SQL injection in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to manipulate the userid parameter in /delstaffinfo.php, enabling arbitrary SQL query execution with limited data confidentiality and integrity impact. Public exploit code is available, increasing real-world risk despite the moderate CVSS score of 6.9.
SQL injection in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to manipulate the firstName parameter in /modify.php, enabling arbitrary database queries and potential data exfiltration or modification. The vulnerability affects the Parameter Handler component through CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component). Publicly available exploit code exists, and the CVSS 6.9 score reflects moderate impact with low attack complexity and no authentication requirement.
SQL injection in itsourcecode Payroll Management System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via manipulation of the ID parameter in /view_employee.php. The vulnerability has a CVSS score of 6.9 and publicly available exploit code exists, enabling potential data extraction, modification, or authentication bypass without requiring user interaction.
Stored cross-site scripting in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated high-privilege users to inject arbitrary JavaScript into the Web UI, potentially enabling credential theft or session hijacking within trusted browser sessions. CVSS 5.5 reflects the requirement for elevated privileges but global scope impact; no public exploit or active exploitation confirmed.
AppArmor differential encoding verification in the Linux kernel contains logic errors that permit infinite loops to be created through abuse of the verification chain mechanism. Two distinct bugs in the verification routine-conflation of checked states with currently-checked states, and incorrect loop iterator comparison-allow malformed differential encoding chains to bypass security checks. This enables potential information disclosure or policy circumvention on systems relying on AppArmor mandatory access control. The vulnerability affects Linux kernel versions prior to fixes applied across multiple stable branches via kernel commits.
Linux kernel AppArmor policy namespace implementation allows arbitrary nesting and creation of policy namespaces without enforcing depth limits, enabling local attackers to exhaust system resources through unbounded namespace proliferation. The vulnerability affects AppArmor in the Linux kernel across multiple stable branches. This is a denial-of-service vulnerability requiring local access, with fixes available across stable kernel versions.
Stack exhaustion in AppArmor profile removal allows local denial of service by crafting deeply nested profiles that trigger recursive kernel stack consumption. The Linux kernel's AppArmor security module can be crashed by a local user with permission to load profiles via the apparmor_parser tool and trigger removal through sysfs, causing kernel stack overflow. The fix replaces recursive profile removal with an iterative approach to prevent stack exhaustion.
Memory leak in Linux kernel AppArmor module verify_header function causes namespace string allocation leaks during multiple profile unpacking and breaks namespace consistency checking. The vulnerable code incorrectly resets the namespace pointer to NULL on every function call, discarding previously allocated namespace strings and preventing proper namespace comparison across profile iterations. This affects Linux kernel versions with the vulnerable AppArmor implementation prior to upstream fixes applied across stable branches.
Linux kernel KVM x86/mmu module improperly validates shadow page table entries (SPTEs) in indirect MMUs, allowing host userspace writes to bypass KVM's write-tracking detection and corrupt shadow paging state. The vulnerability affects KVM implementations on x86 systems with nested or indirect MMU configurations where writes originating outside KVM's scope (e.g., from host userspace via memory access) are not detected, potentially leading to memory corruption or VM escape. No CVSS score, EPSS data, or KEV status is available; this appears to be an internal kernel consistency issue addressed via upstream patch rather than a directly exploitable security boundary.
Linux kernel KVM x86/MMU incorrectly installs emulated MMIO shadow page table entries (SPTEs) without first zapping existing shadow-present SPTEs when host userspace modifies guest page tables outside KVM's scope, causing kernel warnings and potential memory consistency issues. The vulnerability affects KVM on x86 systems running vulnerable kernel versions and can be triggered by a local attacker with ability to manipulate guest memory or run guest VMs, though the practical impact beyond kernel instability remains limited.
Use-after-free in Foxit PDF Editor and Foxit PDF Reader allows local attackers to achieve arbitrary code execution by crafting malicious JavaScript that manipulates document zoom and page state, causing stale view cache pointers to be dereferenced after the underlying view object is destroyed. The vulnerability requires user interaction (opening a crafted PDF) and local access, with a CVSS score of 5.5 reflecting denial-of-service impact, though the underlying memory corruption (CWE-416) and RCE tags indicate higher real-world severity under exploitation.
Denial of service in Foxit PDF Editor and Foxit PDF Reader allows local attackers to crash the application by opening a crafted PDF containing a stamp annotation with missing appearance (AP) data. The vulnerability stems from insufficient validation before dereferencing annotation objects, triggering a null pointer exception. No public exploit code has been identified, and patch availability has not been confirmed from available advisory data.
ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files outside the model directory through symlink traversal during external data loading, requiring user interaction to load a malicious model file. The vulnerability has a CVSS score of 5.5 (medium severity) and is classified as information disclosure with confirmed patch availability in version 1.21.0.
Copier's `_external_data` feature allows malicious templates to read arbitrary files outside the destination directory via path traversal (e.g., `../secret.yml`) or absolute paths (e.g., `/tmp/secret.yml`), exposing YAML-parsed contents in rendered output without requiring the `--UNSAFE` flag. This affects all versions of the Copier package and poses a risk when running untrusted templates, as attackers can disclose sensitive files accessible to the user running Copier.
Improper session code validation in Devolutions Server 2026.1.11 and earlier allows authenticated users to escalate privileges and impersonate other users, including administrators, by reusing session codes from external OAuth authentication flows. This authentication bypass affects all versions up to and including 2026.1.11 and requires an attacker to have valid credentials to exploit the vulnerability. No public exploit code or active exploitation has been confirmed at the time of analysis.
Stored XSS via HTML entity-encoded javascript: URLs in SVG files in phpMyFAQ enables privilege escalation from editor to admin. The regex-based sanitizer in SvgSanitizer.php fails to detect entity-encoded payloads like javascript: (javascript:), allowing any user with edit_faq permission to upload malicious SVGs that execute arbitrary JavaScript in admin browsers. Publicly available proof-of-concept demonstrates both basic XSS and complete admin account creation, with confirmed working exploitation in Chrome 146 and Edge.
Stored cross-site scripting (XSS) in Notesnook mobile versions prior to 3.3.17 allows remote attackers to execute arbitrary JavaScript in the share editor WebView by injecting malicious HTML through unescaped clip metadata (title, subject, or link-preview data). When a victim opens the Notesnook share flow and selects Web clip, the attacker's payload executes with access to local context and user data. No public exploit code or active exploitation has been confirmed, though the vulnerability requires user interaction to trigger.
Stored cross-site scripting (XSS) vulnerabilities in DDSN Interactive Acora CMS v10.7.1 allow unauthenticated attackers to inject malicious scripts via the submit_add_user.asp endpoint's First Name and Last Name parameters, enabling arbitrary JavaScript execution in the context of victim browsers. Public proof-of-concept code is available on GitHub; no patch information or CVSS/EPSS quantification is currently available.
HTTP header injection in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated attackers to conduct cross-site scripting, cache poisoning, and session hijacking attacks via improper validation of HOST headers. The vulnerability requires authenticated access and carries a CVSS score of 5.4 with moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed.
Payload CMS versions prior to 3.79.1 contain a cross-site request forgery (CSRF) vulnerability in the authentication flow that allows attackers to bypass configured CSRF protections and perform unauthorized actions on behalf of authenticated users. The vulnerability requires user interaction (clicking a malicious link) but affects all unauthenticated network-accessible instances. No public exploit code or active exploitation has been identified at the time of analysis.
IBM Verify Identity Access Container and IBM Security Verify Access versions 10.0-10.0.9.1 and 11.0-11.0.2 return JSON payloads with incorrect Content-Type headers (text/html instead of application/json) when listing certificates via browser sessions, enabling stored or reflected cross-site scripting attacks when browsers interpret the JSON data as executable script. Authenticated users with UI interaction can trigger JavaScript injection affecting confidentiality and integrity of user sessions.
Unauthenticated path traversal in SillyTavern static file route handlers allows remote attackers to enumerate filesystem structure by distinguishing 404 (file does not exist) from 403 (file exists but blocked) responses when submitting percent-encoded directory traversal sequences. The vulnerability affects versions prior to 1.17.0 and impacts multiple static file endpoints (/characters/*, /user/files/*, /assets/*, /user/images/*, /backgrounds/*, /User%20Avatars/*), disclosing whether arbitrary files exist on the server filesystem without authentication. File contents are not exposed due to the send module's root directory enforcement, limiting impact to information disclosure, but the fix is available and should be applied immediately.
Insufficient permission validation in Checkmk REST API Quick Setup endpoints allows low-privileged authenticated users to perform unauthorized administrative actions or access sensitive information in versions 2.5.0 beta before 2.5.0b2 and 2.4.0 before 2.4.0p25. The vulnerability stems from missing authorization checks that fail to enforce role-based access control on multiple API endpoints, enabling privilege escalation within the monitoring platform.
IBM Verify Identity Access and Security Verify Access versions 10.0 through 10.0.9.1 and 11.0 through 11.0.2 allow unauthenticated remote attackers to access sensitive information through HTTP request smuggling via inconsistent interpretation of HTTP requests by a reverse proxy. The vulnerability affects both container and non-container deployments and has a CVSS score of 5.3 with confirmed vendor patch availability.
Remote attackers can access sensitive information in IBM Verify Identity Access Container 11.0-11.0.2, IBM Security Verify Access Container 10.0-10.0.9.1, and their non-containerized counterparts through HTTP request smuggling. The vulnerability exploits inconsistent HTTP request interpretation between the application and its reverse proxy, allowing unauthenticated remote access to restricted data with low attack complexity.
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
HTTP response splitting in ewe's encode_headers function allows remote attackers to inject arbitrary HTTP response headers and content by embedding CRLF sequences in user-controlled response header values, enabling cache poisoning and cross-site scripting attacks. The vulnerability affects ewe versions that do not validate outgoing response header keys and values, despite implementing equivalent validation for incoming request headers. A proof-of-concept demonstrates injection of custom headers through a redirect URL parameter passed directly to the Location header without sanitization.
Export All URLs WordPress plugin before version 5.1 exposes private post URLs and sensitive data through predictably named CSV export files stored in the publicly accessible wp-content/uploads/ directory, allowing unauthenticated attackers to enumerate and retrieve these files via brute-force attacks against a simple 6-digit filename pattern.
Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.
Stored cross-site scripting (XSS) in XenForo before 2.3.10 and 2.2.19 allows authenticated attackers to inject malicious scripts through crafted structured text mentions in profile posts, which are executed when other users view the affected content. The vulnerability has a CVSS score of 5.1 with low attack complexity and requires user interaction (viewing the malicious post), making it a moderate-risk concern for XenForo communities. Publicly available exploit code has been identified, and vendor patches have been released.
Cross-site scripting (XSS) in XenForo lightbox functionality allows unauthenticated remote attackers to inject malicious scripts that execute in the context of other users' browsers when interacting with post content displayed via lightbox. Versions before 2.3.9 and 2.2.18 are affected. The vulnerability requires user interaction (clicking or hovering on lightbox elements) and has limited scope, affecting only session integrity and information disclosure rather than system availability or confidentiality of sensitive data.
Stored cross-site scripting in XenForo before version 2.3.9 allows authenticated users to inject malicious scripts through BB code that persist in the application and execute when other users view the affected content. The vulnerability requires user interaction (viewing the malicious post) and authenticated access to create content, limiting its scope but enabling account compromise and session hijacking of affected users.
Compiler-induced timing side channel in Mbed TLS through 4.0.0 and TF-PSA-Crypto through 1.0.0 allows information disclosure of RSA private keys and CBC/ECB-decrypted plaintext when LLVM's select-optimize feature is enabled during compilation. The vulnerability arises from compiler optimization that violates constant-time implementation guarantees, potentially exposing cryptographic material to timing analysis attacks despite developers' explicit use of constant-time code patterns.
Improper access control in Devolutions Server 2026.1.6 through 2026.1.11 allows authenticated users to bypass administrator-enforced MFA restrictions and remove their own multi-factor authentication via a crafted request. This authentication bypass undermines security policies designed to enforce MFA compliance, enabling threat actors with valid credentials to disable a critical security control and potentially maintain persistent access without secondary authentication verification. No public exploit code or active exploitation has been confirmed at time of analysis.
Improper access control in Devolutions Server 2026.1.6 through 2026.1.11 allows authenticated attackers to delete their own MFA factors via crafted API requests, reducing account protection to password-only authentication. This vulnerability enables account security degradation without proper authorization checks, potentially compromising accounts that rely on multi-factor authentication as a secondary defense.
Server-side request forgery in SillyTavern's search endpoint allows authenticated users to bypass hostname validation and force the server to fetch from internal hosts on default ports (80/443) using alternative hostname representations. The vulnerability exists in v1.16.0 and earlier because the IPv4 validation regex only matches literal dotted-quad notation (e.g., 127.0.0.1), failing to block localhost, IPv6 loopback ([::1]), or DNS names resolving to internal addresses. The port restriction limits severity compared to fully unrestricted SSRF, but the full response body is returned to the attacker, enabling information disclosure. Patch available in v1.17.0.
Cisco Nexus Dashboard Insights metadata update feature allows authenticated administrators to write arbitrary files to the system with root privileges through path traversal in insufficiently validated metadata files. An attacker with valid administrative credentials can craft and manually upload a malicious metadata file to achieve arbitrary file write access to the underlying operating system. This vulnerability affects Cisco Nexus Dashboard and Nexus Dashboard Insights deployments, particularly those using manual metadata uploads in air-gap environments. CVSS score of 4.9 reflects the requirement for high-privilege authentication, though the integrity impact is rated as high given the ability to write files as root.
Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code executed in users' browsers via insufficient input validation. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (Standalone), and Cisco UCS E-Series Software. Requires administrative privileges and user interaction (clicking a crafted link), resulting in session hijacking, credential theft, or unauthorized access to sensitive browser-based information. No public exploit code identified at time of analysis.
Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject persistent malicious scripts that execute in other users' browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series. No public exploit code or active exploitation confirmed; patch availability not independently verified from provided data.
Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code via insufficient input validation. Attackers with admin privileges can craft malicious links that execute JavaScript in the browsers of other users accessing the interface, potentially compromising session security, stealing credentials, or accessing sensitive information. No public exploit code or active exploitation has been confirmed; the vulnerability requires administrator privileges and user interaction to trigger.
Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject malicious script code that executes in the browsers of other users accessing the interface. An attacker with administrative credentials can exploit insufficient input validation by crafting a malicious link and tricking a user into clicking it, enabling arbitrary script execution or theft of sensitive browser-based information. No public exploit code or active exploitation has been identified at time of analysis.
HTML injection in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated remote attackers with high privileges to inject malicious HTML that executes in victim browsers within the hosting site's security context, requiring user interaction to view the injected content. CVSS 4.8 indicates low overall severity; patch is available from IBM.
Path traversal vulnerability in Dell Secure Connect Gateway (SCG) versions 5.28.00.xx through 5.32.00.xx allows high-privileged attackers on the management network to bypass directory restrictions and achieve remote code execution. With a CVSS score of 4.7 and requiring high privilege level access, this vulnerability poses moderate risk to organizations running vulnerable SCG versions but is limited by the need for administrative-level attacker access within the management network. No public exploit code or active exploitation has been confirmed at time of analysis.
Stored cross-site scripting (XSS) in CI4MS prior to version 0.31.0.0 allows authenticated high-privilege administrators to inject malicious scripts via unencoded System Settings - Company Information fields, which are later rendered to other users without proper output encoding. The vulnerability requires administrative privileges to exploit but poses a real risk in multi-user deployments where admin accounts may be compromised or where trust boundaries exist between administrative roles.
Stored cross-site scripting (XSS) in CI4MS prior to version 0.31.0.0 allows authenticated high-privilege administrators to inject malicious scripts through unvalidated System Settings - Social Media Management configuration fields. The vulnerability stores attacker-controlled input server-side and renders it without proper output encoding, enabling script execution in the context of the application. This is a stored XSS vulnerability with limited real-world impact due to high-privilege prerequisite (PR:H), though it undermines the integrity and confidentiality of the CMS for downstream users viewing the affected settings.
Sage DPW 2025_06_004 and earlier versions enable username enumeration through differential login responses, allowing remote attackers to discover valid user accounts without authentication. The vulnerability affects all versions before 2021_06_000, though on-premise administrators in newer versions can disable this behavior through configuration options.
ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files by exploiting a hardlink-based path traversal vulnerability in onnx.load(). The vulnerability bypasses existing symlink protections because hardlinks appear as regular files to filesystem checks. An attacker with local file system access can craft a malicious ONNX model file using hardlinks to access sensitive data outside the intended directory, requiring user interaction to load the crafted model. No public exploit code has been identified; EPSS score of 4.7 indicates low exploitation probability despite moderate CVSS impact.
Foxit PDF Editor allows PDF JavaScript and document actions (WillPrint/DidPrint) to modify form fields, annotations, and optional content groups immediately before or after redaction, encryption, or printing, potentially causing sensitive content to remain visible or unencrypted despite user expectations. The vulnerability affects all versions of Foxit PDF Editor and requires local access with user interaction (opening a malicious PDF). CVSS score is 4.7 with high confidentiality impact; no public exploit code or active exploitation (CISA KEV) has been identified at the time of analysis.
Path traversal in Copier's _subdirectory setting allows template escape without --UNSAFE flag. A malicious or compromised template can use parent-directory traversal sequences (e.g., `_subdirectory: ..`) to render files from outside the intended template directory, enabling unauthorized file access during template instantiation. CVSS 4.4 (low-to-moderate severity); no public exploit code or active exploitation confirmed at time of analysis.
Path traversal vulnerability in Dell PowerStore Service user allows low-privileged local attackers to modify arbitrary system files through improper input validation. The vulnerability affects multiple PowerStore models (500T through 9200T) and requires local access with low-privilege credentials; CVSS 4.4 reflects the local attack vector and limited integrity impact, though the ability to modify system files poses moderate operational risk for storage appliance integrity.