Arbitrary code execution in Agenta-API prior to version 0.48.1 allows authenticated users to escape the RestrictedPython sandbox through unsafe whitelisting of the numpy package, enabling execution of arbitrary system commands on the API server. The vulnerability leverages numpy.ma.core.inspect to access Python introspection utilities and bypass sandbox restrictions. Public exploit code exists for this vulnerability, and no patch is currently available.
Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]
Stored XSS in Initiative project management platform versions before 0.32.4 allows authenticated users with upload permissions to execute arbitrary JavaScript by uploading malicious HTML files that are served without sandboxing under the application's origin. An attacker can exploit this to steal authentication tokens, session cookies, and other sensitive data from other users, or trick them into executing malicious scripts by sharing direct file links. Public exploit code exists and no patch is currently available.
Unitree Go2 robots running firmware versions V1.1.7-V1.1.9 and V1.1.11 (EDU) lack authentication controls on the DDS actuator API, allowing network-adjacent attackers to inject and execute arbitrary Python code as root by publishing a crafted message. Public exploit code exists for this vulnerability, which enables persistent code execution through controller keybindings that survive reboots. No patch is currently available.
Hoppscotch prior to version 2026.2.0 contains authorization bypass vulnerabilities in its environment management APIs that allow any authenticated user to read, modify, or delete other users' environments without ownership validation. The affected mutations lack proper user identity verification, enabling attackers to access stored API keys, authentication tokens, and secrets contained within targeted environments. Public exploit code exists for this vulnerability and no patch is currently available.
Initiative project management platform versions before 0.32.4 fail to revoke JWT tokens when users change their passwords, allowing authenticated attackers with knowledge of old credentials to maintain API access through unexpired tokens. An attacker can exploit this to access protected endpoints and sensitive project data even after legitimate password changes. Public exploit code exists for this vulnerability.
Stack buffer overflow in GPAC's NHML file parser (versions up to 26.02.0) allows local attackers to achieve code execution by crafting malicious XML files with oversized xmlHeaderEnd attributes that bypass length validation. The vulnerability stems from unsafe use of strcpy() in src/filters/dmx_nhml.c and affects systems processing untrusted NHML files. Public exploit code exists for this vulnerability, though a patch is available.
Fastcms versions prior to 0.1.6 contain a code injection vulnerability in the PluginController component that allows local attackers with user-level privileges to execute arbitrary code with full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available. Java environments running affected Fastcms instances are at risk of privilege escalation and complete system takeover.
Unauthenticated attackers can exploit a path traversal vulnerability in WP Responsive Images plugin for WordPress (all versions up to 1.0) through the 'src' parameter to read arbitrary files from the server. This allows unauthorized access to sensitive information stored on affected WordPress installations. No patch is currently available.
Host header injection in Koa's ctx.hostname API (versions prior to 2.16.4 and 3.1.2) allows remote attackers to inject arbitrary hostnames through malformed Host headers containing @ symbols, affecting applications that use this API for security-sensitive operations like URL generation, password reset links, and email verification. Public exploit code exists for this vulnerability. Applications relying on ctx.hostname for routing decisions or generating user-facing URLs are at risk of credential theft, account compromise, and phishing attacks.
Remote code execution in Manyfold prior to version 0.133.0 allows authenticated users to execute arbitrary commands by uploading a ZIP archive with specially crafted filenames containing shell metacharacters that are passed unsanitized to Ruby backtick execution. The vulnerability affects the model render generation feature and requires an attacker to be logged in, with public exploit code currently available. A patch is available in version 0.133.0 and later.
Minimatch versions before 3.1.3 through 10.2.3 suffer from catastrophic backtracking in glob pattern matching when processing multiple GLOBSTAR segments, allowing attackers who control glob patterns to trigger exponential time complexity and cause denial of service. Public exploit code exists for this vulnerability, and affected Node.js applications using vulnerable Minimatch versions are at immediate risk. No patch is currently available, requiring users to upgrade to patched versions or implement input validation as a mitigation.
Minimatch versions prior to 10.2.3 (and earlier affected versions) suffer from ReDoS vulnerabilities in nested extglob patterns that generate regexps with catastrophic backtracking, allowing remote attackers to cause denial of service with minimal input. A 12-byte glob pattern like `*(*(*(a|b)))` combined with an 18-byte non-matching string can hang the application for 7+ seconds, with larger patterns stalling for minutes. Public exploit code exists and no patch is currently available, making this a critical risk for any application using the default minimatch API.
Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitize malicious filenames, allowing attackers to write files outside the intended sandbox directory through crafted extension archives. Public exploit code exists for this vulnerability. An attacker can exploit this by distributing a malicious extension that, when installed, deposits files in arbitrary locations on the affected system.
Actual personal finance application prior to version 26.2.1 fails to enforce access controls on multi-user sync API endpoints, allowing any authenticated user to read, modify, or overwrite other users' budget files. Public exploit code exists for this vulnerability. Update to version 26.2.1 or later to remediate.
Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers to read and write arbitrary files outside the project directory and bypass workspace boundary protections. This vulnerability can expose sensitive user data to language models and leak private files despite configured exclusions. Public exploit code exists and no patch is currently available.
Remote code execution in c3p0 (a Java JDBC connection-pooling library) before v0.12.0 allows an attacker who can set the `userOverridesAsString` property of a `ConnectionPoolDataSource` - or inject a crafted serialized object or `javax.naming.Reference` - to load and run arbitrary code on the application's CLASSPATH. The flaw stems from storing this writable Java-Bean property as a hex-encoded Java-serialized object, and is amplified by its dependency mchange-commons-java, which mirrored legacy JNDI behavior with ungated support for remote `factoryClassLocation` values, enabling download and execution of attacker-hosted classes. EPSS is low (0.15%) and there is no public exploit identified at time of analysis, though deserialization/JNDI gadget techniques against this library are publicly documented.
Arbitrary file upload in User Frontend plugin for WordPress (versions up to 4.2.8) allows authenticated users with Author-level privileges to bypass file type validation and upload malicious files to the server. This can lead to remote code execution if an attacker uploads executable files to web-accessible directories. The vulnerability remains unpatched and affects all versions through 4.2.8.
Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.
SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.
Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full administrator access by modifying their own user profile with an IsAdmin flag set to true. The vulnerability exists because the server fails to properly validate and restrict the IsAdmin field during profile updates, allowing the privilege change to persist after re-authentication. Affected deployments require immediate patching to version 2.1.3 or later to prevent unauthorized administrative access.
Authenticated attackers can execute arbitrary code on Agenta API servers through server-side template injection in the evaluator template rendering functionality, affecting self-hosted and managed platform deployments prior to version 0.86.8. The vulnerability requires valid credentials but allows complete compromise of the affected server with high confidentiality, integrity, and availability impact. Organizations running Agenta should upgrade to version 0.86.8 or later immediately.
SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the order_key parameter and inject arbitrary SQL commands through improper identifier handling in ORDER BY clauses. An attacker with valid credentials can exploit this vulnerability to perform blind SQL injection attacks, potentially extracting sensitive database information or causing denial of service through resource exhaustion. No patch is currently available for this high-severity vulnerability affecting MySQL implementations.
Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.
Kibana versions up to 9.3.0 contains a vulnerability that allows attackers to read arbitrary files from the Kibana server filesystem, and perform Server-Side (CVSS 8.6).
Arbitrary code execution in Flair's LanguageModel class (versions 0.4.1 and later) allows local attackers to execute arbitrary commands by crafting malicious ML model files that exploit unsafe deserialization. Affected users loading untrusted models from external sources face complete system compromise with no patch currently available. This vulnerability impacts all AI/ML applications using Flair's model loading functionality.
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. [CVSS 8.2 HIGH]
Unauthenticated attackers can bypass authentication in the WordPress User Registration & Membership plugin (versions up to 5.1.2) due to flawed logic in the user registration function, allowing them to gain unauthorized access to newly created accounts. The vulnerability requires specific conditions but poses a high risk due to the network-accessible nature of the attack and the lack of authentication requirements. No patch is currently available for affected installations.
Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.
FinalCode Client installer by Digital Arts Inc. improperly configures file permissions, enabling local non-administrative users to execute arbitrary code with SYSTEM-level privileges. This privilege escalation affects all users of the affected installer versions and allows attackers to achieve complete system compromise. No patch is currently available for this vulnerability.
Arbitrary code execution in NVDA Dev & Test Toolbox versions 2.0-8.0 through unsafe evaluation of Python expressions embedded in log files. An attacker can trick users into opening a malicious log file and reading it with the add-on's log reader commands, causing arbitrary code execution under the user's privileges without requiring elevated permissions or user interaction beyond opening the file.
Arbitrary command execution in WPGraphQL's GitHub Actions workflow allows attackers with pull request creation privileges to inject shell commands through unvalidated pull request body content, potentially compromising the build environment and repository integrity. The vulnerability affects WPGraphQL versions prior to 2.9.1 and requires low privileges and user interaction to exploit. No patch is currently available for affected deployments.
Cross-site scripting in Angular's internationalization (i18n) pipeline allows attacker-controlled JavaScript to execute in the application origin when a poisoned translation file is merged into an app. The flaw affects Angular versions before 21.2.0, 21.1.16, 20.3.17, and 19.2.19, where HTML inside ICU (International Components for Unicode) messages from translated content was not sanitized before rendering. Exploitation is not open to arbitrary users - it requires first compromising a translation file (xliff, xtb, etc.), so this is effectively a supply-chain/third-party-translation risk; EPSS is very low (0.04%, 13th percentile) and there is no public exploit identified at time of analysis.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025. [CVSS 7.6 HIGH]
The WP SMS plugin for WordPress through version 6.9.12 contains an SQL injection vulnerability that allows high-privileged authenticated users to manipulate database queries and extract sensitive information. An attacker with administrative credentials could exploit this to read arbitrary data from the WordPress database, potentially compromising user information and site configuration. No patch is currently available for this vulnerability.
Spip versions up to 4.4.10 contains a vulnerability that allows attackers to access protected information (CVSS 7.5).
Unauthenticated access to uploaded files in Initiative project management platform prior to version 0.32.2 allows remote attackers to retrieve sensitive documents by directly accessing the unprotected /uploads/ directory. The vulnerability stems from missing authentication and authorization controls on file serving, enabling disclosure of confidential project data without requiring any credentials. Initiative versions 0.32.2 and later contain patches to restrict access to uploaded documents.
TinyWeb versions prior to 2.02 are vulnerable to denial of service through memory exhaustion when unauthenticated attackers send HTTP POST requests with extremely large Content-Length headers, causing the server to allocate unbounded memory and crash. The vulnerability affects all organizations running vulnerable TinyWeb instances, and patch version 2.02 addresses it by implementing a 10MB maximum entity body size limit.
TinyWeb versions prior to 2.02 lack connection limits and request timeouts, enabling unauthenticated remote attackers to trigger denial of service through Slowloris attacks by maintaining numerous concurrent connections and transmitting data at minimal rates. The vulnerability affects all systems running vulnerable TinyWeb instances, with attackers capable of exhausting server resources and rendering services unavailable. A patch is available that implements connection limits and idle timeouts to mitigate the attack vector.
Improper input validation in TerriaJS-Server versions before 4.0.3 allows unauthenticated remote attackers to bypass domain allowlist restrictions and proxy requests to arbitrary domains. This vulnerability affects Node.js deployments of TerriaJS and could enable attackers to access restricted resources or perform server-side request forgery attacks. A patch is available in version 4.0.3 and later.
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic [CVSS 7.5 HIGH]
Umbraco Engage versions prior to 16.2.1 and 17.1.1 expose unauthenticated API endpoints that lack access control, allowing remote attackers to retrieve sensitive data by directly querying endpoints with arbitrary identifier parameters. An attacker can enumerate records at scale without authentication or valid session credentials, potentially exposing confidential business intelligence information. No patch is currently available for affected installations.
Heap buffer over-read vulnerability in rldns DNS server version 1.3 allows remote attackers to trigger denial of service without authentication or user interaction. The flaw enables reading beyond allocated memory boundaries, causing the service to crash. Version 1.4 addresses this issue, though no patch is currently available for affected 1.3 deployments.
Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.
Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.
Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 contain an insecure direct object reference (IDOR) in the directory items endpoint that allows unauthenticated attackers to retrieve private user field values for all directory users. The vulnerability stems from missing authorization checks on the user_field_ids parameter, enabling bulk exfiltration of sensitive user data that should be restricted by visibility settings. No patch is currently available for affected deployments.
Discourse instances with an unconfigured patreon_webhook_secret allow remote attackers to forge valid webhook signatures using an empty HMAC-MD5 key, enabling arbitrary creation, modification, or deletion of Patreon pledge data and unauthorized patron synchronization. The vulnerability affects Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0, and currently lacks an available patch. Administrators must explicitly configure the patreon_webhook_secret setting or upgrade to patched versions to mitigate this integrity attack.
Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.
Stylemix uListing versions 2.2.0 and earlier contain an unsafe deserialization vulnerability that enables object injection attacks, allowing authenticated attackers with high privileges to execute arbitrary code on affected systems. With no available patch, this vulnerability presents a significant risk to organizations running vulnerable versions of the plugin. The network-accessible nature of the flaw (CVSS 7.2) means exploitation requires only valid credentials to trigger the attack.
Heap-based buffer overflow in Golioth Pouch 0.1.0 (prior to commit 1b2219a1) lets an adjacent, unauthenticated BLE client corrupt device memory through the GATT server-certificate characteristic. The server_cert_write() handler sizes a heap buffer once on the first fragment but appends later fragments with memcpy() and no bounds check, so an oversized fragmented write overflows the allocation, crashing the device and potentially corrupting adjacent heap data. EPSS is negligible (0.01%, 3rd percentile) and there is no public exploit identified at time of analysis, but the flaw is remotely reachable within BLE range without credentials.