An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.
Rucio's WebUI login endpoint prior to versions 35.8.3, 38.5.4, and 39.3.1 discloses whether usernames exist through differential error messages, enabling unauthenticated attackers to enumerate valid accounts. Public exploit code exists for this username enumeration vulnerability. The issue affects all unpatched Rucio installations and requires upgrading to the fixed versions.
Authorization bypass in Sz Boot Parent up to version 1.3.2-beta allows unauthenticated remote attackers to access arbitrary messages through manipulation of the messageId parameter in the /api/admin/sys-message/ endpoint. Public exploit code exists for this vulnerability, enabling attackers to query messages beyond their authorization scope. Upgrade to version 1.3.3-beta or later to remediate, which implements message ownership verification.
Broken authorization in Parse Dashboard's AI Agent endpoint (POST /apps/:appId/agent) lets any authenticated user reach apps they are not scoped to and lets read-only users escalate to full read-write control. Present in versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the endpoint omits per-app authorization checks and hands read-only users the full master key, so an attacker can swap the app ID in the URL to act against other tenants and supply write permissions to perform write/delete operations. No public exploit is identified at time of analysis, and the EPSS probability is very low (0.03%), but it is trivially exploitable by any logged-in low-privilege user where the agent feature is enabled.
Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.
Path traversal in Octopus Deploy allows removing files and file contents on the host through API manipulation. Enables data destruction on the deployment server.
Hardcoded credentials extractable through API responses and mobile app reverse engineering in an enterprise application. Administrative credentials are exposed in multiple channels.
Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.
Openemr versions up to 7.0.4 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.0).
Cross-site WebSocket hijacking leading to persistent XSS and Remote Code Execution affects Storybook's dev server prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10. Because the dev server's story create/save WebSocket handlers fail to validate the connection origin and do not sanitize the componentFilePath field, a malicious website silently injects WebSocket messages into a developer's locally running instance to plant XSS or execute code; publicly exposed dev servers can be hit directly by any unauthenticated attacker. No public exploit identified at time of analysis, and EPSS is low at 0.17% (38th percentile), but the high CVSS 4.0 score of 8.9 and confirmed RCE impact make this a meaningful developer-workstation risk.
Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.
Stored XSS in OpenEMR prior to version 8.0.0 allows authenticated users with "Forms administration" role to inject malicious JavaScript into patient encounter forms, which executes when other users with the same role view the affected data. Public exploit code exists for this vulnerability. The issue is resolved in version 8.0.0.
Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.
Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.
Remote code execution in SPIP's interface_traduction_objets plugin prior to version 2.2.2 allows authenticated editors to execute arbitrary code by injecting malicious content into unfiltered form fields that bypass output protection mechanisms. The vulnerability exploits how underscore-prefixed fields circumvent SPIP's security filters and are processed through the template engine without sanitization. An attacker with editor-level privileges can leverage this to achieve full code execution within the web server context.
Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8).
SQL injection in the SPIP interface_traduction_objets plugin before version 2.2.2 allows authenticated editors to execute arbitrary database queries through unsanitized input in translation request parameters. Attackers can exploit this to read, modify, or delete database contents, or cause denial of service. A patch is available and should be applied immediately to affected installations.
Authenticated users in JetBrains YouTrack versions prior to 2025.3.121962 can bypass authorization controls to access the app permissions endpoint, potentially allowing privilege escalation or unauthorized modification of application settings. This vulnerability requires valid login credentials but has no complexity requirements, enabling attackers with low-level access to gain high-impact capabilities including confidentiality and integrity violations. No patch is currently available.
Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.
FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]
JWT authentication bypass in OpenSIPS 3.1 through 3.6.3 lets remote attackers impersonate arbitrary identities by exploiting a SQL injection in the auth_jwt module's jwt_db_authorize() function. The flaw affects only deployments where the module runs with db_mode enabled against a SQL database backend; the tag claim is read from the JWT and placed into a SQL query before the token signature is verified, so no valid signing key is needed. EPSS is low (0.07%, 20th percentile) and there is no public exploit identified at time of analysis, but the auth-bypass impact makes it a meaningful risk for exposed VoIP infrastructure.
Cross-site request forgery in Parse Dashboard (versions 7.3.0-alpha.42 through 9.0.0-alpha.7) lets a remote attacker abuse the unprotected AI Agent endpoint (POST /apps/:appId/agent), which lacks CSRF protection and a session-bound token. By luring an authenticated dashboard operator to a malicious web page, the attacker forces agent requests to execute under the victim's session, driving state-changing operations against managed Parse Server apps. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.02%), and the issue is fixed in 9.0.0-alpha.8.
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the -cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. [CVSS 8.3 HIGH]
Hono is a Web application framework that provides support for any JavaScript runtime. [CVSS 8.2 HIGH]
Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.
Insufficient input validation in RustFS versions 1.0.0-alpha.56 through 1.0.0-alpha.82 allows authenticated attackers to circumvent presigned POST upload policy restrictions, bypassing content-length-range, starts-with, and Content-Type controls. An attacker can exploit this to upload oversized files, write to arbitrary object keys, and spoof file types, resulting in storage exhaustion and potential unauthorized data access.
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).
Authenticated users in LORIS 24.0.0 through 28.0.0 can exploit a path traversal vulnerability to read arbitrary configuration files containing hardcoded database and service credentials. An attacker with valid application access and appropriate permissions can leverage publicly available source code to easily craft requests that expose these sensitive files, potentially enabling lateral movement to backend systems. No patch is currently available for affected versions.
GitLab CE/EE versions 16.2 through 18.9.0 are vulnerable to cross-site scripting (XSS) in the Mermaid sandbox UI, allowing unauthenticated attackers to inject arbitrary scripts under specific conditions. The vulnerability affects multiple release branches and currently has no available patch, requiring users to upgrade to patched versions 18.7.5, 18.8.5, or 18.9.1 and later. An attacker could exploit this to perform malicious actions in the context of other users' sessions, potentially compromising sensitive data or account security.
Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001.
Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).
Improper SNMP request parsing in Cisco Nexus 9000 Series switches running ACI mode allows authenticated remote attackers to trigger kernel panics and device reloads by sending specially crafted queries to specific MIBs. An attacker with valid SNMP read-only community credentials can exploit this vulnerability across SNMP versions 1, 2c, and 3 to achieve denial of service. No patch is currently available for this vulnerability.
Plane versions before 1.2.2 contain a server-side request forgery vulnerability in the "Add Link" feature that allows authenticated users to send arbitrary GET requests to internal networks and retrieve full response bodies. An attacker with basic user privileges can exploit this to steal sensitive data from internal services and cloud metadata endpoints. No patch is currently available.
Unauthenticated attackers can forge authentication tokens in the WPGSI: Spreadsheet Integration plugin for WordPress (versions up to 3.8.3) due to missing capability checks and weak token validation that relies only on Base64-encoded, unsigned user data. This allows remote attackers to create, modify, and delete arbitrary WordPress posts and pages without authentication. No patch is currently available.
FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.
The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. [CVSS 7.5 HIGH]
Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).
Gitlab versions up to 18.7.5 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Misconfigured firewall rules in Meraki MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200) routers accept WAN connections on source port 5222, allowing unauthenticated remote attackers to access services normally restricted to the local network. An attacker can leverage this to gain unauthorized access to sensitive internal services and information. No patch is currently available to remediate this vulnerability.
tfplan2md versions before 1.26.1 fail to properly mask sensitive values in Terraform plan reports across multiple rendering paths, causing credentials and other confidential data to be exposed in plaintext markdown output instead of being redacted. Administrators and developers using affected versions to generate infrastructure reports may inadvertently expose secrets to unauthorized parties with access to the generated documentation. No patch is currently available for this high-severity information disclosure vulnerability affecting Azure and Terraform workflows.
Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.
Cisco Nexus 3600 and 9500-R switches are vulnerable to Layer 2 traffic loops when processing maliciously crafted EVPN frames, allowing unauthenticated adjacent attackers to trigger a denial of service condition by overwhelming network bandwidth. An attacker can exploit this logic error in Layer 2 ingress packet processing by sending crafted Ethernet frames, causing VxLAN traffic loops that drop all data plane traffic. No patch is currently available for this vulnerability.
Cisco Nexus 9000 Series Fabric Switches in ACI mode contains a vulnerability that allows attackers to cause the device to reload unexpectedly, resulting in a DoS condition (CVSS 7.4).
Cisco NX-OS devices can be forced to reload through a crafted LLDP packet sent by an adjacent, unauthenticated attacker, causing a denial of service condition. The vulnerability stems from improper frame field validation in the LLDP process, exploitable only from directly connected network segments. No patch is currently available for affected systems.
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. [CVSS 3.3 LOW]
Improper authorization in the udisks D-Bus API allows local unprivileged users to manipulate LUKS encryption headers on block devices with root privileges, potentially destroying encryption keys and rendering volumes inaccessible. An attacker with local access can exploit this to cause permanent data loss through denial-of-service. No patch is currently available for this vulnerability.
Privilege escalation via cache key collision in Parse Dashboard (npm parse-dashboard) versions 7.3.0-alpha.42 through 9.0.0-alpha.7 allows an authenticated read-only user to obtain the full master key. The flaw lives in ConfigKeyCache, which reuses one cache entry for both the master key and the read-only master key when those keys are function-typed; under a timing race a read-only session can read back the cached full master key (or a regular user the read-only key). Exploitation requires an authenticated dashboard session and a non-default configuration (function-typed keys plus the agent block); no public exploit identified at time of analysis and EPSS is low (0.05%), but the GitHub Security Advisory and patch commit confirm the issue.