSS 5.3 MEDIUM]
Stored cross-site scripting in Xerox CentreWare Web through version 7.0.6 enables attackers to inject malicious scripts that persist on the application and execute in users' browsers. An attacker with local access and user interaction can compromise confidentiality and potentially modify data within the CentreWare environment. No patch is currently available; upgrading to version 7.2.2.25 or later is recommended as a mitigation.
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]
HedgeDoc prior to version 1.10.6 allows attackers to bypass content security policies on files served from the /uploads/ endpoint, enabling them to host malicious interactive content such as fake login forms via SVG files. This network-based attack requires user interaction but can lead to credential theft or social engineering attacks. A patch is available in version 1.10.6.
OpenProject versions prior to 17.0.2 fail to validate meeting section ownership during drag-and-drop operations, allowing authenticated users to inject agenda items into unrelated meetings. While attackers cannot access unauthorized meeting content, they can add arbitrary agenda items to other meetings to cause confusion or disrupt meeting organization. A patch is available in version 17.0.2.
plugin versions up to 1.3.3 is affected by authorization bypass through user-controlled key (CVSS 4.3).
The Code Snippets WordPress plugin through version 3.9.4 lacks nonce validation on cloud snippet operations, allowing unauthenticated attackers to conduct cross-site request forgery attacks against logged-in administrators. By tricking an admin into visiting a malicious page, attackers can force unauthorized downloads or updates of cloud snippets. No patch is currently available for this vulnerability.
Insufficient authorization checks in Ansible Lightspeed API conversation endpoints allow authenticated users to access and modify conversations belonging to other users. An attacker with valid credentials can exploit this to read sensitive conversation data and manipulate AI-generated outputs from other users' sessions. No patch is currently available.
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]