A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Gitlab versions up to 18.6.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Gitlab versions up to 18.7.4 is affected by allocation of resources without limits or throttling (CVSS 6.5).
The Twitter posts to Blog plugin for WordPress versions up to 1.11.25 lacks proper access controls on the settings function, allowing unauthenticated attackers to modify plugin configuration including Twitter API credentials and post parameters. This capability check bypass could enable attackers to hijack the plugin's functionality or escalate privileges within WordPress installations. No patch is currently available for this vulnerability.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. [CVSS 6.5 MEDIUM]
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]
An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]
Google Chrome versions before 145.0.7632.45 contain an animation implementation flaw that allows remote attackers to exfiltrate cross-origin data through specially crafted HTML pages. The vulnerability requires user interaction to trigger and affects all Chrome users, potentially exposing sensitive information from other websites. No patch is currently available.
WP eCommerce WordPre versions up to 3.15.1 is affected by deserialization of untrusted data (CVSS 6.5).
Sandboxed applications on Apple platforms (macOS Tahoe, Sonoma, Sequoia, iOS, and iPadOS) can bypass app state observability restrictions to access sensitive user data. A local attacker with app execution privileges could exploit this information disclosure vulnerability to observe data from other applications. Patches are available in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, and iPadOS 18.7.5.
Vaultwarden versions prior to 1.35.3 allow authenticated organization members to bypass collection-level access controls and retrieve all ciphers within their organization through the /ciphers/organization-details endpoint. An attacker with regular member privileges can access sensitive credentials and encrypted data they should not have permission to view. No patch is currently available for affected deployments.
The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. [CVSS 6.5 MEDIUM]
Stored cross-site scripting in Beaver Builder Page Builder plugin for WordPress through version 2.10.0.5 allows authenticated users with Custom-level access or higher to inject malicious scripts into global settings that execute for all site visitors. The vulnerability stems from missing capability checks and insufficient input sanitization in the save_global_settings() function. Attackers can exploit this to deface pages, steal credentials, or perform actions on behalf of other users viewing affected content.
The Flask Micro code-editor plugin for WordPress through version 1.0.0 contains a stored cross-site scripting vulnerability in its codeflask shortcode due to inadequate input validation and output encoding. Authenticated users with contributor-level permissions or higher can inject malicious scripts that execute for all visitors accessing affected pages. No patch is currently available.
Stored cross-site scripting in the HTML Tag Shortcodes WordPress plugin through version 1.1 allows authenticated contributors and above to execute arbitrary scripts on site pages through inadequately sanitized shortcode attributes. Affected users will run attacker-injected code whenever they visit compromised pages, potentially leading to session hijacking or malicious content injection.
Stored XSS in WordPress Slideshow WP plugin through version 1.1 allows authenticated users with contributor-level access to inject malicious scripts via the 'sswpid' shortcode attribute due to insufficient input sanitization. The injected scripts execute in the browsers of any user viewing the affected pages, enabling attackers to steal session data or perform unauthorized actions. No patch is currently available for this vulnerability.
Stored XSS in BuddyHolis ListSearch plugin for WordPress through version 1.1 allows authenticated contributors and above to inject malicious scripts into pages via inadequately sanitized shortcode attributes. When site visitors access compromised pages, the injected scripts execute in their browsers, potentially enabling account hijacking, session theft, or malicious redirects. No patch is currently available for this vulnerability.
Stored XSS in OpenPOS Lite for WooCommerce plugin (versions up to 3.0) allows authenticated contributors and above to inject malicious scripts via the order_qrcode shortcode's width parameter, which execute when other users view affected pages. The vulnerability stems from inadequate input sanitization and output escaping, enabling attackers to compromise page content without user interaction. No patch is currently available.
Stored cross-site scripting in the WordPress Microtango plugin through version 0.9.29 allows authenticated contributors and higher-privileged users to inject malicious scripts via the 'restkey' parameter that execute when other users view affected pages. The vulnerability stems from inadequate input sanitization and output escaping in the mt_reservation shortcode. No patch is currently available.
Stored XSS in the WDES Responsive Popup WordPress plugin through version 1.3.6 allows authenticated contributors and higher-privileged users to inject malicious scripts via the 'wdes-popup-title' shortcode due to inadequate input sanitization. When victims visit affected pages containing the injected payload, the scripts execute in their browsers, potentially compromising site integrity and user data. No patch is currently available.
Orbisius Random Name Generator (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Create Account’ operation at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true .
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true .
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and “Surname” parameters within the ‘My Account’ section at the URL: https://zeus.microcom.es:4040/administracion-estaciones.html resulting in a stored XSS.
Reflected cross-site scripting in TP-Link Archer C60 v3 firmware permits arbitrary JavaScript execution through malicious URLs, enabling attackers to steal credentials or hijack sessions when targeted at privileged users. The vulnerability requires user interaction to trigger but has network-accessible attack vectors with no authentication needed. No patch is currently available.
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. [CVSS 6.0 MEDIUM]
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 6.0 MEDIUM]
Pion DTLS is a Go implementation of Datagram Transport Layer Security. [CVSS 5.9 MEDIUM]
The Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. [CVSS 5.8 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
Insufficient validation of environment variables in Apple's macOS, iOS, iPadOS, and visionOS allows local applications to read sensitive user data without user interaction. An attacker with the ability to run code on the affected device could exploit this to access confidential information through improperly sanitized environment variable handling. A patch is not currently available for this medium-severity vulnerability.
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. [CVSS 5.5 MEDIUM]
macOS path validation bypass allows local authenticated users to read sensitive user data through improper directory path parsing. The vulnerability requires local access and valid credentials, limiting the attack surface to users already on the affected system. No patch is currently available for this medium-severity issue affecting macOS Tahoe 26.3 and earlier versions.
Improper path validation in Apple's macOS, iOS, and visionOS allows local attackers to bypass directory access restrictions and read sensitive user data through crafted file paths. An authenticated user with local access can exploit this parsing weakness without user interaction to access confidential information. No patch is currently available for this vulnerability.
Malicious applications on macOS can intercept and read notifications synced from other iCloud-connected devices due to improper access controls on notification data. This local privilege escalation affects macOS versions prior to Tahoe 26.3 and requires user interaction to execute the malicious app. An attacker with local access could gain unauthorized visibility into private notifications and communications across a user's device ecosystem.
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. [CVSS 5.5 MEDIUM]
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 5.5 MEDIUM]
macOS applications can bypass permission restrictions to access sensitive user data due to a permissions validation flaw affecting macOS versions prior to Tahoe 26.3. An attacker would need local access and user interaction to exploit this vulnerability, resulting in unauthorized disclosure of protected information without affecting system integrity or availability. This issue has been patched in macOS Tahoe 26.3.
macOS Tahoe versions prior to 26.3 contain an improper temporary file handling vulnerability that allows local authenticated applications to read sensitive user data. The vulnerability requires local access and valid user privileges but poses no risk to system integrity or availability. No patch is currently available for affected systems.