Flarum's nicknames extension allows authenticated users to inject email-like hyperlinks into their nicknames, which are rendered verbatim in plain-text notification emails sent to other users. An attacker can exploit this to craft malicious nicknames that email clients interpret as clickable links, potentially redirecting recipients to attacker-controlled domains for phishing or credential harvesting. No patch is currently available for this vulnerability.
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). [CVSS 2.6 LOW]
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```
IBM Planning Analytics Advanced Certified Containers 3.1.0 versions up to 3.1.4 contains a vulnerability that allows attackers to a local privileged user to obtain sensitive information from environment variabl (CVSS 4.4).
FortiSIEM 7.3.0-7.3.4 and 7.4.0 are vulnerable to reflected cross-site scripting that allows unauthenticated remote attackers to inject malicious scripts through URL parameters, enabling social engineering attacks against users who click malicious links. The vulnerability requires user interaction to trigger but has no authentication requirements, making it practical for phishing campaigns that redirect victims to spoofed pages.
GitHub Enterprise Server allows authenticated users with limited personal access tokens to access private and internal repository data through the search API if they already have some level of access to those repositories via organization membership or collaborator status. This authorization bypass affects versions prior to 3.20 and enables information disclosure despite the tokens lacking the necessary repository scope permissions. No patch is currently available for this MEDIUM severity vulnerability.
LinkAce versions 2.1.0 and earlier allow authenticated users to inappropriately associate other users' private taxonomies with their own links through insufficient authorization checks in the processTaxonomy() method. This enables privilege escalation where attackers can gain unauthorized access to private tags and lists belonging to other users on the same instance. The vulnerability requires valid authentication credentials and has no available patch at this time.
Misskey versions 10.93.0 through 2026.3.0 allow authenticated users to import arbitrary user data due to insufficient ownership validation, enabling attackers with knowledge of target file IDs to access other users' information. The vulnerability requires valid login credentials and knowledge of specific file identifiers, limiting its practical impact. No patch is currently available.
GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.
SINEC Security Monitor versions before 4.9.0 expose sensitive metadata including contributor information and email addresses on the SSM Server, allowing authenticated attackers to obtain confidential data. The vulnerability requires valid credentials to exploit and poses a low-severity information disclosure risk with no availability or integrity impact.
Kubewarden's deprecated host-callback APIs in AdmissionPolicy can be exploited by authenticated users with policy creation permissions to gain unauthorized read access to cluster-level resources including Ingresses, Namespaces, and Services. An attacker with privileged AdmissionPolicy creation permissions—not a default privilege—could craft malicious policies to bypass intended access controls and enumerate sensitive cluster infrastructure, though this vulnerability is limited to read-only access without write capability or access to Secrets and ConfigMaps. The vulnerability affects Kubernetes deployments using Kubewarden and currently has no available patch.
Unauthenticated attackers can generate preview tokens in Craft CMS versions prior to 4.17.4 and 5.9.7 by exploiting a CSRF vulnerability in the /actions/preview/create-token endpoint, which lacks proper token validation and HTTP method restrictions. An attacker can force a logged-in editor to create an attacker-controlled preview token that grants unauthorized access to unpublished content. This attack requires user interaction but allows the attacker to view sensitive content without authentication.
Court Reservation WordPre versions up to 1.10.9 is affected by cross-site request forgery (csrf) (CVSS 4.3).
ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 contain a heap-use-after-free vulnerability in the MSL encoder that can be triggered by local attackers to cause denial of service through double-free conditions on cloned images. The vulnerability requires local access with no special privileges or user interaction, resulting in application crashes or potential memory corruption. No patch is currently available for affected versions.
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited ...
Improper register protection in the PowerVR GPU on Android devices enables local attackers to read sensitive information without requiring special privileges or user interaction. This memory disclosure vulnerability affects Android systems and cannot currently be patched, leaving devices vulnerable to information leakage through direct GPU register access.
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all...
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. [CVSS 3.5 LOW]
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL [CVSS 3.3 LOW]
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 2.9 LOW]
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. [CVSS 2.7 LOW]
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 versions up to 14.14.0 is affected by path traversal.
Android versions up to - contains a vulnerability that allows attackers to physical information disclosure with no additional execution privileges needed (CVSS 2.1).
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. versions up to 0.1.1 is affected by cross-site scripting (xss).
Shescape is a simple shell escape library for JavaScript. versions up to 2.1.9 is affected by information exposure.
Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution.
Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution.
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query (the raw request query) when Gra...
Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.
Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method (get, patch, update, remove). The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId() and land directly in the MongoDB query as operators. Sending {$ne: null} as the id mat...
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.