Insufficient input validation in RustFS versions 1.0.0-alpha.56 through 1.0.0-alpha.82 allows authenticated attackers to circumvent presigned POST upload policy restrictions, bypassing content-length-range, starts-with, and Content-Type controls. An attacker can exploit this to upload oversized files, write to arbitrary object keys, and spoof file types, resulting in storage exhaustion and potential unauthorized data access.
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).
Authenticated users in LORIS 24.0.0 through 28.0.0 can exploit a path traversal vulnerability to read arbitrary configuration files containing hardcoded database and service credentials. An attacker with valid application access and appropriate permissions can leverage publicly available source code to easily craft requests that expose these sensitive files, potentially enabling lateral movement to backend systems. No patch is currently available for affected versions.
GitLab CE/EE versions 16.2 through 18.9.0 are vulnerable to cross-site scripting (XSS) in the Mermaid sandbox UI, allowing unauthenticated attackers to inject arbitrary scripts under specific conditions. The vulnerability affects multiple release branches and currently has no available patch, requiring users to upgrade to patched versions 18.7.5, 18.8.5, or 18.9.1 and later. An attacker could exploit this to perform malicious actions in the context of other users' sessions, potentially compromising sensitive data or account security.
Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001.
Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).
Improper SNMP request parsing in Cisco Nexus 9000 Series switches running ACI mode allows authenticated remote attackers to trigger kernel panics and device reloads by sending specially crafted queries to specific MIBs. An attacker with valid SNMP read-only community credentials can exploit this vulnerability across SNMP versions 1, 2c, and 3 to achieve denial of service. No patch is currently available for this vulnerability.
Plane versions before 1.2.2 contain a server-side request forgery vulnerability in the "Add Link" feature that allows authenticated users to send arbitrary GET requests to internal networks and retrieve full response bodies. An attacker with basic user privileges can exploit this to steal sensitive data from internal services and cloud metadata endpoints. No patch is currently available.
Unauthenticated attackers can forge authentication tokens in the WPGSI: Spreadsheet Integration plugin for WordPress (versions up to 3.8.3) due to missing capability checks and weak token validation that relies only on Base64-encoded, unsigned user data. This allows remote attackers to create, modify, and delete arbitrary WordPress posts and pages without authentication. No patch is currently available.
FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.
The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. [CVSS 7.5 HIGH]
Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).
Gitlab versions up to 18.7.5 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Misconfigured firewall rules in Meraki MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200) routers accept WAN connections on source port 5222, allowing unauthenticated remote attackers to access services normally restricted to the local network. An attacker can leverage this to gain unauthorized access to sensitive internal services and information. No patch is currently available to remediate this vulnerability.
tfplan2md versions before 1.26.1 fail to properly mask sensitive values in Terraform plan reports across multiple rendering paths, causing credentials and other confidential data to be exposed in plaintext markdown output instead of being redacted. Administrators and developers using affected versions to generate infrastructure reports may inadvertently expose secrets to unauthorized parties with access to the generated documentation. No patch is currently available for this high-severity information disclosure vulnerability affecting Azure and Terraform workflows.
Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.
Cisco Nexus 3600 and 9500-R switches are vulnerable to Layer 2 traffic loops when processing maliciously crafted EVPN frames, allowing unauthenticated adjacent attackers to trigger a denial of service condition by overwhelming network bandwidth. An attacker can exploit this logic error in Layer 2 ingress packet processing by sending crafted Ethernet frames, causing VxLAN traffic loops that drop all data plane traffic. No patch is currently available for this vulnerability.
Cisco Nexus 9000 Series Fabric Switches in ACI mode contains a vulnerability that allows attackers to cause the device to reload unexpectedly, resulting in a DoS condition (CVSS 7.4).
Cisco NX-OS devices can be forced to reload through a crafted LLDP packet sent by an adjacent, unauthenticated attacker, causing a denial of service condition. The vulnerability stems from improper frame field validation in the LLDP process, exploitable only from directly connected network segments. No patch is currently available for affected systems.
Improper authorization in the udisks D-Bus API allows local unprivileged users to manipulate LUKS encryption headers on block devices with root privileges, potentially destroying encryption keys and rendering volumes inaccessible. An attacker with local access can exploit this to cause permanent data loss through denial-of-service. No patch is currently available for this vulnerability.
Privilege escalation via cache key collision in Parse Dashboard (npm parse-dashboard) versions 7.3.0-alpha.42 through 9.0.0-alpha.7 allows an authenticated read-only user to obtain the full master key. The flaw lives in ConfigKeyCache, which reuses one cache entry for both the master key and the read-only master key when those keys are function-typed; under a timing race a read-only session can read back the cached full master key (or a regular user the read-only key). Exploitation requires an authenticated dashboard session and a non-default configuration (function-typed keys plus the agent block); no public exploit identified at time of analysis and EPSS is low (0.05%), but the GitHub Security Advisory and patch commit confirm the issue.