Heap buffer over-read in GIMP's PCX image loader allows a remote attacker who can convince a user to open a crafted PCX file to disclose adjacent heap memory and crash the application. The flaw stems from an off-by-one error (CWE-193) and is tracked across Red Hat Enterprise Linux 6 through 9. No public exploit identified at time of analysis and EPSS is very low (0.06%, 19th percentile), with CISA SSVC rating exploitation as 'none'.
Fireshare version 1.5.1 allows authenticated remote attackers to write arbitrary files outside the intended upload directory through unsanitized path traversal in the chunked upload endpoint's checkSum parameter. The vulnerability enables attackers with valid credentials to write files to any location accessible to the Fireshare process, potentially compromising system integrity or enabling secondary attacks. No public exploit identified at time of analysis, though the vulnerability has been fixed in version 1.5.2 released by the vendor.
SQL injection in WWBN AVideo category management allows authenticated administrators to extract database contents including user credentials and private video metadata. The vulnerability resides in objects/category.php where user-supplied category title slugs are concatenated directly into SQL queries without parameterization. A working proof-of-concept demonstrates UNION-based injection to retrieve the users table. Upstream fix available via GitHub commit 994cc2b3d802b819e07e6088338e8bf4e484aae4, though no public exploit identified at time of analysis beyond the documented PoC.
SQL injection in WWBN AVideo objects/like.php allows authenticated users to read and potentially modify the entire database by injecting malicious payloads into the videos_id parameter during like/dislike actions. The vulnerability affects pkg:composer/wwbn_avideo and arises from mixing parameterized queries with direct string concatenation. A proof-of-concept UNION-based injection exists demonstrating credential extraction. Upstream fix available (PR/commit); released patched version not independently confirmed.
OpenEMR versions prior to 8.0.0.3 contain a missing authorization vulnerability in the AJAX deletion endpoint that allows any authenticated user, regardless of assigned role or privileges, to irreversibly delete critical medical data including procedure orders, answers, and specimens for any patient in the system. This is a severe integrity violation in a healthcare application handling protected health information. No evidence of active exploitation (not in CISA KEV) is currently available, though patches have been released.
Linux kernel nfnetlink_osf module fails to validate TCP option lengths in OS fingerprint definitions, allowing null pointer dereference and out-of-bounds memory reads when processing packets with malformed or missing TCP options. The vulnerability affects Linux kernel versions across multiple stable branches (6.1.x through 6.19.x and 7.0-rc5), with EPSS score of 0.02% indicating low practical exploitation probability despite the memory safety issue. No public exploit code or active exploitation has been reported.
An out-of-bounds read vulnerability in the UPnP service of TP-Link TL-WR841N v14 routers enables adjacent network attackers to crash the UPnP daemon without authentication, resulting in denial of service. Affected devices include firmware versions prior to EN_0.9.1 4.19 Build 260303 and US_0.9.1.4.19 Build 260312. Vendor patches are available. No public exploit identified at time of analysis, with CVSS:4.0 scoring 7.1 (High) reflecting adjacent network access requirements and high availability impact.
Concurrent access to an internal event queue in EVerest-core (EV charging software stack) enables remote attackers to corrupt critical data structures when CSMS GetLog or UpdateFirmware requests coincide with EVSE fault events, potentially causing information disclosure, data integrity issues, and high availability impact. The vulnerability affects all versions prior to 2026.02.0, for which a vendor patch is available. SSVC analysis indicates no current exploitation, non-automatable attack surface, and partial technical impact. EPSS data not provided; no public exploit identified at time of analysis.
The GREEN HOUSE CO., LTD. Digital Photo Frame GH-WDF10A contains active debug code that allows unauthenticated local attackers to read or write arbitrary files and execute commands with root privileges. This vulnerability affects all versions of the GH-WDF10A model and represents a critical local privilege escalation risk for any user with physical or network access to the device. While the CVSS score of 6.8 reflects medium severity due to the physical access requirement, the ability to achieve root code execution makes this a significant concern for device owners and enterprise deployments.