Improper authentication in Chia Blockchain 2.1.0's RPC Credential Handler (_authenticate function) allows remote attackers to bypass credential validation with high complexity exploitation. Public exploit code exists for this vulnerability, and the vendor dismissed the report as a design choice placing responsibility on users for host security. Affected systems may experience confidentiality, integrity, and availability impacts through unauthorized RPC access.
Insufficient input validation in Cisco FXOS and UCS Manager web interfaces enables authenticated administrators to inject arbitrary commands and achieve root-level code execution on affected systems. The vulnerability requires local access and valid admin credentials, allowing privileged attackers to bypass normal OS restrictions. No patch is currently available, and the lack of input sanitization on command arguments represents a critical privilege escalation vector for insider threats.
Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game interaction handlers. [CVSS 2.6 LOW]
Cisco UCS Manager's CLI and web management interfaces are vulnerable to OS command injection when authenticated administrators submit specially crafted input due to inadequate argument validation. An attacker with valid admin credentials can exploit this to execute arbitrary commands as root on the affected device. No patch is currently available for this vulnerability.
Man-in-the-middle attacks in TLS/SSL certificate verification for FTPES/FTPS connections in ADM 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allow remote attackers to intercept and modify backup data and authentication credentials without patching available. The FTP Backup feature fails to properly validate certificates, enabling network traffic interception and credential compromise during secure file transfers. Affected organizations should implement network segmentation or disable FTPES/FTPS backup functionality until patches become available.
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Denial of Service in Red Hat Developer Hub's Orchestrator Plugin allows authenticated users to crash the entire Backstage application through malformed GraphQL queries due to insufficient input validation. An attacker can leverage this to temporarily disable platform access for all legitimate users. No patch is currently available to address this vulnerability.
Gitlab versions up to 18.7.5 is affected by allocation of resources without limits or throttling (CVSS 6.5).
Plane prior to version 1.2.2 allows authenticated users to modify project assets across any workspace by directly referencing asset IDs, as the asset lookup fails to verify workspace and project ownership. An attacker with guest-level credentials can enumerate asset UUIDs and alter asset attributes and upload status without authorization. The vulnerability has been patched in version 1.2.2.
Secure Copy Content Protection and Content Locking (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Stored XSS in Rise Blocks WordPress plugin versions up to 3.7 allows authenticated contributors and above to inject malicious scripts into pages through the logoTag Site Identity block attribute due to inadequate input sanitization. The injected scripts execute in the browsers of all users who access the compromised pages, potentially leading to credential theft, session hijacking, or malware distribution. No patch is currently available.
Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001.
Missing authentication in the mesh network functionality of Netgear MR9600 (1.0.4.205530) and MX4200 (1.0.13.210200) allows an attacker with physical device access to add unauthorized mesh devices and extract sensitive credentials including admin passwords and Wi-Fi keys. The vulnerability requires no user interaction and affects the confidentiality of authentication materials stored on the device. No patch is currently available for this issue.
Cross-site scripting (XSS) in OpenEMR prior to version 8.0.0 allows unauthenticated attackers to inject malicious scripts through the translation database, as the `xl()` function returns unescaped strings that are used directly in the application without proper context-specific escaping. An attacker with database access could exploit this to execute arbitrary JavaScript in users' browsers and compromise sensitive patient data or application functionality. The vulnerability is resolved in OpenEMR 8.0.0 and later versions.
Unrestricted file uploads in Sz Boot Parent versions up to 1.3.2-beta allow authenticated remote attackers to upload malicious files via the /api/admin/sys-file/upload API endpoint. Public exploit code exists for this vulnerability, which has been patched in version 1.3.3-beta through the addition of file extension and MIME type whitelisting controls. Immediate upgrade to the patched version is strongly recommended.
Website Link Extractor versions up to 1.0 is affected by server-side request forgery (ssrf) (CVSS 6.3).
Reflected XSS in SPIP jeux plugin before version 4.1.1 allows unauthenticated remote attackers to inject malicious scripts through unencoded request parameters in the pre_propre pipeline. An attacker can craft a malicious URL that, when visited by a victim, executes arbitrary JavaScript in the victim's browser with access to the page's context. A patch is available for affected installations.
SQL injection in itsourcecode College Management System 1.0's teacher management interface allows authenticated attackers to manipulate the teacher_id parameter in /admin/display-teacher.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling remote exploitation by users with administrative access. The vulnerability remains unpatched and carries medium severity with potential for data confidentiality, integrity, and availability compromise.
College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
Bigbluebutton versions up to 3.0.20 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Improper authorization in Sz Boot Parent up to version 1.3.2-beta allows authenticated attackers to reset arbitrary user passwords by manipulating the userId parameter in the password reset API endpoint. Public exploit code exists for this vulnerability, enabling remote password reset attacks against any user account. Upgrade to version 1.3.3-beta or later to remediate.
Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).
InvenTree prior to version 1.2.3 allows authenticated staff users to inject malicious Jinja2 template code into batch code generation functionality, enabling server-side template injection that can expose sensitive data or execute arbitrary code. Once a staff member modifies the template maliciously, any user triggering batch code generation via the API will execute the injected code within their user context. This vulnerability requires staff-level access to set up but can be exploited by lower-privileged users once the malicious template is in place.
Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 2.4).
Libvips up to version 8.18.0 contains a heap buffer overflow in the CSV parsing function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code is available for this vulnerability, and a patch has been released to address the issue.
Stack-based buffer overflow in CodeAstro Food Ordering System 1.0 allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code, with public exploit code currently available. The vulnerability affects food_ordering.exe through an undocumented function and requires local access to exploit. No patch is currently available for affected systems.
SQL injection in z-9527 admin 1.0/2.0 user controller functions (checkName, register, login, getUser, getUsers) allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. The impact includes potential unauthorized data access, modification, and service disruption with no available patch.
Local denial of service in Windows CLFS.sys driver allows unprivileged users to crash the system through improper handling of special elements. Affected versions include Windows 11 2024 LTSC and Windows Server 2025 prior to the September 2025 cumulative update, while Windows 25H2 and later contain the patch. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.5 with zero estimated probability of exploitation.
Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.
Device reload in Cisco APIC's Object Model CLI component allows authenticated local users to trigger a denial of service through insufficient input validation on crafted commands. An attacker with valid credentials and CLI access can exploit this vulnerability to crash the affected device, though no patch is currently available. This vulnerability affects systems where attackers can obtain legitimate user credentials with appropriate role permissions.
Unprivileged users can extract LUKS encryption headers from the udisks daemon due to missing authorization checks on a privileged D-Bus method, allowing attackers to read sensitive cryptographic metadata and potentially compromise encrypted storage confidentiality. The vulnerability affects systems running vulnerable versions of udisks and requires local access to exploit. No patch is currently available.
The Events Calendar plugin for WordPress through version 6.15.16 fails to properly validate user capabilities in REST API endpoints, allowing authenticated contributors and higher-privileged users to modify or delete events, organizers, and venues without proper authorization. This capability check bypass affects all installations with the vulnerable plugin version and enables authenticated attackers with lower-level access to cause data integrity issues and service disruption. No patch is currently available for this medium-severity vulnerability.
Stored XSS in Mercator prior to version 2026.02.22 allows authenticated users to execute arbitrary JavaScript in other users' browsers by injecting malicious payloads into entity fields like contact points. The vulnerability exploits improperly escaped Blade template directives, enabling attackers to compromise administrator accounts and perform actions with their privileges. A patch is available in version 2026.02.22.
n8n is an open source workflow automation platform. [CVSS 5.4 MEDIUM]
FreeRDP versions prior to 3.23.0 are vulnerable to a buffer overread in icon data processing that allows denial of service when clients receive crafted RDP Window Icon data from a server or network attacker. An unauthenticated remote attacker can exploit this vulnerability to crash the FreeRDP client by sending malicious icon structures during the RDP connection. A patch is available in version 3.23.0 and later.
Gitlab versions up to 18.9.0 is affected by allocation of resources without limits or throttling (CVSS 5.3).
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. [CVSS 3.1 LOW]
Telerik Ui For Asp.Net Ajax versions up to 2026.1.225 contains a vulnerability that allows attackers to collisions and file content tampering (CVSS 5.3).
Configuration Manager versions up to 11.0.5-00 is affected by insertion of sensitive information into log file (CVSS 5.2).
Chia Blockchain 2.1.0's RPC Server Master Passphrase Handler lacks proper authentication in the send_transaction and get_private_key functions, allowing authenticated local attackers to bypass security controls with public exploit code available. An attacker with local access and existing privileges could manipulate these functions to gain unauthorized access to sensitive blockchain operations, though exploitation requires high complexity and the vendor considers this a user responsibility issue. A patch is not currently available.
Authenticated WordPress users with Author-level or higher privileges can exploit a Server-Side Request Forgery vulnerability in the Responsive Lightbox & Gallery plugin (versions up to 2.7.1) due to improper hostname validation in the image upload function. This allows attackers to send arbitrary web requests from the vulnerable server to internal services, potentially exposing or modifying sensitive information within the network. The vulnerability affects all versions up to 2.7.1 with no patch currently available.
Devolutions Server 2025.3.14 and earlier stores sensitive user account information in plaintext within the database, enabling attackers with database access to extract this data without authentication. This vulnerability affects deployments where database security is compromised or where privileged users have malicious intent. No patch is currently available.
OpenFUN Richie LMS's course synchronization API uses non-constant-time comparison for HMAC signature validation, allowing remote attackers to forge valid signatures through timing analysis and bypass authentication controls. This vulnerability affects the sync_course_run_from_request function and requires no user interaction, though successful exploitation demands careful timing measurements. No patch is currently available for this medium-severity issue.
web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software is affected by cross-site scripting (xss) (CVSS 4.8).
Configuration Manager versions up to 11.0.4-00 is affected by insertion of sensitive information into log file (CVSS 4.7).
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]
URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]
OpenEMR versions prior to 8.0.0 expose complete contact details for all users, organizations, and patients to authenticated attackers with specific FHIR export and location read permissions. The vulnerability requires administrator-enabled OAuth2 confidential client access, limiting exploitation to high-trust server-to-server integrations with established relationships. This information disclosure affects OpenEMR deployments since 2023 and can be mitigated by upgrading to version 8.0.0 or later.
Cisco UCS Manager NX-OS CLI improperly grants excessive privileges to read-only users, allowing authenticated local attackers to modify files and execute privileged actions on affected systems. An attacker with read-only credentials can exploit this privilege escalation to create, overwrite files, or perform limited administrative operations. No patch is currently available.