NanoCMS versions up to 0.4 contain an information disclosure vulnerability in the User Information Handler component that exposes sensitive data from the /data/pagesdata.txt file through unauthenticated remote requests. Public exploit code exists for this vulnerability, which allows attackers to retrieve partial confidential information without authentication. Users should update to a patched version or implement strict access controls on the affected file until an official patch is available.
Collabora Online is a collaborative online office suite based on LibreOffice technology. [CVSS 5.3 MEDIUM]
Stored cross-site scripting in Xerox CentreWare Web through version 7.0.6 enables attackers to inject malicious scripts that persist on the application and execute in users' browsers. An attacker with local access and user interaction can compromise confidentiality and potentially modify data within the CentreWare environment. No patch is currently available; upgrading to version 7.2.2.25 or later is recommended as a mitigation.
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]
HedgeDoc prior to version 1.10.6 allows attackers to bypass content security policies on files served from the /uploads/ endpoint, enabling them to host malicious interactive content such as fake login forms via SVG files. This network-based attack requires user interaction but can lead to credential theft or social engineering attacks. A patch is available in version 1.10.6.
OpenProject versions prior to 17.0.2 fail to validate meeting section ownership during drag-and-drop operations, allowing authenticated users to inject agenda items into unrelated meetings. While attackers cannot access unauthorized meeting content, they can add arbitrary agenda items to other meetings to cause confusion or disrupt meeting organization. A patch is available in version 17.0.2.
plugin versions up to 1.3.3 is affected by authorization bypass through user-controlled key (CVSS 4.3).
The Code Snippets WordPress plugin through version 3.9.4 lacks nonce validation on cloud snippet operations, allowing unauthenticated attackers to conduct cross-site request forgery attacks against logged-in administrators. By tricking an admin into visiting a malicious page, attackers can force unauthorized downloads or updates of cloud snippets. No patch is currently available for this vulnerability.
Insufficient authorization checks in Ansible Lightspeed API conversation endpoints allow authenticated users to access and modify conversations belonging to other users. An attacker with valid credentials can exploit this to read sensitive conversation data and manipulate AI-generated outputs from other users' sessions. No patch is currently available.
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. [CVSS 3.5 LOW]
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. [CVSS 3.5 LOW]
Tanium addressed a denial of service vulnerability in Tanium Client. [CVSS 3.3 LOW]
Claude Code versions prior to 2.1.7 allow unauthorized file access by bypassing deny rules through symbolic link traversal, enabling attackers to read restricted files that administrators explicitly blocked. An attacker with access to the system can exploit this vulnerability to access sensitive files like /etc/passwd by leveraging symlinks that point to denied resources. This vulnerability affects AI/ML tools using Claude Code and currently has no available patch.
Unauthenticated code injection in isaacwasserman mcp-vegalite-server's visualize_data function allows remote attackers with valid credentials to execute arbitrary code by manipulating the vegalite_specification parameter. Public exploit code exists for this vulnerability. No patch is currently available, and the project has not responded to early notification of the issue.
DeepAudit is a multi-agent system for code vulnerability discovery. [CVSS 6.5 MEDIUM]
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can ...
A security vulnerability has been detected in oatpp versions up to 1.3.1. is affected by improper resource shutdown or release (CVSS 3.3).
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL.
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file.
Asterisk is an open source private branch exchange and telephony toolkit.
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization.