NocoDB versions before 0.301.3 allow authenticated attackers to inject malicious JavaScript through rich text cell content that is rendered without sanitization, enabling stored cross-site scripting attacks. An attacker with user access can craft malicious payloads that execute in the browsers of other users viewing affected cells, potentially compromising session data or performing unauthorized actions. No patch is currently available for affected deployments.
Stored cross-site scripting in NocoDB versions before 0.301.3 allows authenticated users to inject malicious scripts through comments and rich text cells that execute in other users' browsers due to unsanitized HTML rendering. An attacker with login credentials can exploit this to steal session tokens, perform unauthorized actions, or compromise other database users accessing the same NocoDB instance. No patch is currently available for affected deployments.
NocoDB versions prior to 0.301.3 are vulnerable to stored cross-site scripting (XSS) through improperly sanitized comment rendering via v-html, allowing authenticated users to inject malicious scripts that execute in other users' browsers. An attacker with login access could craft malicious comments to steal session tokens, perform unauthorized actions, or deface the application interface for other users. A patch is available in version 0.301.3 and later.
NocoDB versions prior to 0.301.3 allow authenticated Editor-role users to inject arbitrary HTML into Rich Text cells by bypassing client-side validation and sending malicious payloads directly through the API. This stored XSS vulnerability affects any NocoDB instance where untrusted users have Editor access, potentially enabling malicious script execution in the browsers of users viewing affected cells. No patch is currently available for this vulnerability.
Stored XSS in NocoDB versions before 0.301.3 allows authenticated users to execute arbitrary JavaScript in other users' browsers through malicious formulas in virtual cells. The vulnerability exploits unsanitized rendering of URI patterns in formula results, enabling attackers to steal session tokens, manipulate data, or perform actions on behalf of victims. No patch is currently available for affected deployments.
NocoDB versions prior to 0.301.3 store shared view passwords in plaintext and validate them using simple string comparison, allowing attackers with database access to trivially recover authentication credentials. This affects all users relying on shared view password protection for access control. No patch is currently available for affected deployments.
Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.
Out-of-bounds memory read in FreeType 2.13.2 and 2.13.3 occurs during parsing of OpenType variable font tables (HVAR/VVAR/MVAR) due to an integer overflow in the tt_var_load_item_variation_store function. Local attackers with user interaction can exploit this by crafting malicious font files to trigger the vulnerability and read sensitive memory. The issue is resolved in FreeType 2.14.2.
Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).
Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.
Android versions up to 14.0 contains a vulnerability that allows attackers to local denial of service if a malicious actor has already obtained the System pri (CVSS 4.4).
Android's display component fails to validate buffer boundaries during read operations, allowing a system-privileged attacker to access sensitive memory contents without user interaction. This out-of-bounds read vulnerability enables local information disclosure to any malicious process running with System privileges. No patch is currently available to address this issue.
Android's display component contains an out-of-bounds read vulnerability stemming from insufficient bounds validation, allowing system-privileged attackers to disclose sensitive memory contents without user interaction. The vulnerability requires pre-existing system-level access but poses a high confidentiality risk through local information disclosure. No patch is currently available.
Android's display subsystem crashes due to a use-after-free memory error that allows a privileged local attacker to trigger a denial of service without user interaction. Exploitation requires pre-existing system-level access, limiting impact to scenarios where an attacker has already compromised the device at the highest privilege level. No patch is currently available for this vulnerability.
Android's imgsys component is vulnerable to a use-after-free condition that enables local denial of service attacks. Exploitation requires system-level privileges and causes immediate system crashes without user interaction. No patch is currently available for this vulnerability.
Android MAE component is vulnerable to a use-after-free condition that can trigger a system crash, resulting in denial of service for devices where an attacker has already obtained system-level privileges. No user interaction is required for exploitation. Currently, no patch is available for this vulnerability.
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls. [CVSS 4.3 MEDIUM]
MediaProvider on Android lacks proper permission validation in the isRedactionNeededForOpenViaContentResolver function, allowing local attackers to infer the precise locations of media files without requiring special privileges or user interaction. This information disclosure vulnerability affects any application with local access to the device, and while the CVSS score is moderate, no patch is currently available.