Memory disclosure in Substance 3D Painter 11.1.2 and earlier allows attackers to read sensitive data from process memory through an out-of-bounds read vulnerability. Exploitation requires user interaction, as victims must open a specially crafted malicious file. No patch is currently available for this vulnerability.
DNG SDK versions 1.7.1 and earlier contain an integer overflow vulnerability that allows local attackers to crash affected applications through specially crafted files. Exploitation requires user interaction, as victims must open a malicious file to trigger the denial-of-service condition. No patch is currently available for this vulnerability.
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that allows local attackers to crash the application by tricking users into opening malicious files. This denial-of-service vulnerability requires user interaction but requires no elevated privileges to exploit. No patch is currently available for this medium-severity issue.
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that enables local denial-of-service attacks when users open specially crafted files. An attacker can crash the application to disrupt workflow, though exploitation requires user interaction and no patch is currently available. The vulnerability has a moderate CVSS score of 5.5 with zero percent estimated exploitation probability.
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by convincing users to open a malicious file. This denial-of-service impact disrupts application availability, though no patch is currently available. User interaction is required for exploitation, and the vulnerability affects local attack scenarios only.
Denial-of-service in Substance 3D Painter 11.1.2 and earlier stems from improper null pointer handling that crashes the application when processing malicious files. An attacker can trigger this crash by tricking a user into opening a specially crafted file, temporarily disrupting the victim's workflow. No patch is currently available to address this vulnerability.
Denial-of-service crashes in Adobe Substance 3D Painter versions 11.1.2 and earlier stem from a null pointer dereference vulnerability triggered when users open specially crafted files. An attacker can exploit this flaw to force application crashes and disrupt user workflows, though no patch is currently available. Exploitation requires social engineering to convince victims to open a malicious file.
Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by tricking users into opening a malicious file. This denial-of-service condition disrupts workflow for affected users, though no patch is currently available. The vulnerability requires user interaction and does not enable code execution or data compromise.
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).
pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.
Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).
iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by stack-based buffer overflow (CVSS 5.5).
node-tar is a full-featured Tar for Node.js.
DOM-based XSS in GitHub Enterprise Server prior to version 3.20 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious HTML through task list content in issues and pull requests. The vulnerability stems from improper input neutralization in the task list rendering logic, which fails to re-encode user-supplied content before display. An attacker with repository access could exploit this to steal session tokens or perform actions on behalf of other users.
Umbraco CMS versions 14.0.0 through 16.5.0 and 17.0.0-17.2.1 contain an authorization bypass in a backoffice API endpoint that allows authenticated editors to assign domain configurations to content nodes they lack permission to access. An attacker with valid credentials could exploit this to modify domain settings on restricted content, potentially affecting content visibility or routing. The vulnerability affects Umbraco deployments without patches 16.5.1 or 17.2.2 applied.
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
The webauthn-lib PHP library before version 5.2.4 incorrectly validates origin restrictions by comparing only hostname components, allowing attackers to bypass authentication policies that rely on scheme or port differentiation. This enables an attacker to authenticate from origins that should be blocked, such as using HTTP instead of HTTPS or non-standard ports. Applications using this library with strict origin policies are affected until they upgrade to the patched version.
Parse Server versions prior to 9.5.2-alpha.4 and 8.6.17 allow authenticated users to upload SVG files containing malicious JavaScript that executes in the server's origin context due to missing content security headers, enabling attackers to steal session tokens and compromise user accounts. All deployments with file upload enabled for authenticated users are vulnerable by default, as the file extension filter blocks HTML but not SVG files. A patch is available in the specified versions.
Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.
Authentication bypass in Vaadin framework (14.0.0-14.14.0, 23.0.0-23.6.x, and other ranges). The web application framework fails to properly enforce authentication on certain routes.
Windows Shell Link Processing leaks sensitive information over the network in Windows Server 2012, 2019, and 2022, enabling remote spoofing attacks without authentication or user interaction. An unauthenticated attacker can exploit this information disclosure to conduct spoofing attacks against affected systems. No patch is currently available.
WWBN AVideo is an open source video platform. versions up to 25.0 is affected by missing authentication for critical function.
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request. [CVSS 5.3 MEDIUM]
Sylius eCommerce framework's cart API endpoint fails to validate cart ownership, allowing unauthenticated attackers to add items to other customers' shopping carts if they possess a valid cart token value. This integrity flaw affects registered users whose carts can be manipulated by external threat actors, potentially leading to fraudulent transactions or operational disruption. The vulnerability is unpatched in versions prior to 2.0.16, 2.1.12, and 2.2.3.
Parse Server versions prior to 8.6.12 and 9.5.1-alpha.1 allow attackers to bypass the requestKeywordDenylist security control by nesting prohibited keywords within objects or arrays in request payloads, enabling injection of restricted data into applications. This logic flaw affects all Parse Server deployments since the denylist is enabled by default, and custom keyword restrictions configured by developers are equally vulnerable to the same bypassing technique. Attackers can exploit this to inject malicious content or bypass access controls on any Parse Server instance.
Denial of service in file-type library versions prior to 21.3.1 allows remote attackers to hang Node.js event loops by submitting malformed ASF (WMV/WMA) files that trigger infinite loops during file type detection. Applications using file-type to analyze untrusted input are vulnerable, with a minimal 55-byte payload sufficient to stall processing. No patch is currently available for affected Node.js and File Type products.
Heap use-after-free in ImageMagick's MSL decoder (versions before 7.1.2-16 and 6.9.13-41) allows remote attackers to trigger memory access violations via specially crafted MSL files, resulting in denial of service. The vulnerability requires no authentication or user interaction and affects systems processing untrusted image files. No patch is currently available for this MEDIUM severity issue.
The Booktics plugin for WordPress versions up to 1.0.16 lacks proper permission validation in its Extension_Controller function, allowing unauthenticated attackers to install arbitrary addon plugins and modify site data. This network-accessible vulnerability affects WordPress installations using the vulnerable plugin without requiring user interaction. No patch is currently available for this medium-severity vulnerability.
Booktic versions up to 1.0.16. is affected by missing authentication for critical function (CVSS 5.3).
Unicorn adds modern reactive component functionality to your Django templates. versions up to 0.67.0 is affected by improper access control (CVSS 5.3).
Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 are vulnerable to DQL injection through the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API endpoints, which fail to validate user-supplied order direction parameters before passing them to Doctrine. An unauthenticated remote attacker can inject arbitrary DQL queries to read sensitive data from the application database. No patch is currently available for this medium-severity vulnerability.
If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. [CVSS 5.3 MEDIUM]
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access. [CVSS 5.3 MEDIUM]
Fortinet FortiSwitchAXFixed versions 1.0.0 through 1.0.1 contain an access control flaw that allows authenticated administrators to execute arbitrary system commands by uploading a malicious SSH configuration file. The vulnerability requires local access and valid admin credentials but poses a risk to organizations where admin accounts may be compromised or where insider threats are a concern. No patch is currently available.
Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.
Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 can be crashed by an authenticated attacker through improper state cleanup in the rate limit filter when both request and response phase limiting are enabled. When a response phase rate limit request fails, the gRPC client reuses stale internal state from the prior request phase, leading to a use-after-free condition that crashes the proxy. An attacker with network access and valid credentials can exploit this to cause a denial of service against Envoy instances.
Giflib's image processing functions are vulnerable to denial of service through a double-free memory corruption flaw triggered during shallow copy operations in GifMakeSavedImage with improper error handling. Local attackers with crafted image files can crash applications using affected Giflib versions, though exploitation requires specific and difficult-to-achieve conditions. No patch is currently available.
SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.
Unauthorized access to Database Analyzer Log Files in SAP NetWeaver Application Server for ABAP allows authenticated users to read sensitive database logs through an unprotected RFC function module. An attacker with standard user privileges and access to execute the affected module can bypass authorization checks to disclose confidential information, though system integrity and availability remain unaffected. No patch is currently available to remediate this authorization bypass vulnerability.
SAP Solution Tools Plug-In (ST-PI) exposes system information to authenticated users due to missing authorization validation in a function module. An attacker with valid credentials can bypass access controls to retrieve sensitive information about the SAP system without requiring user interaction.
Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests. [CVSS 4.8 MEDIUM]
Stored XSS vulnerabilities in Sylius allow authenticated attackers with high privileges to inject malicious scripts through unsanitized entity names (taxons, products) that are rendered as raw HTML in breadcrumbs and admin interfaces. An attacker could craft malicious product or category names to execute arbitrary JavaScript in the browsers of shop visitors and administrators, potentially leading to session hijacking or credential theft. No patch is currently available for this medium-severity vulnerability.
Stored XSS in Craft Commerce versions before 5.5.3 allows authenticated users with product editing permissions to inject malicious JavaScript through the Inventory Locations Name field, which executes when administrators view affected product variants. An attacker with these privileges can steal session tokens, modify product data, or perform other administrative actions within the application. A patch is available in version 5.5.3.
Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
Copyparty versions before 1.20.11 fail to apply the nohtml security restriction to SVG files, allowing authenticated users with write permissions to upload SVG images containing malicious JavaScript that executes when opened by other users. This cross-site scripting vulnerability bypasses the intended protection against JavaScript execution in user-uploaded content. The vulnerability has been patched in version 1.20.11.