API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. [CVSS 7.2 HIGH]
Stored XSS in WPBookit plugin through version 1.0.8 allows unauthenticated attackers to inject malicious scripts via user name and email fields due to improper input validation. When site visitors access pages containing the injected payload, the scripts execute in their browsers, potentially compromising user sessions and data. No patch is currently available for this vulnerability.
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. [CVSS 7.2 HIGH]
Remote code execution in Craft CMS versions before 5.8.22 and 4.16.18 can be achieved by authenticated administrators or users with System Messages access by injecting malicious Twig payloads through the map filter in configurable text fields. An attacker with admin-level privileges and allowAdminChanges enabled, or non-admin access to System Messages utilities, can execute arbitrary code on the affected server. A patch is available and users should update immediately to mitigate this risk.
The PostX WordPress plugin versions up to 5.0.8 contains a server-side request forgery vulnerability in its REST API endpoints that allows authenticated administrators to make arbitrary web requests from the server to internal or external systems. This could enable attackers with admin privileges to query, exfiltrate, or modify data from internal services accessible to the web server. No patch is currently available for this vulnerability.
Access Commander contains a vulnerability that allows attackers to bypass password policy for backup file encryption (CVSS 7.2).
Cisco Secure Firewall ASA in multi-context mode contains an access control bypass in SCP operations that allows authenticated local administrators of one context to read, modify, or create files in other contexts, including sensitive admin and system configuration files. The vulnerability stems from improper validation of cross-context file access when the CiscoSSH stack is enabled. No patch is currently available for this high-severity flaw.
Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.
Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.
Device reloads in Cisco Secure Firewall Threat Defense can be triggered by unauthenticated remote attackers sending specially crafted TLS 1.2 traffic through the SSL decryption feature, exploiting improper memory management in the Do Not Decrypt exclusion logic. The vulnerability requires specific network conditions and TLS 1.2 traffic to trigger, resulting in denial of service with no authentication required. No patch is currently available for this medium-severity issue affecting Cisco and TLS implementations.
Rancher Backup And Restore Operator is affected by insertion of sensitive information into log file (CVSS 6.8).
Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.
Denial of service in Cisco Secure Firewall ASA and Secure FTD devices results from improper validation of OSPF link-state update packets, allowing authenticated adjacent attackers with the OSPF secret key to trigger heap corruption and forced device reloads. An attacker can exploit this by crafting malicious OSPF packets to crash affected devices, causing service disruption. No patch is currently available for this vulnerability.
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 contain an uncontrolled search path vulnerability that allows high-privileged local attackers to achieve privilege escalation, information disclosure, and denial of service. The vulnerability requires local access and high privileges to exploit, making it suitable primarily for insider threats or attackers who have already gained initial system access. No patch is currently available for affected systems.
Incorrect default file permissions in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 allow high-privileged local attackers to achieve code execution, privilege escalation, and information disclosure. The vulnerability requires local access and high privileges to exploit, but no patch is currently available. Affected organizations should implement access controls and monitor for unauthorized local activity until an update is released.
Privilege escalation in Dell PowerScale OneFS versions before 9.10.1.6 and 9.11.0.0 through 9.12.0.1 stems from incorrect privilege assignment that allows local attackers with low privileges to gain elevated access. An attacker with local system access and user interaction can exploit this vulnerability to achieve complete system compromise through unauthorized privilege elevation.
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt!
Hono versions up to 4.12.4 contains a vulnerability that allows attackers to injection of additional SSE fields within the same event frame if untrusted inpu (CVSS 6.5).
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts. [CVSS 6.5 MEDIUM]
SQL injection in Cisco Secure FMC REST API allows authenticated attackers with administrative privileges to read sensitive database contents and operating system files. The vulnerability stems from insufficient input validation on API endpoints and requires valid credentials (Administrator, Security Approver, Access Admin, or Network Admin roles) to exploit. No patch is currently available.
SQL injection in the Email Subscribers by Icegram Express WordPress plugin through version 5.9.16 allows authenticated administrators to execute arbitrary database queries via the 'workflow_ids' parameter due to insufficient input escaping. An attacker with admin-level access could exploit this to extract sensitive information from the database. No patch is currently available for this vulnerability.
Cisco Secure Firewall Threat Defense (FTD) devices can be forcibly rebooted by authenticated local attackers through improper input validation in CLI commands, resulting in denial of service. This vulnerability affects low-privileged accounts and requires no user interaction to exploit. No patch is currently available.
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]
Gutena Forms plugin for WordPress allows authenticated Contributor-level users to modify arbitrary site options through insufficient authorization checks in the save_gutena_forms_schema() function (versions up to 1.6.0), enabling attackers to alter critical settings such as user registration policies or inject malicious configurations. This integrity vulnerability could be exploited to disable site functionality or bypass security configurations without administrative credentials.
The WP-Members Membership Plugin for WordPress through version 3.5.5.1 contains a SQL injection vulnerability in the [wpmem_user_membership_posts] shortcode's 'order_by' parameter due to insufficient input escaping and query preparation. Authenticated attackers with Contributor-level access or higher can exploit this to execute arbitrary SQL queries and extract sensitive database information. No patch is currently available.
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. [CVSS 6.5 MEDIUM]
The @opennextjs/cloudflare package is vulnerable to Server-Side Request Forgery (SSRF) through a path normalization bypass in the /cdn-cgi/image/ handler, where attackers can use backslash substitution to evade edge interception and trigger arbitrary remote URL fetches. This affects production deployments that rely on Cloudflare's edge to block such requests, allowing attackers to access internal resources or perform outbound requests to attacker-controlled servers. A patch is available.
Envira Gallery for WordPress (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Stored XSS in My Calendar WordPress plugin (versions up to 3.7.3) allows authenticated contributors to inject malicious scripts via the template shortcode attribute, which bypasses sanitization through improper use of stripcslashes() at render time. When users access pages containing the injected shortcode, the malicious scripts execute in their browsers. No patch is currently available.
Reflected XSS in the All-in-One Video Gallery WordPress plugin through version 4.7.1 allows unauthenticated attackers to inject malicious scripts via the 'vi' parameter due to improper input validation. An attacker can craft a malicious link that, when clicked by a victim, executes arbitrary JavaScript in their browser session. No patch is currently available.
Cisco Webex is vulnerable to reflected cross-site scripting (XSS) attacks due to insufficient input validation, allowing unauthenticated attackers to inject malicious scripts by tricking users into clicking crafted links. Successful exploitation could enable attackers to steal session tokens, redirect users, or perform actions on behalf of targeted victims. Although Cisco has released a fix, no patch is currently available for this MEDIUM severity vulnerability.
Memory corruption in Cisco Secure Firewall ASA and FTD OSPF packet processing allows adjacent, unauthenticated attackers to crash affected devices by sending crafted protocol packets. The vulnerability results in device reboot and denial of service, with no authentication or user interaction required. No patch is currently available.
Reflected XSS in Cisco Secure Firewall ASA and FTD SAML 2.0 authentication allows unauthenticated attackers to steal sensitive browser-based information by tricking users into clicking malicious links. The vulnerability stems from inadequate input validation of HTTP parameters in the SSO feature and requires user interaction to exploit. No patch is currently available.
Cross-site scripting (XSS) in the VPN web services component of Cisco Secure Firewall ASA and FTD allows unauthenticated remote attackers to inject malicious scripts that execute in a user's browser when visiting a crafted link. An attacker can exploit this through improper input validation to execute arbitrary HTML or JavaScript in the context of the VPN web server. No patch is currently available for this medium-severity vulnerability.
Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.
Insufficient input sanitization in select CLI commands on Cisco Secure Firewall ASA and FTD Software allows authenticated local administrators to execute arbitrary code as root by injecting malicious Lua code. An attacker with valid administrator credentials can craft specially formatted parameters to achieve code execution with elevated privileges. No patch is currently available.
CLI of Cisco Secure FTD Software contains a vulnerability that allows attackers to execute commands on the underlying operating system as root (CVSS 6.0).
Cisco Secure Firewall Management Center lockdown bypass allows authenticated local administrators to execute arbitrary commands as root by sending crafted CLI input that exploits insufficient restrictions on remediation modules. An attacker with valid admin credentials can circumvent lockdown protections to achieve full system compromise. No patch is currently available.
Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software contains a vulnerability that allows attackers to execute commands on the underlying operating system with root-level privileges (CVSS 6.0).
Insufficient input validation in Cisco Secure FTD Software's CLI allows authenticated local administrators to execute arbitrary commands with root privileges by submitting specially crafted arguments to specific commands. An attacker with valid administrative credentials can exploit this to gain complete control over the underlying operating system. No patch is currently available.
Unauthenticated remote attackers with admin credentials can exploit insufficient path validation in Cisco Secure Firewall Management Center and Threat Defense sftunnel functionality to write arbitrary files with root privileges on the underlying operating system. By crafting malicious directory paths during file synchronization, an attacker could create or overwrite critical system files. No patch is currently available for this vulnerability.
OpenDeck is Linux software for your Elgato Stream Deck. versions up to 2.8.1 is affected by path traversal.
Cisco Snort 3 Detection Engine can be remotely restarted by an unauthenticated attacker through crafted HTTP packets exploiting improper JavaScript normalization in the JSTokenizer logic, causing a denial of service condition that interrupts packet inspection. The vulnerability requires the JSTokenizer feature to be enabled and can be triggered via an established network connection without authentication. No patch is currently available.
Unauthenticated remote attackers can crash the Snort 3 Detection Engine by sending crafted HTTP packets with malformed Multicast DNS fields, causing a denial of service that interrupts packet inspection across multiple Cisco products. The vulnerability stems from incomplete error checking in HTTP header parsing and requires no authentication or user interaction to trigger. No patch is currently available for this MEDIUM severity issue.
Snort 3 Detection Engine crashes when processing malformed VBA data due to improper decompression error handling, allowing unauthenticated remote attackers to trigger denial-of-service conditions across multiple Cisco products. An attacker can exploit this vulnerability by sending crafted VBA payloads to cause unexpected engine restarts without requiring authentication or user interaction. No patch is currently available for this medium-severity flaw.
Denial of service in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to crash the detection engine by sending maliciously crafted VBA data. The vulnerability stems from insufficient error checking during VBA data processing, enabling attackers to trigger unexpected restarts of the Snort 3 Detection Engine. No patch is currently available for this medium-severity issue affecting multiple Cisco products.
Improper error checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger an infinite loop by sending specially crafted VBA data, causing a denial of service condition. The vulnerability affects multiple Cisco products and requires no user interaction or authentication to exploit. No patch is currently available.