Denial of service in Valkey-Bloom module allows authenticated attackers to crash the Valkey server by sending a specially crafted RESTORE command that triggers an unhandled assertion. The vulnerability exists because the module failed to set the IO_ERRORS flag during RDB parsing, causing the server to shut down instead of gracefully handling the malformed input. A security patch is available, and administrators can mitigate the issue by disabling the RESTORE command if not required.
Uncontrolled resource allocation in Wasmtime's WASI host interfaces allows authenticated guests to trigger denial of service on the host system by exhausting resources without proper limits. Affected versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 require explicit configuration to mitigate this issue, though Wasmtime 42.0.0 and later provide secure defaults. No patch is currently available for older versions, and resource exhaustion protections must be manually enabled.
Insufficient SQL function restrictions in Apache Superset before 4.1.2 allow authenticated users to execute sensitive database functions on ClickHouse engines that should have been blocked. An attacker with database access could leverage the incomplete DISALLOWED_SQL_FUNCTIONS list to bypass security controls and potentially extract or manipulate data. No patch is currently available for affected versions of Apache Superset, PostgreSQL, and related deployments.
Medium severity vulnerability in ImageMagick. The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain an integer overflow in the SUN image decoder that allows heap buffer overflow on 32-bit systems when processing specially crafted image files. Attackers can trigger this vulnerability remotely without authentication to cause denial of service or potentially achieve code execution. A patch is currently unavailable, leaving affected 32-bit installations at risk until updates are released.
ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.
Medium severity vulnerability in ImageMagick. A heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image).
Authenticated users in Apache Superset versions before 6.0.0 can access sensitive user information including password hashes and email addresses through the Tag endpoint API, which improperly exposes user objects without proper field filtering. An attacker with low-privilege credentials (such as Gamma role) can exploit this to retrieve authentication data that should remain hidden. The vulnerability only affects instances with the TAGGING_SYSTEM enabled, which is disabled by default.
Apache Superset before version 6.0.0 contains an authorization bypass in dataset management that allows authenticated users with write access to datasets to circumvent data access controls and query unauthorized information. An attacker can exploit this by modifying the SQL query of existing datasets to access restricted data that their role should not permit. No patch is currently available, leaving affected deployments vulnerable until upgrading to version 6.0.0.
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. User...
Authenticated users in Apache Superset versions before 6.0.0 can execute write operations against PostgreSQL databases configured as read-only by crafting specially formatted SQL statements that evade validation checks. This allows an attacker with SQLLab access to perform unauthorized data modifications despite read-only protections being in place. No patch is currently available for affected versions.
Devolutions Server 2025.3.14.0 and earlier contains insufficient access control in REST API endpoints that enables authenticated view-only users to retrieve sensitive connection data they should not access. An attacker with basic authentication credentials could exploit this to gain unauthorized visibility into protected connection information, compromising confidentiality without requiring user interaction or elevated privileges.
Payload CMS prior to v3.75.0 contains a Server-Side Request Forgery vulnerability in its external file upload feature that allows authenticated users with upload collection permissions to access internal network resources by exploiting insufficient HTTP redirect validation. An attacker could retrieve sensitive response content from internal services accessible to the Payload server. A patch is available in version 3.75.0.
Apache Superset before version 6.0.0 contains a SQL injection vulnerability in the sqlExpression and where parameters that allows authenticated users with read access to extract sensitive data through error-based techniques. An attacker with valid credentials could exploit this to bypass query restrictions and access unauthorized database information. A patch is available in version 6.0.0 and later.
Imagemagick versions up to 7.1.2-15 is affected by loop with unreachable exit condition (infinite loop) (CVSS 6.2).
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously crafted image profiles containing invalid IPTC data, which triggers an infinite loop during IPTCTEXT writing operations. An attacker can exploit this by supplying a specially crafted image file to cause the application to hang or consume excessive resources. No patch is currently available for affected systems.
Medium severity vulnerability in ImageMagick. # Magick fails to check for circular references between two MSLs, leading to a stack overflow.
OS command injection in the Ping Handler component of Intelbras TIP 635G firmware (version 1.12.3.5) enables authenticated attackers to execute arbitrary system commands remotely. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. Affected devices remain exploitable until the vendor releases a security update.
Hummerrisk versions up to 1.5.0. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Command injection in HummerRisk up to version 1.5.0 allows authenticated remote attackers to execute arbitrary commands through the Cloud Task Dry-run feature by manipulating the fileName parameter in CloudTaskService.java. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve remote code execution with limited impact on confidentiality, integrity, and availability.
HummerRisk versions up to 1.5.0 contain a command injection vulnerability in the Cloud Task Scheduler component where the regionId parameter is insufficiently validated, allowing authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early disclosure notification. An authenticated attacker can exploit this to achieve remote code execution with limited scope impact.
Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.
HummerRisk versions up to 1.5.0 contain a path traversal vulnerability in the archive extraction functionality that allows authenticated remote attackers to read and write arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects the extractTarGZ and extractZip functions in the common utilities library.
Path traversal in Dinky up to version 1.2.5 allows authenticated remote attackers to access arbitrary files on the system through manipulation of the projectName parameter in the GitRepository component. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can exploit this to read sensitive files or potentially escalate privileges within Java-based Dinky deployments.
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7. [CVSS 6.1 MEDIUM]
NiceGUI versions prior to 3.8.0 are vulnerable to stored cross-site scripting (XSS) through multiple APIs that improperly handle user-controlled method names, allowing attackers to inject arbitrary JavaScript that executes in victims' browsers. The vulnerability stems from unsafe use of eval() and string interpolation in Element.run_method(), AgGrid.run_grid_method(), EChart.run_chart_method(), and related functions. A patch is available in version 3.8.0 and later.
Open redirect in Horilla up to version 1.0.2 allows remote attackers to redirect users to arbitrary external websites by manipulating the prev_url query parameter in the global search functionality. Public exploit code exists for this vulnerability, making it actively exploitable in the wild. Upgrading to version 1.0.3 or applying patch 730b5a44ff060916780c44a4bdbc8ced70a2cd27 resolves the issue.
Reflected XSS in SourceCodester Modern Image Gallery App 1.0 allows unauthenticated remote attackers to inject malicious scripts through the filename parameter in upload.php. Public exploit code exists for this vulnerability, though it requires user interaction to succeed. No patch is currently available.
Reflected cross-site scripting in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /admin/navbar.php. Public exploit code exists for this vulnerability, enabling attackers to steal session tokens or perform actions on behalf of administrators. No patch is currently available.
Avideo versions prior to 21.0 allow authenticated attackers to inject malicious JavaScript through improperly sanitized Markdown links in video comments, enabling session hijacking, privilege escalation, and data theft when victims click the links. The vulnerability stems from unsafe Parsedown configuration that fails to block javascript: URI schemes. A patch is available in version 21.0.
Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables attackers to execute arbitrary JavaScript within authenticated user sessions via the web interface. An attacker with network access can inject malicious scripts that execute in the context of legitimate users, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. No patch is currently available.
SQL injection in PearProjectApi up to version 2.8.10 allows authenticated attackers to execute arbitrary SQL queries through the projectCode parameter in the dateTotalForProject function. Public exploit code exists for this vulnerability, enabling remote attacks with potential to read, modify, or delete database contents. The vendor has not released a patch despite early notification.
Server-side request forgery in Dinky up to version 1.2.5 allows authenticated attackers to make arbitrary HTTP requests through the Flink Proxy Controller's proxyUba function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can leverage this to access internal resources or perform actions on behalf of the affected server.
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. [CVSS 3.8 LOW]
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. [CVSS 3.5 LOW]
NATS Server versions prior to 2.11.2 and 2.12.3 fail to properly limit memory allocation during WebSocket compression, allowing unauthenticated attackers to trigger denial of service through compression bomb attacks that exhaust server memory. The vulnerability is exploitable pre-authentication since compression negotiation occurs before credential validation. A patch is available in versions 2.11.2 and 2.12.3.
Mastodon servers with the experimental FASP feature enabled are vulnerable to Server-Side Request Forgery (SSRF) attacks, allowing unauthenticated attackers to register accounts with arbitrary base URLs that force the server to make requests to internal or local addresses. While attackers cannot control the full request path or view responses, this exposure of internal systems to external manipulation could facilitate reconnaissance or attacks on backend infrastructure. Affected versions are 4.4.0-4.4.13 and 4.5.0-4.5.6; a patch is available.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 allow local attackers to bypass the secure policy's stdin/stdout restrictions by using fd:<n> pseudo-filenames (e.g., fd:0, fd:1), enabling unauthorized reading and writing to standard streams. This vulnerability affects systems relying on ImageMagick's default security policies to prevent stream manipulation. No patch is currently available, though administrators can manually update their security policy configuration as a workaround.
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. [CVSS 7.8 HIGH]
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. [CVSS 4.2 MEDIUM]
Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. [CVSS 4.1 MEDIUM]
A use-after-free vulnerability in Firefox and Thunderbird's JavaScript WebAssembly engine allows remote attackers to achieve information disclosure or data manipulation through a malicious webpage or email attachment that requires user interaction. Affected versions include Firefox below 148 and Thunderbird below 148, with no patch currently available. The vulnerability has a network attack vector with low complexity and carries a CVSS score of 5.4.
Dell Wyse Management Suite versions before 5.5 contain a cross-site scripting (XSS) vulnerability that allows authenticated remote attackers to inject malicious scripts into web pages. An attacker with low privileges and user interaction can exploit this to execute arbitrary JavaScript in the context of other users' sessions. A patch is available to remediate this vulnerability.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to a heap-use-after-free condition when processing specially crafted MSL scripts, allowing unauthenticated remote attackers to cause denial of service. The vulnerability occurs when the operation element handler frees image data while the parser continues accessing it, leading to memory corruption during subsequent parsing operations. No patch is currently available for affected versions.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to a heap buffer overflow in the YUV image decoder that allows remote attackers to trigger a denial of service condition by processing specially crafted YUV 4:2:2 images. The vulnerability stems from an off-by-one write error in the pixel processing loop that exceeds allocated buffer boundaries. No patch is currently available for affected installations.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]