Arbitrary code execution in Fortinet FortiWeb 7.0.2 through 8.0.2 stems from a stack-based buffer overflow triggered by crafted HTTP requests from authenticated attackers who can bypass stack protection mechanisms. The vulnerability affects multiple FortiWeb versions and requires high privileges and specific conditions to exploit, though no patch is currently available. An authenticated attacker with sufficient privileges could leverage this flaw to execute arbitrary commands on affected systems.
Flare versions before 1.7.3 contain a path traversal vulnerability in the avatar endpoint that allows authenticated users to read arbitrary files from the application container by exploiting unsanitized filename parameters. Any user with login access, including self-registered accounts on instances with open registration enabled (default configuration), can enumerate and retrieve sensitive files accessible to the Node.js process. The vulnerability requires authentication but poses a significant confidentiality risk on publicly accessible Flare instances without registration restrictions.
Fortinet FortiDeceptor versions 4.0 through 6.2.0 are vulnerable to argument injection that allows authenticated super-admin users with CLI access to delete sensitive files through crafted HTTP requests. The vulnerability requires high-level privileges and direct CLI access to exploit, limiting the attack surface to trusted administrators. No patch is currently available for this issue.
Windows Kerberos authentication in Server 2012 and Windows 10 (versions 1607, 1809) contains a race condition that enables unauthenticated remote attackers to circumvent security feature protections. The synchronization flaw in concurrent resource access allows attackers to bypass intended security controls without user interaction over the network. No patch is currently available for this vulnerability.
Appium's ZIP extraction function in @appium/support versions prior to 7.0.6 fails to properly enforce path traversal protections, allowing attackers to extract malicious ZIP files that write arbitrary files outside the intended directory. The vulnerability stems from an Error object that is created but never thrown, enabling Zip Slip attacks across all JavaScript-based extraction operations. An attacker can exploit this by crafting a malicious ZIP archive to overwrite sensitive files on systems using affected versions.
Medium severity vulnerability in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.
Authenticated users in Sylius eCommerce can access sensitive customer data belonging to other users through unvalidated resource IDs in LiveComponent parameters, including checkout addresses and shopping carts. The vulnerability exists because LiveArg parameters lack ownership validation when loading resources by ID, allowing attackers to enumerate and retrieve private information such as names, contact details, and order information without proper authorization checks.
Parse Server versions prior to 9.5.2-alpha.6 and 8.6.19 allow authenticated users to bypass field protection checks by nesting query constraints within logical operators, enabling unauthorized extraction of protected field values. This vulnerability affects all Parse Server deployments with default protected fields, as the validation mechanism only inspects top-level query keys. A patch is available in the specified versions.
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server. [CVSS 6.5 MEDIUM]
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges. [CVSS 6.5 MEDIUM]
PowerSync Service 1.20.0 with config.edition: 3 fails to enforce subquery filters in sync streams, allowing authenticated users to access data that should be restricted based on their permissions. The vulnerability affects only configurations using unpartitioned subqueries for synchronization gating and is resolved in version 1.20.1. No patch is currently available for affected deployments.
Firefox's CSS parsing engine fails to properly enforce same-origin policy restrictions, allowing attackers to perform unauthorized modifications to web content across different origins through user interaction. Versions prior to 148.0.2 are affected, and the vulnerability requires user engagement to exploit. No patch is currently available, leaving vulnerable installations at risk of data integrity attacks.
Missing authorization controls in SAP NetWeaver Application Server for ABAP allow authenticated attackers to invoke specific function modules that manipulate the database configuration table, potentially degrading system performance or causing service interruptions. This authorization bypass affects both system integrity and availability, though it requires valid credentials and no patch is currently available.
SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.
Stored XSS in NextScripts Social Networks Auto-Poster plugin for WordPress (versions up to 4.4.6) allows authenticated Contributor-level users to inject malicious scripts through the `[nxs_fbembed]` shortcode due to insufficient input sanitization. Attackers can embed arbitrary JavaScript that executes when other users access the affected pages. A patch is not currently available.
SAP NetWeaver Application Server for ABAP contains a server-side request forgery vulnerability in a built-in ABAP testing report that allows authenticated attackers to send HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable reconnaissance of sensitive internal systems and potential data exfiltration, though availability is not impacted. Currently, no patch is available for this vulnerability.
Ghostty terminal emulator allows control characters embedded in pasted or drag-and-dropped text to execute arbitrary commands in certain shell environments, requiring only user interaction to trigger. An attacker can craft malicious text with invisible control sequences that, when copied/pasted by a user, execute unintended commands with the user's privileges. No patch is currently available for this vulnerability.
Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).
A division by zero flaw in the Microsoft Graphics Component on Windows 10 and Windows 11 systems enables local attackers to trigger a denial of service condition without requiring special privileges or user interaction. The vulnerability affects multiple Windows versions including Windows 10 1607, 22h2 and Windows 11 25h2, 26h1, with no patch currently available.
Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.
Open redirect vulnerabilities in Sylius eCommerce Framework allow unauthenticated attackers to redirect users to arbitrary domains by manipulating the HTTP Referer header through multiple controllers, enabling phishing and credential theft attacks when victims click malicious links from attacker-controlled sites. Public endpoints are trivially exploitable without authentication, while admin endpoints require an authenticated session but remain vulnerable if administrators follow external links. No patch is currently available for this medium-severity flaw.
Stored XSS in Sylius checkout login form allows unauthenticated attackers to inject malicious scripts through authentication error messages that are unsafely rendered via innerHTML. An attacker can craft a failed login attempt containing JavaScript payload that executes in the browser of any user viewing the checkout page, potentially stealing session tokens or credentials. The vulnerability affects Sylius versions prior to 2.0.16, 2.1.12, and 2.2.3, with no current patch available for older releases.
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14. [CVSS 6.1 MEDIUM]
DOM-based XSS in SAP Business One Job Service allows unauthenticated attackers to inject malicious code through unvalidated URL query parameters, compromising user sessions when victims interact with crafted links. Successful exploitation could leak sensitive data or modify application content, though availability is not affected. No patch is currently available.
Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 [CVSS 6.1 MEDIUM]
A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. [CVSS 6.1 MEDIUM]
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 6.1).
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 6.1).
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by heap-based buffer overflow (CVSS 6.1).
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by classic buffer overflow (CVSS 6.1).
Eaton EasySoft project files use weak encryption vulnerable to brute force attacks, allowing local attackers with file access to extract sensitive information and modify project configurations. An authenticated user on the affected system can exploit this weakness to compromise confidentiality and integrity of stored data. No patch is currently available for this vulnerability.
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. [CVSS 6.0 MEDIUM]
SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to information disclosure if unauthorized parties have access to the URLs via serve (CVSS 5.9).
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port. [CVSS 5.8 MEDIUM]
Insufficient authorization validation in SAP S/4HANA and ERP HCM Portugal modules allows high-privileged users to view confidential data from other companies. An authenticated attacker with elevated permissions could exploit this cross-tenant data exposure to access sensitive information without proper access controls. No patch is currently available for this medium-severity vulnerability.
Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.
ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).
SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.
Unauthorized disclosure of sensitive information in Windows Accessibility Infrastructure (ATBroker.exe) affects Windows Server 2019, 2025, Windows 10 22h2, and Windows 11 25h2, allowing local authenticated attackers to read confidential data. The vulnerability requires user privileges and local access but poses no risk to system integrity or availability. No patch is currently available for this issue.
Microsoft Graphics Component contains an out-of-bounds read vulnerability affecting Windows 10 1607, Windows Server 2019, and 2022, enabling local attackers to read sensitive information from memory. The vulnerability requires user interaction and local access, posing a confidentiality risk without offering a currently available patch. Attack complexity is low, making it a practical concern for systems running affected Office and Windows versions.
Windows Push Message Routing Service contains an out-of-bounds read vulnerability that enables authenticated local users to access sensitive information on affected systems running Windows 10 and Windows 11. The vulnerability requires valid credentials to exploit and poses a confidentiality risk, though no patch is currently available. This affects multiple Windows versions including 21H2, 22H2, and 23H2 releases.
Microsoft Authenticator contains an information disclosure vulnerability that allows local attackers to access sensitive data without requiring elevated privileges or user interaction beyond standard operation. The vulnerability stems from improper categorization of security controls, enabling unauthorized disclosure of confidential information on affected systems. No patch is currently available for this issue.
Improper certificate validation in Adobe Acrobat Reader DC versions 24.001.30307 and earlier allows local attackers to forge digital signatures by spoofing signer identity, bypassing security features that users rely on for document verification. This attack requires user interaction and affects multiple Adobe products including Acrobat DC. No patch is currently available.
Out-of-bounds memory read in Adobe Illustrator 29.8.4 and 30.1 and earlier enables attackers to disclose sensitive information from process memory by tricking users into opening malicious files. This local vulnerability requires user interaction but poses a high confidentiality risk with no available patch. Affected organizations should restrict file opening from untrusted sources until Adobe releases a fix.
Out-of-bounds memory read in Adobe Illustrator 29.8.4, 30.1 and earlier enables local attackers to extract sensitive data from process memory by tricking users into opening crafted files. No patch is currently available for this vulnerability, which requires user interaction but poses a meaningful confidentiality risk to affected users.
Out-of-bounds memory read in Substance 3D Painter 11.1.2 and earlier allows attackers to expose sensitive data from application memory. Exploitation requires a user to open a malicious file, making this a local attack vector dependent on social engineering. No patch is currently available for this vulnerability.
Out-of-bounds memory read in Substance 3D Painter 11.1.2 and earlier enables attackers to leak sensitive data from application memory when a user opens a specially crafted file. This local vulnerability requires user interaction but poses a meaningful confidentiality risk to designers and artists using affected versions. No patch is currently available.