zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. [CVSS 2.9 LOW]
Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows authenticated remote attackers to read arbitrary files through manipulation of the path parameter in the /Search/Subject/downLoad function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it a practical risk for organizations using this system.
Server-side request forgery in Hugging Face smolagents 1.24.0 allows authenticated attackers to manipulate the LocalPythonExecutor's requests.get/requests.post functions, enabling remote exploitation without user interaction. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
SQL injection in Tsinghua Unigroup Electronic Archives System versions up to 3.2.210802 allows authenticated remote attackers to manipulate the comid parameter via the /mine/PublicReport/prinReport.html endpoint, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.
Tsinghua Unigroup Electronic Archives System 3.2.210802 contains a path traversal vulnerability in the download functionality that allows authenticated remote attackers to read arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it accessible to any authenticated user with network access.
Unrestricted file upload in mingSoft MCMS 6.1.1's template archive handler allows authenticated attackers with high privileges to upload arbitrary files via manipulation of the File parameter in /ms/file/uploadTemplate.do. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access and high-level authentication but could lead to remote code execution or system compromise.
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. [CVSS 3.3 LOW]
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. [CVSS 3.3 LOW]
A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. [CVSS 3.3 LOW]
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. [CVSS 3.3 LOW]
A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. [CVSS 3.3 LOW]
A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. [CVSS 3.3 LOW]
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The ...
Admesh versions up to 0.98.5 contain a heap buffer overflow in the stl_check_normal_vector function that allows local attackers to corrupt memory with low integrity and confidentiality impact. Public exploit code exists for this vulnerability, and the product appears to be unmaintained with no patch available.
A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. [CVSS 2.5 LOW]
A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. [CVSS 2.5 LOW]
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pa...
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]
Ffmpeg contains a vulnerability that allows attackers to a double-free condition, potentially causing FFmpeg or any application using it (CVSS 3.3).
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. [CVSS 3.3 LOW]
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. [CVSS 2.7 LOW]
YayMail - WooCommerce Email Customizer (WordPress plugin) is affected by missing authorization (CVSS 2.7).
Unrestricted file upload in huanzi-qch base-admin's JSP file upload function allows authenticated remote attackers to upload arbitrary files by manipulating the File parameter, potentially leading to code execution. The vulnerability affects the SysFileController component and has public exploit code available. No patch is currently available from the developers.
SQL injection in Alixhan xh-admin-backend versions up to 1.7.0 allows authenticated attackers to manipulate the prop parameter in the /frontend-api/system-service/api/system/role/query endpoint and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure efforts. Affected organizations running vulnerable versions should immediately restrict access to this endpoint or upgrade if available.
Cross-site request forgery (CSRF) in newbee-mall affects multiple endpoints, allowing unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users. Public exploit code exists for this vulnerability. No patch is currently available, and the project maintainers have not responded to the early disclosure notification.
Improper authorization in GoogTech sms-ssm's LoginInterceptor API interface allows remote authenticated attackers to bypass access controls and manipulate protected functions. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement compensating controls or restrict access to the affected API endpoints.
A security vulnerability has been detected in ggreer the_silver_searcher versions up to 2.2.0. is affected by improper resource shutdown or release (CVSS 3.3).