In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit.
A product has an access control flaw allowing activation token reuse on the password-reset endpoint for unauthorized account takeover.
Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.
Command injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell command construction and achieve arbitrary code execution with full system privileges. The vulnerability stems from insufficient input validation when building and executing system commands with user-supplied data. No patch is currently available, leaving all affected versions vulnerable to complete system compromise.
Craft Commerce versions before 5.5.3 contain stored cross-site scripting (XSS) vulnerabilities in the inventory management interface where product and variant fields lack proper HTML escaping. An attacker can inject malicious JavaScript through these fields that executes in the browsers of any user viewing the inventory page, including administrators, with public exploit code currently available. The vulnerability requires authenticated access and user interaction to exploit but can compromise sensitive administrative functions.
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.
Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting local attackers to execute arbitrary code or trigger denial of service. The vulnerability affects all versions below the patched release, with no currently available remediation for deployed systems. Attackers with local access can leverage malformed input to corrupt the stack and gain code execution privileges.
Out-of-bounds write vulnerability in SICAM SIAPP SDK versions prior to V2.1.7 allows local attackers to corrupt memory and achieve arbitrary code execution or denial of service. The vulnerability requires local access and specific conditions to trigger, but no patch is currently available. Affected organizations using vulnerable SDK versions should immediately implement compensating controls or upgrade to V2.1.7 or later.
Stored XSS in Craft Commerce Order details allows authenticated users to inject malicious scripts through Shipping Method Name, Order Reference, or Site Name fields that execute when administrators view order information. Public exploit code exists for this vulnerability affecting versions before 4.10.2 and 5.5.3. Patches are available to remediate the issue.
Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.
SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.
Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file.
Coral Server has a third missing authorization flaw.
Parse Server has a third vulnerability with missing authorization enabling unauthorized operations.
Coral Server has an IDOR vulnerability enabling cross-user data access.
Parse Server has an incorrect authorization vulnerability enabling unauthorized data access across applications.
SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.
Hitachi Vantara Pentaho has a missing authorization vulnerability enabling unauthorized access to data integration and analytics functions.
A product has missing 2FA rate limiting allowing unlimited brute-force attempts against two-factor authentication codes.
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.
Appsmith platform prior to version 1.96 has a critical stored XSS enabling account takeover through crafted admin panel content.
OneUptime's resend-verification-code endpoint fails to validate user ownership of WhatsApp records, allowing any authenticated attacker to trigger verification code resends for arbitrary users. Public exploit code exists for this vulnerability, which could enable account enumeration or facilitate phishing attacks against other users. The vulnerability affects the UserWhatsAppAPI and UserWhatsAppService components with no patch currently available.
MCP Atlassian server has a path traversal vulnerability enabling unauthorized access to Confluence and Jira data outside the intended scope.
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
Stored cross-site scripting in FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable allows authenticated attackers to inject malicious scripts through share metadata fields that are improperly rendered without HTML escaping. When victims visit affected share URLs, the injected scripts execute in their browsers with full privileges, potentially leading to session hijacking, credential theft, or further compromise. A patch is available in the fixed versions, though exploitation currently shows 0% adoption likelihood.
Remote code execution in Microsoft SharePoint Server through unsafe deserialization of untrusted data allows authenticated attackers to execute arbitrary code with high privileges over the network. The vulnerability requires valid user credentials but no user interaction, making it exploitable by any authorized account. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.
Parse Server's LDAP authentication adapter fails to properly sanitize user input in Distinguished Names and group filters, allowing authenticated attackers to inject LDAP commands and bypass group-based access controls. This vulnerability enables privilege escalation for any valid LDAP user to gain membership in restricted groups, affecting deployments that rely on LDAP group policies for authorization. Patches are available in versions 9.5.2-alpha.13 and 8.6.26.
Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. Organizations running affected SQL Server versions should prioritize access controls and network segmentation until remediation is released.
Remote code execution in Microsoft SharePoint Server allows authenticated users to bypass input validation and execute arbitrary code across the network. This high-severity vulnerability (CVSS 8.8) affects authorized attackers who can leverage improper validation controls to achieve full system compromise. No patch is currently available, making immediate mitigation and access controls critical for affected organizations.
Privilege escalation in System Center Operations Manager via improper input validation enables authenticated network-based attackers to gain elevated system permissions. An attacker with valid credentials can exploit this weakness to compromise administrative access without user interaction. No patch is currently available for this high-severity vulnerability affecting System Center Operations Manager deployments.
Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2, and Windows Server 2012, allowing adjacent network attackers to gain elevated system access without authentication. The vulnerability has a high CVSS score of 8.8 but currently lacks a patch, creating significant risk for exposed systems. Exploitation requires network proximity but no user interaction.
Privilege escalation in Windows Active Directory Domain Services (AD DS) across Windows 11, Windows 10, and Windows Server platforms allows authenticated network attackers to gain elevated privileges by exploiting improper validation of resource naming restrictions. An attacker with valid domain credentials can leverage this vulnerability to escalate their access level without user interaction. Currently, no patch is available, leaving all affected Windows versions vulnerable.
Parse Server versions prior to 9.5.2-alpha.9 and 8.6.22 fail to properly validate OAuth2 token ownership when the useridField option is not configured, allowing attackers with any valid token from the same provider to impersonate arbitrary users. This authentication bypass affects all Parse Server deployments using the generic OAuth2 adapter without the useridField setting. The vulnerability is resolved in patched versions 9.5.2-alpha.9 and 8.6.22.
Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain unauthorized access across the network. This high-severity flaw (CVSS 8.8) affects multiple SQL Server versions with no available patch, allowing attackers with valid credentials to manipulate SQL commands and compromise system integrity. Organizations running these affected versions should implement network segmentation and monitor for suspicious database activity until a patch is released.
Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.
Remote code execution in the zero-shot-scfoundation AI/ML framework results from a vulnerable third-party dependency, enabling unauthenticated attackers to execute arbitrary code over the network with minimal user interaction. This high-severity vulnerability affects systems using the affected component, and no patch is currently available.
Authenticated users can exploit a server-side request forgery vulnerability in Azure MCP Server to escalate their privileges across the network, potentially gaining unauthorized access to sensitive resources. The vulnerability affects Microsoft Azure environments and requires only low attack complexity with no user interaction, making it a significant risk for organizations using this service. No patch is currently available, leaving affected systems exposed to exploitation.
Privilege escalation in Windows 11 (24h2, 26h1) and Windows Server 2022 (23h2) via heap overflow allows authenticated local users to gain system-level access. The vulnerability requires valid credentials but no user interaction, making it a direct path to complete system compromise. No patch is currently available.
Bucket is a MediaWiki extension to store and retrieve structured data on articles. versions up to 2.1.1 is affected by cross-site scripting (xss).
Arbitrary code execution in Firefox versions prior to 148.0.2 results from multiple memory corruption flaws in the browser's memory safety implementation. An unauthenticated attacker can exploit these vulnerabilities through a malicious webpage requiring user interaction to achieve remote code execution with full system privileges. No patch is currently available for this vulnerability.
Firefox for Android versions prior to 148.0.2 contain a heap buffer overflow in the audio/video playback component that allows remote code execution, information disclosure, and denial of service through a malicious media file requiring user interaction. The vulnerability affects all Firefox for Android users and currently lacks a publicly available patch. An attacker can achieve complete system compromise by crafting a specially crafted video or audio file that triggers the buffer overflow when played.
Privilege escalation in StudioCMS versions prior to 0.4.0 enables authenticated Editor-level users to generate API tokens for arbitrary accounts, including administrative and owner roles, due to missing authorization validation on the /studiocms_api/dashboard/api-tokens endpoint. An attacker with basic editor privileges can exploit this to gain full administrative access without requiring the target account's credentials. No patch is currently available for affected installations.
Parse Server's Keycloak authentication adapter fails to validate the authorized party claim in access tokens, allowing tokens issued for one client application to authenticate users on another client within the same Keycloak realm. An authenticated attacker with valid credentials to any client application can exploit this to perform cross-application account takeover against Parse Server instances using Keycloak authentication in multi-client environments. A patch is available in versions 9.5.2-alpha.5 and 8.6.18.
vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8).
Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.
Stored cross-site scripting in Craft Commerce versions before 4.10.2 and 5.5.3 allows authenticated users with high privileges to inject malicious scripts through unescaped Order Status Name fields. Public exploit code exists for this vulnerability, which can be leveraged to execute arbitrary JavaScript in the browser context of other administrators. The vulnerability is restricted by high privilege requirements and user interaction, but affects the integrity and confidentiality of the Commerce Orders management interface.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static function is vulnerable to path traversal because sanitization runs before percent-decoding.
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(),...
Authentication enforcement in Istio service mesh fails open: prior to 1.29.1, 1.28.5, and 1.27.8, when the JWKS resolver is unavailable or a key fetch fails, the proxy falls back to hardcoded defaults instead of denying the request, undermining JWT validation configured via the RequestAuthentication resource and exposing protected services to unauthorized access. The flaw (CWE-200, vendor CVSS 4.0 8.7) is remotely reachable without authentication, but is conditioned on a JWKS fetch failure. There is no public exploit identified at time of analysis, EPSS is very low (0.05%, 15th percentile), and it is not listed in CISA KEV.