Insecure random number generation in Smolder 1.51 Perl testing framework. Uses rand() for cryptographic operations instead of a CSPRNG, enabling prediction of security tokens.
Broken access control in SolarWinds Serv-U allows unauthorized user creation by exploiting privilege assignment flaws. First of four critical Serv-U vulnerabilities.
IDOR vulnerability in SolarWinds Serv-U allows accessing objects belonging to other users. Fourth critical Serv-U vulnerability in this batch.
Pimcore is an Open Source Data & Experience Management Platform. [CVSS 4.9 MEDIUM]
Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. This requires valid web interface credentials but poses significant risk due to its high severity rating and network-accessible attack vector.
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. [CVSS 8.8 HIGH]
Gcom Epon 1Ge Firmware versions up to c00r371v00b01 is affected by improper access control (CVSS 8.8).
Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.
Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
A use-after-free vulnerability in the IndexedDB storage component of Firefox and Thunderbird allows remote attackers to achieve arbitrary code execution through user interaction. Affected versions include Firefox below 148, Firefox ESR below 115.33 and 140.8, and Thunderbird below 148 and 140.8. No patch is currently available for this high-severity flaw.
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved. [CVSS 8.8 HIGH]
A use-after-free vulnerability in Firefox and Thunderbird's DOM processing allows remote attackers to execute arbitrary code through a malicious webpage or email attachment, requiring only user interaction to trigger. This affects Firefox versions below 148 and Thunderbird versions below 148, with no patch currently available.
Eventsentry versions up to 6.0.1.20 contains a vulnerability that allows attackers to privilege escalation (CVSS 8.8).
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. [CVSS 7.5 HIGH]
DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. [CVSS 8.4 HIGH]
Unauthenticated attackers can bypass FASP administrator approval in Mastodon 4.4.0-4.4.13 and 4.5.0-4.5.6 to subscribe to account events and request content backfill, affecting only servers with the experimental FASP feature enabled. While individual requests cause minor information disclosure of publicly available URIs, repeated exploitation enables denial-of-service attacks. A patch is available to address this authorization bypass.
Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.
Improper access control in REB500 firmware allows authenticated users with low privileges to read and modify unauthorized directories via the DAC protocol. An attacker with valid credentials can escalate their file system access beyond their intended permissions, potentially compromising sensitive data or system integrity. No patch is currently available for this vulnerability.
Server-side request forgery in AVideo prior to version 22.0 allows authenticated users to make arbitrary outbound requests from the affected server via an unvalidated downloadURL parameter in the aVideoEncoder.json.php endpoint. An attacker can exploit this to probe internal network services, access metadata endpoints, and retrieve sensitive data, potentially leading to further system compromise. This affects PHP deployments running vulnerable AVideo versions.
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. [CVSS 7.8 HIGH]
Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. [CVSS 7.7 HIGH]
Mautic's Contact Activity API endpoint is vulnerable to SQL injection due to insufficient validation of the sort direction parameter, allowing authenticated attackers to execute arbitrary SQL queries. This high-severity vulnerability (CVSS 7.6) affects multiple versions and could enable unauthorized data access or modification. No patch is currently available; users should contact security@mautic.org for mitigation guidance.
Wasmtime's HTTP header handling in the wasmtime-wasi-http crate crashes when processing excessive header fields, allowing remote attackers to trigger denial of service against applications embedding Wasmtime. The vulnerability affects versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0, and has been patched to return a controlled trap instead of panicking. Embedders should update immediately to mitigate this DoS vector.
Wasmtime versions 39.0.0 and later experience a denial-of-service panic when async WebAssembly component functions are called and then abandoned by the host before completion, such as when the Future is dropped after a single poll during an async yield. This affects applications using Wasmtime's component model with async support, allowing an attacker to crash the runtime through specially crafted async function invocations. A patch is available to address this stability issue.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously crafted SVG files due to an off-by-one error in boundary validation. An unauthenticated remote attacker can trigger an integer underflow by bypassing the flawed size check, causing the application to crash or become unresponsive. No patch is currently available for affected deployments.
The Settings UI component in Firefox and Thunderbird versions prior to 148 fails to properly restrict access to sensitive configuration data, enabling unauthenticated attackers to remotely disclose confidential information without user interaction. This vulnerability bypasses existing security mitigations designed to protect user settings and preferences. No patch is currently available for affected users.
Improper boundary condition handling in the JavaScript/WebAssembly engine of Firefox and Thunderbird before version 148 enables remote denial of service attacks without requiring user interaction or privileges. An attacker can crash affected applications or cause service unavailability by sending specially crafted content. No patch is currently available.
Imagemagick versions up to 7.1.2-15 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Denial of service in ImageMagick prior to 7.1.2-15 stems from a memory leak in the WriteASHLARImage function within coders/ashlar.c, where an allocated structure is not released when an exception is thrown during ASHLAR image encoding. Remote attackers who can submit images for processing can trigger repeated leaks to exhaust process memory in long-running services that embed ImageMagick. No public exploit identified at time of analysis, and EPSS risk is negligible at 0.05% (16th percentile).
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 7.5 HIGH]
Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. [CVSS 7.5 HIGH]
Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.
Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.
10G08-0800Gsm Firmware is affected by improper restriction of excessive authentication attempts (CVSS 7.5).
Unauthenticated attackers can extract sensitive information from Firefox and Thunderbird users through a JavaScript engine JIT compilation flaw, affecting all versions prior to Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The vulnerability requires no user interaction and can be exploited remotely over the network. No patch is currently available for this high-severity flaw.
Uninitialized memory in Firefox and Firefox Focus for Android versions prior to 148 enables remote attackers to read sensitive data without authentication or user interaction. The vulnerability allows information disclosure through memory that was not properly cleared before use, potentially exposing confidential user information to network-based attackers.
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in client-side JavaScript, allowing unauthenticated remote attackers to decrypt sensitive configuration data and compromise network confidentiality. The static key weakness eliminates the intended cryptographic protection for protected values transmitted to and from the device.
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.
Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext within the web interface and HTTP responses, enabling unauthenticated attackers to extract valid user passwords. This information disclosure vulnerability affects network administrators and can lead to unauthorized access to critical network infrastructure. No patch is currently available.
Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).
Authenticated users with Installer role in REB500 firmware can bypass directory access controls to read and modify files outside their authorized scope. This privilege escalation affects systems where installer accounts are provisioned, enabling unauthorized data access and manipulation. No patch is currently available.
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privileged attackers with network access to execute arbitrary commands on affected systems. The vulnerability stems from insufficient validation of uploaded file types, enabling attackers to bypass security controls and gain code execution. A patch is available for affected organizations to remediate this risk.
Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. [CVSS 7.1 HIGH]
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Synology Presto Client versions prior to 2.1.3-0672 are vulnerable to DLL hijacking during installation, enabling local attackers with user privileges to read or write arbitrary files by placing malicious libraries in the installer directory. The vulnerability requires user interaction and local access but grants high-impact capabilities including confidentiality and integrity violations. No patch is currently available.