A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser. [CVSS 6.1 MEDIUM]
Dify versions prior to 1.13.0 contain a stored cross-site scripting vulnerability in the chat frontend's echarts integration that executes malicious JavaScript payloads embedded in user or LLM-generated inputs. An attacker can exploit this to perform actions in the context of other users' browsers, potentially stealing session tokens or conducting phishing attacks. Public exploit code exists for this vulnerability, though a patch is available in version 1.13.0 and later.
Unauthenticated web shell in METIS DFS devices (versions <= oscore 2.1.234-r18). Same vulnerability as CVE-2026-2248 but on DFS product line.
Unauthenticated web shell in METIS WIC devices (versions <= oscore 2.1.234-r18). The /console endpoint provides shell access without authentication. First of two related METIS CVEs.
Path traversal in nanotar npm package through 0.2.0. The parseTar() and parseTarGzip() functions allow attackers to write files outside the extraction directory.
Authentication bypass in ZLAN5143D by directly accessing internal URLs. Access controls enforced only at the frontend, bypassed by direct API calls.
Unauthenticated device password change API in industrial/IoT device. Remote attackers can change the device password without any authentication.
Unsafe deserialization in DiskCache Python library through 5.6.3. Uses pickle by default, allowing attackers with cache directory write access to execute arbitrary code.
Symlink following vulnerability in multiple QNAP NAS operating system versions allows remote attackers to exploit link resolution for unauthorized access.
Missing authentication for critical functions in Dinosoft ERP. Unauthenticated access to business functionality.
Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affects VoIP/communication applications built on PJSIP.
Stack buffer overflow in OpenSatKit 2.2.1 satellite ground station software. The ErrStr buffer overflows when formatting filenames. Space infrastructure vulnerability.
Sensitive information exposure in Logo j-Platform via externally-accessible files or directories.
Code replay attack on PF-50 keyfob of PGST PG107 Alarm System 1.25.05.hf. Physical security system vulnerable to replay of wireless signals.
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces. [CVSS 5.5 MEDIUM]
Outline versions prior to 1.4.0 fail to validate attachment file paths during JSON import, allowing authenticated attackers with high privileges to traverse the directory structure and read arbitrary files from the server. Public exploit code exists for this path traversal vulnerability, and no patch is currently available for affected deployments.
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. [CVSS 5.4 MEDIUM]
Critical XSS vulnerability in E-Kalite software allows remote attackers to execute arbitrary code.
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view. [CVSS 5.4 MEDIUM]
{method} and /execute/{method} feed attacker-supplied request bodies straight into pickle.loads(), and the intended nonce authorization gate is bypassed because the nonce defaults to an empty string and is skipped by default. A detailed technical write-up (chocapikk.com) and a VulnCheck advisory describe the flaw; it is not listed in CISA KEV and EPSS is low (0.14%, 34th percentile), indicating no evidence of widespread active exploitation.
Avideo versions up to 8.1 is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. [CVSS 5.3 MEDIUM]
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. [CVSS 5.3 MEDIUM]
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. [CVSS 5.3 MEDIUM]
Race condition in Apple macOS/iOS symlink handling allows privilege escalation. Fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5.
D-Link products using BusyBox are vulnerable to privilege escalation through malicious tar archives containing unvalidated symlink or hardlink entries that extract files outside the intended directory. An attacker with local access can craft a specially crafted archive to modify critical system files when extraction occurs with elevated privileges, potentially gaining unauthorized system access. No patch is currently available for this vulnerability.
An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution. [CVSS 8.8 HIGH]
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. [CVSS 8.8 HIGH]
Heap corruption in Google Chrome's Ozone component (versions prior to 145.0.7632.45) stems from a use-after-free vulnerability that can be triggered when users interact with malicious HTML pages through specific UI gestures. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available, leaving affected Chrome users vulnerable to exploitation.
Remote code execution in the Custom Block Builder - Lazy Blocks WordPress plugin through version 4.2.0 allows authenticated users with Contributor privileges or higher to execute arbitrary code on the server via vulnerable functions in the LazyBlocks_Blocks class. This high-severity vulnerability (CVSS 8.8) affects all installations of the affected plugin versions with no patch currently available.
PHP object injection in wpForo Forum plugin versions up to 2.4.13 allows authenticated subscribers and above to deserialize untrusted data, potentially enabling arbitrary file deletion, data theft, or code execution if a POP chain exists in installed plugins or themes. The vulnerability requires an additional gadget chain to be exploitable, making its impact dependent on the broader plugin ecosystem of the target WordPress installation.
Heap corruption in Google Chrome's CSS engine prior to version 145.0.7632.45 can be triggered through crafted HTML pages, enabling remote attackers to achieve arbitrary code execution without user interaction beyond viewing a malicious webpage. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, and currently no patch is available. With a CVSS score of 8.8 and low exploit difficulty, this represents a critical risk to active Chrome installations.
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. [CVSS 8.8 HIGH]
Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. [CVSS 8.8 HIGH]
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access t...
Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.
Cipace versions up to 9.17. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Out of bounds memory access in Google Chrome's WebGPU implementation prior to version 145.0.7632.45 allows unauthenticated attackers to trigger memory corruption through a malicious HTML page. This vulnerability requires user interaction but carries high risk due to potential for arbitrary code execution or information disclosure. No patch is currently available.
Sandbox escape in Apple macOS, iOS, and watchOS allows local authenticated attackers to break out of application sandboxes and gain unauthorized access to system resources and other applications' data. The vulnerability stems from insufficient validation logic in sandbox enforcement mechanisms, enabling privilege escalation with high impact on confidentiality, integrity, and availability across affected devices. No patch is currently available.
Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution. [CVSS 8.8 HIGH]
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.
Authenticated users with content creation permissions in Statamic CMS versions 6.0.0 through 6.2.2 can inject persistent JavaScript through content titles that executes in the browsers of higher-privileged users, potentially allowing attackers to create unauthorized super admin accounts. The vulnerability affects users with control panel access and requires user interaction to trigger. A patch is available in version 6.2.3.
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]