Integer overflow in NGINX 32-bit builds with the ngx_http_mp4_module allows local attackers to corrupt or overwrite worker process memory via specially crafted MP4 files, leading to denial of service. The vulnerability requires the mp4 directive to be enabled in the configuration and an attacker's ability to trigger MP4 file processing. No patch is currently available for affected deployments.
NGINX Open Source and NGINX Plus contain a buffer over-read or over-write vulnerability in the ngx_http_mp4_module that can lead to NGINX worker process termination or potentially remote code execution. An attacker with local access and the ability to supply a specially crafted MP4 file for processing can exploit this flaw when the mp4 directive is enabled in the configuration. The vulnerability has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability, though exploitation requires local access (AV:L) and low-level privileges (PR:L).
Out-of-bounds read in Furnace before version 0.7 allows local attackers to read sensitive memory contents through a crafted FLAC file processed by the modified libsndfile module. This vulnerability could enable information disclosure or potentially facilitate further exploitation of the audio processing application.
Wallos, an open-source self-hostable subscription tracker, contains a Server-Side Request Forgery (SSRF) vulnerability in the endpoints/logos/search.php endpoint prior to version 4.7.0. The vulnerability allows unauthenticated attackers to hijack HTTP_PROXY and HTTPS_PROXY environment variables without validation, enabling them to redirect outbound requests to arbitrary domains by manipulating DNS resolution through user-supplied search terms. This attack requires no special privileges and can be executed remotely over the network, making it a significant risk for exposed Wallos instances.
FileRise, a self-hosted web file manager and WebDAV server, contains a path traversal vulnerability in its Resumable.js chunked upload handler where the resumableIdentifier parameter is concatenated into filesystem paths without sanitization. Authenticated users with upload permissions can exploit this to write files to arbitrary directories, delete arbitrary directories, and probe filesystem structure. No evidence of active exploitation (not in CISA KEV) or public POC availability has been reported at this time.
Vikunja, an open-source self-hosted task management platform, contains an insecure direct object reference (IDOR) vulnerability that allows any authenticated user to access or delete attachments belonging to other users' tasks. The vulnerability affects all versions prior to 2.2.1, enabling attackers to enumerate and download attachments by combining their own valid task ID with sequential attachment IDs. With a CVSS score of 8.1 (High severity), this represents a significant confidentiality and integrity risk, though no evidence of active exploitation (KEV) or public proof-of-concept has been reported.
An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this through WebRTC signaling interactions to disclose sensitive information, though specific exploitation details remain limited in public disclosures.
NVIDIA Megatron LM contains an insecure deserialization vulnerability (CWE-502) in its quantization configuration loading mechanism that enables remote code execution. Attackers with local access and low privileges can exploit this flaw to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability has a CVSS score of 7.8 and affects all versions of NVIDIA Megatron LM based on available CPE data.
NVIDIA NeMo Framework contains an insecure deserialization vulnerability (CWE-502) that allows authenticated local attackers to execute arbitrary code. The vulnerability affects NVIDIA NeMo Framework installations and can lead to code execution, privilege escalation, information disclosure, and data tampering. According to CISA's SSVC framework, there is currently no evidence of active exploitation in the wild, and the attack is not automatable, though technical impact is rated as total.
NVIDIA NeMo Framework contains a remote code execution vulnerability in its checkpoint loading mechanism caused by insecure deserialization (CWE-502). Attackers with local access and low privileges can exploit this to achieve code execution, privilege escalation, information disclosure, and data tampering with high impact on confidentiality, integrity, and availability. According to SSVC framework, there is currently no observed exploitation in the wild, though the technical impact is rated as total.
NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading mechanism that allows remote code execution when a user loads a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. The attack requires local access and low privileges but no user interaction once the malicious file is loaded.
NVIDIA Megatron-LM contains an insecure deserialization vulnerability (CWE-502) during model inferencing that allows remote code execution when a user loads a maliciously crafted input file. This vulnerability has a CVSS score of 7.8 and requires local access with low privileges but no user interaction, enabling attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability affects NVIDIA's large language model training framework widely used in AI research and production environments.
NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading functionality that allows remote code execution when a user is tricked into loading a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. There is no current indication of active exploitation in CISA's KEV catalog, and EPSS data was not provided in the intelligence sources.
NVIDIA Megatron-LM contains a critical unsafe deserialization vulnerability (CWE-502) in its hybrid conversion script that allows remote code execution when a user loads a maliciously crafted file. The vulnerability affects NVIDIA Megatron-LM installations and enables attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. With a CVSS score of 7.8 and local attack vector requiring low privileges and no user interaction, this represents a significant risk for organizations using this large language model training framework.
NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability.
A signed integer overflow vulnerability exists in the libtiff library's putcontig8bitYCbCr44tile function that leads to out-of-bounds heap writes through incorrect memory pointer calculations. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10 are confirmed affected. An attacker can exploit this by tricking a user into opening a specially crafted TIFF file, potentially achieving arbitrary code execution or causing application crashes.
Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an integer overflow in the `ggml_nbytes` function, causing heap buffer overflow during tensor processing. An attacker can bypass memory validation by specifying tensor dimensions that cause the size calculation to underflow dramatically, allowing memory corruption and potential code execution. The vulnerability affects Debian and other systems running vulnerable versions of llama.cpp, with no patch currently available.
Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.
This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.
Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.
WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.
IDrive's id_service.exe process, which runs with SYSTEM-level privileges on Windows systems, is vulnerable to privilege escalation and arbitrary code execution due to insecure file handling. The vulnerability affects IDrive Cloud Backup Client for Windows across multiple versions, as the elevated service process reads UTF16-LE encoded configuration files from C:\ProgramData\IDrive\ that are writable by standard unprivileged users. An attacker with local user access can modify these files to inject arbitrary executable paths, causing id_service.exe to execute malicious code with SYSTEM privileges, resulting in complete system compromise. While CVSS and EPSS scores are not available, this represents a critical local privilege escalation vector with trivial exploitability due to the file write permissions on the ProgramData directory.
Authenticated users can bypass regex-based input validation in command injection action scripts by injecting newline characters that exploit multiline mode anchors, allowing shell command execution. This vulnerability affects systems using administrator-configured validation patterns with ^ and $ anchors, enabling authenticated attackers to achieve arbitrary command execution. No patch is currently available.
An incomplete Server-Side Request Forgery (SSRF) mitigation in Wallos, a self-hostable subscription tracker, allows authenticated attackers to bypass security controls and force the application to make requests to internal or private IP addresses. Wallos versions prior to 4.7.0 are affected. The vulnerability occurs because SSRF validation was added to test notification endpoints but not the corresponding save endpoints, enabling attackers to store malicious URLs that execute without validation when the cron job runs. No active exploitation (KEV) or public POC is currently documented.
Freeciv21, an open-source turn-based strategy game, contains a stack overflow vulnerability that allows remote attackers to crash servers or client applications through specially-crafted network packets. All versions prior to 3.1.1 are affected, with exploitation requiring no authentication and leaving no useful logs by default. While there is no evidence of active exploitation (not in CISA KEV) or public proof-of-concept code, Debian has issued security advisory DSA-6173-1 indicating distribution-level concern.
Free5GC versions 4.2.0 and earlier are vulnerable to denial of service attacks through improper handling of authentication failures in the AMF component, allowing unauthenticated remote attackers to crash the service. The vulnerability requires no user interaction and can be exploited over the network, potentially disrupting 5G core network operations. No patch is currently available.
A pre-authentication vulnerability in NATS.io nats-server allows unauthenticated attackers to crash the server by sending a specially crafted malformed message to the leafnode port. All versions of nats-server prior to v2.12.6 and v2.11.15 are affected. This is a high-severity denial-of-service vulnerability with a CVSS score of 7.5, exploitable over the network without authentication, though no active exploitation (KEV) or public proof-of-concept has been reported at this time.
A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.
The JetEngine plugin for WordPress contains a SQL injection vulnerability in the listing_load_more AJAX action that allows unauthenticated attackers to extract sensitive database information. All versions up to and including 3.8.6.1 are affected. The vulnerability exists on sites using JetEngine Listing Grid with Load More functionality enabled and SQL Query Builder queries, with a CVSS score of 7.5 indicating high severity for confidentiality impact.
NATS server with leafnode clustering enabled is vulnerable to a denial-of-service crash triggered by remote attackers who exploit null pointer dereference in the compression negotiation handler prior to authentication. Any attacker capable of connecting to a leafnode-configured NATS server can trigger a server panic, causing service disruption. A patch is available to remediate this high-severity vulnerability.
FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details.
This vulnerability is a memory leak (CWE-401) in Android-ImageMagick7, a port of ImageMagick for Android, that allows remote attackers to cause denial of service by exhausting memory resources. The issue affects all versions of MolotovCherry Android-ImageMagick7 prior to version 7.1.2-11. With a CVSS score of 7.5 and a network-based attack vector requiring no privileges or user interaction (AV:N/AC:L/PR:N/UI:N), attackers can remotely trigger high-impact availability disruption, though there is no current evidence of active exploitation or public proof-of-concept.
Memory leaks in MolotovCherry Android-ImageMagick7 versions prior to 7.1.2-11 allow remote attackers to cause denial of service by exhausting available memory without authentication. The vulnerability stems from improper memory management that fails to release resources after use, potentially crashing applications or rendering devices unresponsive.
NVIDIA Triton Inference Server contains a denial of service vulnerability in its HTTP endpoint that can be exploited by sending large compressed payloads. The vulnerability has a CVSS score of 7.5 (High) and is exploitable remotely without authentication or user interaction. There is no evidence of active exploitation (not in CISA KEV), and no public proof-of-concept has been identified at this time.
NVIDIA Triton Inference Server contains a race condition vulnerability (CWE-362) that allows unauthenticated remote attackers to corrupt internal server state, resulting in a denial of service. The vulnerability affects NVIDIA Triton Inference Server across multiple versions and can be exploited over the network with low attack complexity requiring no privileges or user interaction. With a CVSS score of 7.5 (High) and an EPSS score not provided, this represents a significant availability risk for organizations running AI/ML inference workloads.
NVIDIA Triton Inference Server's Sagemaker HTTP server contains a race condition vulnerability that allows unauthenticated remote attackers to trigger an exception, resulting in denial of service. The vulnerability affects NVIDIA Triton Inference Server deployments using the Sagemaker HTTP server component and can be exploited over the network without authentication or user interaction. There is no indication of active exploitation (not in CISA KEV), and EPSS data was not provided, but the CVSS score of 7.5 (High) reflects the ease of exploitation.
Mod_gnutls, a TLS module for Apache HTTPD, contains a stack-based buffer overflow vulnerability in its client certificate verification code. Versions prior to 0.12.3 and 0.13.0 fail to validate the length of client-provided certificate chains before writing pointers to a fixed-size array, typically causing segmentation faults (denial of service) and theoretically enabling stack corruption. Only configurations explicitly requiring client certificate verification are affected; default configurations using 'GnuTLSClientVerify ignore' are not vulnerable.
Credential disclosure in NATS Server (nats-server) before v2.11.15 and v2.12.6 exposes MQTT client passwords through the server's HTTP monitoring endpoints. When MQTT clients authenticate with username/password, the server mistakenly stores the password in the field reserved for a non-authenticating JWT identity statement, which is then surfaced verbatim in monitoring data such as connection listings. There is no public exploit identified at time of analysis and SSVC marks exploitation as none, the EPSS score is very low (0.03%), and a vendor patch is available.
Vikunja, an open-source self-hosted task management platform, contains an authorization bypass vulnerability that allows attackers with read-only link share access to escalate privileges to full admin access. The ReadAllWeb handler fails to enforce proper access controls when listing link shares, exposing secret hashes for higher-privilege shares. Versions prior to 2.2.2 are affected, and a patch is available in version 2.2.2.
A boundary condition vulnerability exists in Firefox's Audio/Video GMP (Gecko Media Plugin) component that enables information disclosure to attackers. This flaw affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in media processing to disclose sensitive information from the affected browser process.
A boundary condition vulnerability exists in Mozilla Firefox's Graphics Canvas2D component that enables information disclosure attacks. The vulnerability affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in Canvas2D operations to read sensitive data from memory, potentially disclosing user information or browser-internal data through a web-based attack vector.
This vulnerability involves incorrect boundary conditions in the Firefox Graphics Canvas2D component that can lead to information disclosure. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to access sensitive memory information through specially crafted Canvas2D operations, potentially exposing user data or system information.
A boundary condition vulnerability exists in Firefox's Layout: Text and Fonts component that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR versions below 115.34, and Firefox ESR versions below 140.9. An attacker could exploit incorrect boundary handling in text and font rendering to potentially disclose sensitive information from memory, though specific exploitation details and active exploitation status are not publicly documented in the available intelligence.
An incorrect boundary condition vulnerability exists in the Audio/Video playback component of Mozilla Firefox, affecting Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. This flaw enables information disclosure through improper memory boundary handling during media playback operations. While specific exploit details and CVSS metrics are not publicly disclosed, the vulnerability is categorized as an information disclosure issue affecting all three Firefox release channels.
An incorrect boundary condition vulnerability exists in Firefox's Graphics Canvas2D component that can lead to information disclosure. This affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this boundary condition issue to disclose sensitive information through crafted Canvas2D operations, though no active exploitation or public proof-of-concept has been reported at this time.
This vulnerability involves incorrect boundary conditions in Firefox's Graphics Canvas2D component that enables information disclosure. Firefox versions prior to 149, Firefox ESR prior to 115.34, and Firefox ESR prior to 140.9 are affected. An attacker can leverage improper boundary validation in Canvas2D operations to read sensitive information from memory that should not be accessible through normal web content restrictions.
A boundary condition vulnerability exists in Firefox's Graphics Text component that allows information disclosure through incorrect memory handling during text rendering operations. This affects Firefox versions below 149 and Firefox ESR versions below 140.9, potentially enabling attackers to read sensitive data from adjacent memory regions. No active exploitation in the wild has been confirmed, but the vulnerability warrants prompt patching given its information disclosure impact.
An incorrect boundary condition vulnerability exists in the Audio/Video component of Mozilla Firefox and Firefox ESR, allowing potential information disclosure through improper memory handling. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker may exploit this vulnerability to leak sensitive information from the browser process memory by triggering specific audio or video processing operations, though active exploitation status is not confirmed at this time.
An incorrect boundary condition vulnerability exists in the Graphics component of Mozilla Firefox and Firefox ESR, allowing information disclosure through improper memory access. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker can exploit this vulnerability to read sensitive information from memory by triggering the boundary condition in graphics processing operations.
A boundary condition error in Firefox's Graphics component allows information disclosure through improper memory access validation. This vulnerability affects Firefox versions below 149 and Firefox ESR versions below 140.9, enabling attackers to read sensitive memory contents from the graphics processing context. While no CVSS score or EPSS data is currently available, the vulnerability is documented across multiple Mozilla security advisories indicating active awareness by the vendor.