Heap buffer overflow in dr_libs 0.14.4 and earlier allows attackers to corrupt memory by supplying maliciously crafted WAV files to any application using drwav_init_*_with_metadata() functions. The vulnerability exploits inconsistent validation of sample loop counts between processing passes, enabling 36 bytes of attacker-controlled data to overflow heap allocations. Public exploit code exists for this vulnerability.
Command injection in PhialsBasement nmap-mcp-server allows authenticated remote attackers to execute arbitrary system commands through the Nmap CLI Command Handler component due to improper input sanitization in child_process.exec. Public exploit code exists for this vulnerability, and affected users should apply the available patch to remediate the risk.
Reflected cross-site scripting in OpenSTAManager v2.9.8 and earlier allows unauthenticated attackers to inject malicious scripts through unsanitized GET parameters in invoice/order/contract modification interfaces. Public exploit code exists for this vulnerability, affecting all users of the software. An attacker can steal session tokens, perform unauthorized actions, or compromise user browsers when victims interact with crafted malicious links.
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. [CVSS 6.1 MEDIUM]
Dify versions prior to 1.11.2 contain a stored cross-site scripting vulnerability in Mermaid diagram rendering due to insecure default security configurations, allowing authenticated attackers with user interaction to inject and execute malicious scripts with cross-site impact. Public exploit code exists for this vulnerability, affecting users and developers of the Dify LLM application development platform. A patch is available in version 1.11.2 and later.
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. [CVSS 6.6 MEDIUM]
Improper input validation in IBM webMethods API Gateway and API Management allows authenticated attackers to read arbitrary files on the server by supplying a file:// URI to the /createapi endpoint instead of the expected https:// schema. Affected versions include webMethods API Gateway 10.11 through 11.1_Fix7 and webMethods API Management on-premises installations. No patch is currently available for this medium-severity vulnerability.
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. [CVSS 6.5 MEDIUM]
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. [CVSS 6.5 MEDIUM]
Calendar Booking Plugin for Appointments and Event versions up to 5.2.7 is affected by sql injection (CVSS 6.5).
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component. [CVSS 6.3 MEDIUM]
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component. [CVSS 6.3 MEDIUM]
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component. [CVSS 6.3 MEDIUM]
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. [CVSS 6.2 MEDIUM]
Fireware OS Web UI contains a reflected XSS vulnerability that allows attackers to execute arbitrary JavaScript in authenticated administrators' browsers through crafted links, affecting versions 12.7-12.11.7 and 2025.1-2026.1.1. An attacker can leverage this to perform administrative actions or steal session credentials from targeted management users who click malicious links. No patch is currently available.
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. [CVSS 6.1 MEDIUM]
Devops Plan versions up to 3.0.5 is affected by improper restriction of excessive authentication attempts (CVSS 5.9).
Mq Appliance versions up to 9.4.4.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive...
s mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions up to 9.40.123. is affected by cleartext storage of sensitive information (CVSS 5.7).
in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration versions up to 9.10.017 is affected by cleartext transmission of sensitive information (CVSS 5.6).
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. [CVSS 5.5 MEDIUM]
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service. [CVSS 5.5 MEDIUM]
Engineering Requirements Management Doors Next versions up to 7.1 is affected by missing authorization (CVSS 5.4).
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. [CVSS 5.3 MEDIUM]
AI ChatBot with ChatGPT and Content Generator by AYS (WordPress plugin) is affected by missing authorization (CVSS 5.3).
DOMPurify versions 2.5.3-2.5.8 and 3.1.3-3.3.1 fail to sanitize attribute values within certain rawtext HTML elements (noscript, xmp, noembed, noframes, iframe), allowing attackers to inject malicious scripts that execute when sanitized content is rendered in these contexts. An attacker can exploit this by embedding JavaScript payloads in HTML attributes, bypassing DOMPurify's sanitization to achieve cross-site scripting. A patch is available in commit 729097f.
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. [CVSS 5.3 MEDIUM]
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
Aspera Faspio Gateway versions up to 1.3.6 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.1).
Homebox prior to 0.24.0-rc.1 allows authenticated users to trigger HTTP POST requests to arbitrary destinations through the notifier feature without host or port validation, enabling attackers to enumerate internal services by observing application behavior differences based on network responses. The vulnerability affects all users with authentication access to the notifier functionality and carries a medium risk due to its reliance on behavioral side-channels rather than direct information disclosure.
Improper use of cryptographic functions in IBM MQ versions 9.1 through 9.4 allows local attackers with user privileges to modify message integrity through user interaction. The vulnerability affects multiple LTS and CD releases across the supported product line, with no patch currently available. An attacker could manipulate messages in transit to alter their content without detection.
WatchGuard Fireware OS contains a filesystem integrity bypass vulnerability in versions 12.0-12.11.7, 12.5.9-12.5.16, and 2025.1-2026.1.1 that allows authenticated attackers with high privileges to deploy malicious firmware updates and establish limited persistence on affected appliances. An attacker could circumvent security checks designed to validate firmware authenticity, though currently no patch is available.
Websphere Application Server versions up to 26.0.0.2 is affected by use of hard-coded cryptographic key (CVSS 4.7).
Stored XSS in Homebox prior to 0.24.0-rc.1 allows authenticated users to upload malicious HTML or SVG files containing executable JavaScript that runs in the application's security context when accessed by other users. An attacker with valid credentials can exploit improper file type validation in the attachment upload feature to execute arbitrary scripts against victims viewing the malicious files. The vulnerability has been patched in version 0.24.0-rc.1.
GLPI Inventory Plugin versions prior to 1.6.6 contain a reflected cross-site scripting vulnerability in task jobs that allows authenticated attackers with high privileges to execute malicious scripts in users' browsers. An attacker can exploit this by crafting a malicious link to inject arbitrary HTML or JavaScript when a user clicks it, potentially leading to session hijacking or credential theft. No patch is currently available for affected installations.
Infosphere Information Server versions up to 11.7.1.6 is affected by insertion of sensitive information into log file (CVSS 4.3).
Impact versions up to 19.11.2.10-20210118042150283 is affected by cross-site scripting (xss) (CVSS 4.1).