A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. [CVSS 7.2 HIGH]
Response-stream injection in Valkey (the Redis fork) lets an authenticated user abuse Lua scripting commands to smuggle arbitrary bytes into the reply stream, corrupting or tampering with data returned to other users sharing the same connection. The flaw stems from the Lua script error-handling path mishandling null characters. It affects all releases prior to 9.0.2, 8.1.6, 8.0.7, and 7.2.12. No public exploit identified at time of analysis; EPSS exploitation probability is negligible (0.02%, 4th percentile) and the issue is not in CISA KEV.
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. [CVSS 3.7 LOW]
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. [CVSS 3.7 LOW]
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this di...
F3 Firmware contains a vulnerability that allows attackers to the response to be stored in client-side caches and recovered by other local use (CVSS 6.5).
Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope, allowing privilege escalation to view sensitive data. An attacker with valid credentials can bypass authorization checks to access confidential information outside their assigned permissions. No patch is currently available for this vulnerability.
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3. [CVSS 6.5 MEDIUM]
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). [CVSS 6.2 MEDIUM]
FastApiAdmin up to 2.2.0 contains an unrestricted file upload vulnerability in the user avatar upload endpoint that allows authenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to compromise system integrity and potentially execute malicious code.
Tenda F3 Wireless Router firmware V12.01.01.55_multi is vulnerable to reflected cross-site scripting (XSS) in its administrative interface due to missing MIME-sniffing protections and insufficient input validation. An unauthenticated attacker can inject malicious scripts that execute in the context of the admin interface when a user visits a crafted link, potentially leading to administrative account compromise. No patch is currently available for this vulnerability.
Reflected cross-site scripting in Jeewms up to version 3.7 exists in the UEditor component's getContent.jsp file through unsanitized input in the myEditor parameter, allowing remote attackers to inject malicious scripts. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification.
Unrestricted file upload in FastApiAdmin up to version 2.2.0 allows authenticated remote attackers to upload arbitrary files through the Scheduled Task API endpoint. Public exploit code exists for this vulnerability, enabling potential remote code execution or system compromise. Affected organizations should immediately upgrade beyond version 2.2.0 or implement access controls on the upload functionality until a patch is released.
FastApiAdmin versions up to 2.2.0 contain an unrestricted file upload vulnerability in the Scheduled Task API's upload controller that allows authenticated attackers to upload arbitrary files remotely. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to achieve unauthorized file write access and potentially further compromise the application.
FastApiAdmin versions up to 2.2.0 contain an information disclosure vulnerability in the file download endpoint that allows authenticated attackers to read arbitrary files through path traversal manipulation. Public exploit code exists for this vulnerability, enabling remote exploitation by users with valid credentials. The vulnerability affects the download_controller function and currently has no available patch.
Cross-site scripting (XSS) in the doAdd function of Jeewms up to version 3.7 allows unauthenticated remote attackers to inject malicious scripts through the Name parameter. Public exploit code exists for this vulnerability, and the vendor has not released patches or responded to disclosure attempts. An attacker can exploit this via a user interaction to perform actions in the context of the affected application.
Smart SSO up to version 2.1.1 contains a reflected cross-site scripting vulnerability in the login page's redirectUri parameter that allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification.
Command injection in DrayTek Vigor 300B firmware up to version 1.5.1.6 allows authenticated remote attackers to execute arbitrary OS commands via the File parameter in the web management interface. Public exploit code exists for this vulnerability, though the vendor has confirmed the product is end-of-life and no patch will be released. This affects only unsupported installations with administrative access.
Improper input sanitization in Datapizza AI 0.0.2's Jinja2 template handler allows remote attackers with high privileges to inject malicious template syntax through the ChatPromptTemplate function, potentially enabling code execution or information disclosure. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. [CVSS 2.4 LOW]
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . [CVSS 5.9 MEDIUM]
Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retrieve sensitive internal information through specially crafted requests in specific configurations. The vulnerability requires high-level admin privileges and does not impact confidentiality or availability broadly, though it poses a risk in multi-tenant environments where privilege boundaries matter. Currently, no patch is available.
Smart Heating Integrated Management Platform versions up to 1.0.0 is affected by improper access control (CVSS 7.3).
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. [CVSS 5.5 MEDIUM]
Tronclass by WisdomGarden contains an insecure direct object reference flaw that allows authenticated attackers to bypass access controls and obtain course invitation codes by manipulating course ID parameters. An attacker exploiting this vulnerability can enroll in arbitrary courses without authorization. No patch is currently available for this medium-severity issue.
Google Chrome versions prior to 145.0.7632.116 allow attackers to inject malicious scripts or HTML into privileged pages through a compromised DevTools extension if a user can be tricked into installing it. The vulnerability requires user interaction to install a malicious extension but could enable unauthorized script execution in sensitive browser contexts. No patch is currently available.
Simple Ajax Chat through version 20251121 exposes sensitive system information to unauthorized access due to improper data protection controls. An unauthenticated remote attacker can retrieve embedded sensitive data from the application with minimal effort. No patch is currently available to remediate this vulnerability.
Unsafe deserialization in the RedisCache component of datapizza-ai 0.0.2 allows authenticated local network attackers to achieve limited information disclosure and integrity compromise through manipulation of cache operations. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires local network access and elevated privileges, making practical attacks difficult but feasible in trusted environments.
The Tenda F3 Wireless Router firmware lacks CSRF protections in its administrative interface, enabling attackers to trick authenticated administrators into making unauthorized configuration changes through crafted requests. An unauthenticated attacker can exploit this to modify router settings by socially engineering an admin into visiting a malicious webpage. No patch is currently available for this vulnerability.
HTTP request smuggling in Akamai Ghost CDN edge servers before 2026-02-06 allows remote attackers to craft malicious requests with conflicting hop-by-hop headers that cause improper message framing when forwarded to origin servers. An attacker can exploit this to inject unauthorized requests or bypass security controls by manipulating how the origin server interprets the request body. No patch is currently available.
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. [CVSS 4.0 MEDIUM]
Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges through an indirect object reference flaw. This network-accessible vulnerability requires valid credentials but no user interaction, enabling privilege escalation attacks with moderate impact on confidentiality, integrity, and availability. No patch is currently available.
SQL injection in Jinher OA C6 through version 20260210 allows authenticated remote attackers to execute arbitrary SQL queries via the id and offsnum parameters in the OfficeSupplyTypeRight.aspx endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. Successful exploitation could enable data exfiltration, modification, or deletion depending on database permissions.
Server-side request forgery in Tiandy Video Surveillance System 7.17.0 allows authenticated remote attackers to manipulate the urlPath parameter in the downloadImage function, enabling arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires valid credentials but no user interaction, posing a medium-severity risk to organizations deploying this surveillance platform.
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. [CVSS 2.4 LOW]
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and ...
Prototype pollution in Webaudiorecorder.js versions 0.1 and 0.1.1 allows authenticated remote attackers to modify object properties through the extend function in Dynamic Config Handling, potentially leading to information disclosure or data manipulation. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific preconditions. The vendor has not released a patch and did not respond to disclosure attempts.
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. [CVSS 2.5 LOW]
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data.
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions.
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'.
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim.