Medium severity vulnerability in systemd. A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the a...
Medium severity vulnerability in systemd. A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd f...
Apache Livy versions 0.7.0 and 0.8.0 contain an improper input validation vulnerability (CWE-20) that allows authenticated users to bypass file access controls by injecting malicious Spark configuration values when connecting to Apache Spark 3.1 or later. An attacker with access to Livy's REST or JDBC interface can craft requests with arbitrary Spark configuration parameters to gain unauthorized access to files they do not have permissions to read or modify. This vulnerability is of moderate severity (CVSS 6.3) but requires valid authentication and is fixed in version 0.9.0 and later.
Apache Livy versions 0.3.0 through 0.8.x contain a path traversal vulnerability (CWE-22) that allows authenticated attackers to bypass directory restrictions and access files outside intended whitelist boundaries. The vulnerability only manifests when the 'livy.file.local-dir-whitelist' configuration parameter is set to a non-default value, enabling attackers with valid credentials to read, write, or execute arbitrary files on the server. With a CVSS score of 6.3 (moderate severity) reflecting the requirement for authenticated access and limited impact scope, this vulnerability warrants prioritization for organizations using Livy in multi-tenant or untrusted user environments.
Socomec DIRIS A-40 power monitoring devices contain an authentication bypass vulnerability in their HTTP API that allows network-adjacent attackers to gain unauthorized access without credentials. The vulnerability affects all versions of the DIRIS A-40 product due to lack of authentication enforcement on the web API listening on TCP port 80, enabling attackers to read sensitive data, modify configurations, and potentially disrupt power monitoring operations. This is a moderate-severity flaw (CVSS 6.3) with low attack complexity that poses real risk in industrial/operational technology environments where these devices are deployed.
JetBrains Datalore versions before 2026.1 contain a session hijacking vulnerability (CVE-2026-32745) caused by missing secure attribute configuration on session cookies, allowing attackers on the same network to intercept and reuse session tokens. The vulnerability affects all Datalore versions prior to 2026.1 and requires adjacent network access combined with user interaction; while the CVSS score is moderate (6.3), the impact is high for confidentiality and enables unauthorized account access.
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function...
IBM Sterling Partner Engagement Manager versions 6.2.3.0-6.2.3.5 and 6.2.4.0-6.2.4.2 contain a stored or reflected cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code. An attacker with valid credentials can alter application functionality and potentially exfiltrate sensitive data (including credentials) from trusted user sessions. A patch is available from IBM; exploitation requires user interaction (UI:R) but no elevated privileges.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.
The List category posts WordPress plugin (versions through 0.93.1) contains a DOM-based cross-site scripting (XSS) vulnerability that allows authenticated attackers with high privileges to inject malicious scripts into web pages viewed by other users. An attacker can exploit this through improper input neutralization during web page generation, potentially leading to session hijacking, credential theft, or defacement. With a CVSS score of 5.9 and requiring high privileges plus user interaction, this represents a moderate-severity risk primarily to WordPress sites using this specific plugin.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Rich Showcase for Google Reviews widget (richplugins plugin) affecting versions through 6.9.4.3, where improper input neutralization during web page generation allows authenticated attackers with high privileges to inject malicious scripts that execute in users' browsers. An attacker with administrative or plugin configuration access can store XSS payloads that will be executed for any user viewing the affected widget, potentially leading to session hijacking, credential theft, or defacement. While the CVSS score of 5.9 indicates moderate severity and requires user interaction and high privileges to exploit, the stored nature of this vulnerability means the payload persists and affects multiple users passively.
Stored XSS in blubrry PowerPress Podcasting through version 11.15.13 permits authenticated administrators with high privileges to inject malicious scripts that persist in web pages and execute in other users' browsers. An attacker with admin credentials can inject arbitrary JavaScript to steal session tokens, modify content, or perform actions on behalf of victims. No patch is currently available for this vulnerability.
The GetGenie plugin for WordPress contains an Insecure Direct Object Reference (IDOR) vulnerability in its REST API endpoint that allows authenticated attackers with Author-level privileges to arbitrarily modify or overwrite posts owned by any user, including administrators. The vulnerability exists in versions up to and including 4.3.2 due to missing validation on user-controlled post IDs before calling wp_update_post(), enabling attackers to change post types and reassign authorship. While not currently listed in CISA's Known Exploited Vulnerabilities catalog, the low attack complexity (network-based, low privilege requirement) and demonstrated proof-of-concept availability make this a moderate-priority issue for WordPress administrators managing multi-author sites.
Statamic CMS versions prior to 6.6.2 contain a stored cross-site scripting (XSS) vulnerability in the control panel color mode preference functionality that allows authenticated users to inject malicious JavaScript code. When a higher-privileged administrator impersonates or accesses the account of an authenticated user who has injected malicious code, the JavaScript executes in the administrator's browser session with their elevated privileges. This vulnerability is network-accessible and requires low privileges but user interaction from the victim, resulting in a CVSS score of 5.4 with potential for session hijacking, data theft, or further privilege escalation depending on the administrator's role and permissions.
This is a Stored or Reflected Cross-Site Scripting (XSS) vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway that allows authenticated users to inject arbitrary JavaScript code into the Web UI. An attacker with valid credentials can craft malicious payloads that execute in the context of other users' sessions, potentially leading to credential theft, session hijacking, or unauthorized actions within a trusted environment. With a CVSS score of 5.4 and requiring low attack complexity plus user interaction (clicking a malicious link), this vulnerability poses a moderate risk primarily in environments where user trust is high and credentials are valuable.
This is a stored cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway that allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially compromising session security and enabling credential theft. The vulnerability affects versions 6.1.0.0 through 6.2.2.0 across multiple minor version ranges, and while not yet listed as actively exploited in known vulnerability databases, the authentication requirement and UI-based attack surface present a moderate real-world risk for enterprises running these B2B integration platforms.
This is a stored or reflected cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway that allows authenticated users to inject arbitrary JavaScript code into the Web UI, potentially compromising credentials and session integrity. The vulnerability affects versions 6.1.0.0 through 6.2.2.0 across multiple release lines. While the CVSS score of 5.4 is moderate and exploitation requires authenticated access, the ability to alter UI functionality and exfiltrate credentials within a trusted session poses a real insider threat risk.
Authenticated users with insufficient access control restrictions in Admin and Site Enhancements (ASE) versions 8.4.0 and earlier can bypass authorization checks to read and modify sensitive data. The vulnerability stems from improperly configured access control levels that fail to enforce proper privilege boundaries. An attacker with valid credentials can exploit this to gain unauthorized access to protected functionality without elevated permissions.
Pochipp versions below 1.18.9 contain an authorization bypass vulnerability that allows authenticated users to access resources or perform actions beyond their assigned permissions due to improper access control validation. An attacker with valid credentials could exploit this to view sensitive data or modify system configuration they should not have access to. No patch is currently available.
bPlugins PDF Poster through version 2.4.0 contains an authorization bypass vulnerability that allows authenticated users to modify or disrupt PDF operations due to improperly configured access controls. An attacker with valid credentials could exploit this flaw to manipulate data integrity or cause service disruption without proper authorization checks.
A Server-Side Request Forgery (SSRF) vulnerability exists in Gift Up! Gift Cards for WordPress and WooCommerce plugin versions up to 3.1.7, allowing unauthenticated attackers to make arbitrary HTTP requests from the vulnerable server. This could enable attackers to access internal services, scan internal networks, or exfiltrate sensitive data from systems accessible only to the server. The vulnerability has a CVSS score of 5.4 (Medium) with network-based attack vector and low impact on confidentiality and integrity.
SmartFix by linethemes contains a missing authorization vulnerability (CWE-862) that allows authenticated users to access or modify resources they should not have permission to access due to incorrectly configured access control security levels. Affected versions are SmartFix prior to 1.2.4. An attacker with low-privilege credentials can exploit this network-accessible vulnerability without user interaction to gain unauthorized access to sensitive data or perform unauthorized modifications.
Nanosoft versions prior to 1.3.2 contain an access control flaw that allows authenticated users to modify data and degrade system availability through improperly configured authorization checks. An attacker with valid credentials can exploit this vulnerability to perform unauthorized actions beyond their assigned privilege level. No patch is currently available for this vulnerability.
Insufficient access control in Linethemes GLB through version 1.2.2 allows authenticated users to bypass security restrictions and gain unauthorized access to restricted resources. An attacker with valid credentials could exploit misconfigured access controls to view or modify sensitive data they should not have permission to access. No patch is currently available for this vulnerability.
RegistrationMagic through version 6.0.7.6 contains a missing authorization vulnerability that allows authenticated users to modify data and cause service disruptions through improperly configured access controls. An attacker with valid credentials can bypass intended permission restrictions to perform unauthorized actions on form submissions and registration data. No patch is currently available for this vulnerability.
Cozy Vision SMS Alert Order Notifications through version 3.9.0 contains an authorization bypass that allows authenticated users to modify data and degrade service availability through improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to perform unauthorized actions intended for higher-privileged users. No patch is currently available for this vulnerability.
Improper access control in Textmetrics up to version 3.6.4 allows authenticated users to modify data they should not have permission to access. An attacker with valid credentials can exploit misconfigured security levels to perform unauthorized modifications. No patch is currently available for this vulnerability.
An unauthenticated path traversal vulnerability in PX4 Autopilot's MAVLink FTP implementation (CWE-22) allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on flight controller filesystems without authentication or privilege requirements. Affected versions are prior to 1.17.0-rc2, impacting both NuttX-based flight controllers and POSIX targets (Linux companion computers and SITL simulation environments). Attackers with network access to MAVLink communication channels can exploit this vulnerability to compromise flight controller integrity, extract sensitive configuration data, or inject malicious firmware.
GamiPress versions 7.6.6 and earlier contain a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through maliciously crafted requests. An attacker can exploit this to modify plugin settings, create or delete gamification elements, or alter user data without the target user's knowledge or consent. The vulnerability requires user interaction (clicking a malicious link) but has no authentication requirement for the attack itself, making it a moderate-risk issue suitable for opportunistic exploitation against WordPress administrators.
A Cross-Site Request Forgery (CSRF) vulnerability exists in shufflehound's Lemmony application versions prior to 1.7.1, allowing unauthenticated attackers to perform unauthorized actions on behalf of legitimate users through crafted web requests. An attacker can exploit this vulnerability to cause integrity and availability impact by forcing a victim's browser to make unwanted requests to the Lemmony application. The attack requires user interaction (clicking a malicious link) but has a low attack complexity and network accessibility, making it a practical threat in multi-user web environments.
Cleanuparr versions 2.7.0 through 2.8.0 contain a timing-based username enumeration vulnerability in the /api/auth/login endpoint that allows unauthenticated remote attackers to discover valid usernames by analyzing response time differences. The flaw stems from password verification logic that performs expensive cryptographic hashing only after validating username existence, creating a measurable timing side-channel. This vulnerability is fixed in version 2.8.1 and presents a moderate information disclosure risk with a CVSS score of 6.9, though exploitation requires no special privileges or user interaction.
The Formidable Forms WordPress plugin versions up to 6.28 contain an authorization bypass vulnerability in the Stripe payment integration that allows unauthenticated attackers to manipulate PaymentIntent amounts before payment completion. An attacker can exploit the publicly exposed nonce in the `frm_strp_amount` AJAX handler to overwrite POST data and recalculate dynamic pricing fields, enabling payment of reduced amounts for goods or services. While the CVSS score is moderate at 5.3, the vulnerability has direct financial impact on e-commerce deployments and poses a meaningful risk to sites using dynamic pricing with Formidable Forms and Stripe.
IBM Aspera Console versions 3.3.0 through 3.4.8 contain an improper rate-limiting vulnerability in the email service that allows authenticated users to trigger a denial of service condition. An attacker with valid credentials can abuse the email functionality by sending requests at excessive frequencies, exhausting service resources and rendering the email feature unavailable to legitimate users. This vulnerability requires authentication and does not provide confidentiality or integrity impact, resulting in a moderate CVSS score of 5.3.
FreeRDP versions prior to 3.24.0 contain a client-side heap out-of-bounds read/write vulnerability in the bitmap cache subsystem caused by an off-by-one boundary check error. A malicious RDP server can exploit this by sending a specially crafted CACHE_BITMAP_ORDER (Rev1) packet with cacheId equal to maxCells, allowing access to memory one element past the allocated array boundary. This vulnerability affects FreeRDP clients connecting to untrusted or compromised servers and could lead to information disclosure or denial of service, though the CVSS score of 5.3 and lack of confidentiality impact suggest limited real-world severity.
A client-side heap buffer overflow vulnerability exists in FreeRDP's AVC420/AVC444 YUV-to-RGB color space conversion code due to missing horizontal bounds validation of H.264 metablock region coordinates. FreeRDP versions prior to 3.24.0 are affected, allowing a malicious RDP server to trigger out-of-bounds memory writes via specially crafted WIRE_TO_SURFACE_PDU_1 packets with oversized regionRects left coordinates, resulting in denial of service through heap corruption. The vulnerability requires no user interaction or authentication and has a CVSS score of 5.3 with EPSS risk classification indicating moderate exploitation likelihood; no public exploit code is known to exist at this time.
IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 contain an information disclosure vulnerability where detailed technical error messages are returned to remote attackers without authentication, exposing sensitive system information that can be leveraged for reconnaissance and follow-up attacks. With a CVSS score of 5.3 and low attack complexity requiring no privileges, this vulnerability poses a moderate risk as an information gathering vector in multi-stage attack campaigns, though direct exploitation impact is limited to confidentiality.
The soroban-sdk Rust SDK contains a cryptographic comparison vulnerability in Fr (scalar field) types for BN254 and BLS12-381 curves that fails to reduce unreduced field elements modulo the field modulus r before equality comparison. This allows attackers to supply crafted Fr values that are mathematically equal but compare as unequal when unreduced, potentially bypassing security-critical authorization or validation logic in smart contracts. The vulnerability affects versions prior to 22.0.11, 23.5.3, and 25.3.0; with a CVSS score of 5.3 (Medium), it poses moderate risk primarily to contract integrity rather than confidentiality.
IBM Aspera Console versions 3.3.0 through 3.4.8 contain a username enumeration vulnerability caused by observable response discrepancies in authentication mechanisms. An unauthenticated remote attacker can exploit this to enumerate valid usernames through response analysis, enabling reconnaissance for subsequent targeted attacks. With a CVSS score of 5.3 and low attack complexity, this is a low-to-moderate severity information disclosure issue suitable for standard patch management cycles rather than emergency response.
WoodMart versions 8.3.9 and earlier expose sensitive embedded system information to unauthorized parties through improper access controls, allowing remote attackers to retrieve confidential data without authentication. The vulnerability carries medium severity with a 5.3 CVSS score and currently lacks an available patch, affecting deployments of the affected WoodMart versions.
The RadiusTheme ShopBuilder plugin for WordPress (versions up to 3.2.4) improperly exposes sensitive system information through its Elementor WooCommerce integration, allowing unauthenticated attackers to retrieve embedded sensitive data. This information disclosure has a low confidentiality impact with no authentication or user interaction required. No patch is currently available for affected installations.
WpEvently versions prior to 5.1.9 inadvertently expose sensitive information in transmitted data, allowing unauthenticated remote attackers to retrieve embedded secrets without user interaction. This information disclosure vulnerability affects the mage-eventpress plugin and could enable attackers to obtain credentials or other confidential data. No patch is currently available.
The Erlang OTP ssh_sftpd module contains a path traversal vulnerability in the is_within_root/2 function that uses string prefix matching instead of proper path component validation to verify if accessed paths are within the configured root directory. An authenticated SFTP user can exploit this to access sibling directories sharing a common name prefix with the root directory (for example, if root is /home/user1, accessing /home/user10 or /home/user1_backup would succeed when it should fail). This vulnerability affects OTP versions 17.0 through 28.4.1 with corresponding SSH versions 3.0.1 through 5.5.1, with no confirmed active exploitation in the wild (KEV status not indicated as actively exploited) but with a moderate CVSS score of 5.3 reflecting the requirement for prior authentication.
IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 contain an authentication bypass vulnerability that allows unauthenticated attackers to extract sensitive user information by leveraging expired access tokens over the network without requiring special privileges or user interaction. The vulnerability has a CVSS score of 5.3 with low attack complexity, meaning exploitation is straightforward and requires no special conditions, though the impact is limited to confidentiality breaches with no integrity or availability compromise.
A Missing Authorization vulnerability exists in CyberChimps Responsive Blocks responsive-block-editor-addons plugin through version 2.2.0, where incorrectly configured access control allows unauthenticated attackers to perform unauthorized actions. The vulnerability has a CVSS score of 5.3 with a network attack vector and no privileges required, meaning remote attackers can exploit this without authentication to modify content or settings. While the integrity impact is limited (CWE-862: Missing Authorization), the lack of authentication requirements and the plugin's wide deployment in WordPress environments present a moderate real-world risk.
The Lawyer Landing Page plugin through version 1.2.7 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify data due to improper access control configuration. This network-accessible vulnerability could enable attackers to alter content or settings without proper authentication credentials. A patch is not currently available for affected installations.
Improper access control in wptravelengine Travel Booking versions up to 1.3.9 permits unauthenticated attackers to modify data through incorrectly configured authorization checks. An attacker can exploit this vulnerability to tamper with travel booking information without requiring valid credentials or user interaction. No patch is currently available for this medium-severity vulnerability.
Improper access control in Wombat Plugins Advanced Product Fields for WooCommerce through version 1.6.18 allows unauthenticated attackers to modify product addon data due to misconfigured authorization checks. This affects WooCommerce stores using the vulnerable plugin, enabling attackers to alter product information without proper permissions. No patch is currently available.
This is a missing authorization vulnerability in ThemeFusion Avada Core (versions prior to 5.15.0) that allows unauthenticated attackers to modify data through incorrectly configured access control security levels. The vulnerability has a CVSS score of 5.3 with network attack vector and no privilege requirements, meaning any remote attacker can exploit it without authentication. While the integrity impact is limited (data modification rather than disclosure or system compromise), the lack of authentication requirements and network accessibility make this a practical security concern for websites using vulnerable Avada versions.
This vulnerability is a missing authorization flaw in ThemeFusion Fusion Builder that allows unauthenticated attackers to exploit incorrectly configured access controls to modify content or settings. The issue affects Fusion Builder versions prior to 3.15.0, and the network-accessible nature combined with no authentication requirement means any remote attacker can exploit it without special privileges. While the CVSS score of 5.3 indicates moderate severity with integrity impact but no confidentiality or availability loss, the lack of authentication requirement elevates real-world risk for WordPress sites using affected versions.
Inadequate access control in WP Food plugin versions below 2.7.1 allows unauthenticated remote attackers to modify data without proper authorization checks. This vulnerability affects WordPress installations using the vulnerable WP Food plugin and could enable attackers to alter plugin functionality or data integrity. No patch is currently available for this issue.