Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).
The MMA Call Tracking WordPress plugin through version 2.3.15 lacks proper CSRF protection on its admin configuration page, allowing attackers to modify call tracking settings by tricking site administrators into clicking malicious links. An unauthenticated attacker can alter plugin configurations without authorization through forged requests. No patch is currently available for this vulnerability.
RecursiveUrlLoader in LangChain Community prior to 1.1.14 uses weak string-based URL validation that allows attackers to bypass the preventOutside crawling restriction by crafting domains with matching prefixes, potentially exposing the crawler to malicious or internal infrastructure endpoints. An attacker controlling a crawled webpage could inject links to cloud metadata services or private IP ranges, which the crawler would follow without validation, leading to information disclosure.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. [CVSS 3.7 LOW]
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. [CVSS 3.6 LOW]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. [CVSS 3.5 LOW]
Gitlab versions up to 18.6.6 is affected by authorization bypass through user-controlled key (CVSS 3.5).
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. [CVSS 3.3 LOW]
The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. [CVSS 3.3 LOW]
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. [CVSS 3.1 LOW]
An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 2.4 LOW]
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches.
A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.
A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet.
Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.
Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.