Remote code execution in Google Chrome prior to version 146.0.7680.178 via a use-after-free vulnerability in the Dawn graphics component allows attackers who have already compromised the renderer process to execute arbitrary code through a crafted HTML page. The vulnerability requires prior renderer compromise but results in full code execution with high severity per Chromium's security classification.
Pharmacy Product Management System 1.0 accepts negative price and total cost values in sales transactions due to insufficient input validation in add-sales.php, enabling attackers to manipulate financial records, corrupt sales reports, and cause financial loss. The vulnerability allows unauthenticated or low-privilege users to submit arbitrary negative values that bypass business logic controls. Publicly available exploit code exists demonstrating this business logic flaw.
Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.
Session fixation vulnerability in CI4MS (CodeIgniter 4 CMS) allows deactivated user accounts to maintain indefinite access through active sessions. Authenticated attackers whose accounts have been administratively disabled retain full high-privilege access (confidentiality, integrity, availability impact) until manual logout, bypassing intended access controls. Affects all versions prior to 0.31.0.0. EPSS data not available; no public exploit identified at time of analysis. CVSS 8.8 (High) reflects significant post-compromise persistence risk in enterprise CMS deployments with role-based access control.
Session persistence in CI4MS (CodeIgniter 4 CMS skeleton) allows deleted user accounts to retain full system access indefinitely through active sessions until manual logout. Affects all versions prior to 0.31.0.0. The authentication bypass enables unauthorized access to protected resources with high confidentiality, integrity, and availability impact across both vulnerable and subsequent systems (CVSS 10.0 Critical). No public exploit identified at time of analysis, though the vulnerability mechanism is straightforward to abuse by maintaining an active session before account deletion.
Remote code execution in Google Chrome prior to version 146.0.7680.178 allows attackers to execute arbitrary code within the Chrome sandbox via a specially crafted PDF file. The vulnerability exists in Chrome's PDF handling component and is caused by a use-after-free memory corruption flaw. Patch availability has been confirmed via vendor release, and the Chromium security team has classified this as High severity.
Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.
Remote code execution in Google Chrome prior to version 146.0.7680.178 exploits object corruption in the V8 JavaScript engine, allowing attackers to execute arbitrary code within the Chrome sandbox via a specially crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries a High Chromium security severity rating.
XML External Entity (XXE) injection in RTI Connext Professional routing and service components allows remote unauthenticated attackers to exfiltrate sensitive data and trigger denial of service conditions. Affects multiple product families (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service) across versions 5.3.0 through 7.6.x. CVSS 8.8 (High) with network vector and no authentication required. EPSS probability remains low (0.04%, 11th percentile) with no confirmed active exploitation per CISA. Vendor patch available via RTI advisory.
Remote code execution in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome on macOS prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code by crafting a malicious HTML page that triggers a heap buffer overflow. This vulnerability affects all Chrome versions below the patched release and poses an immediate risk to macOS users who visit compromised or malicious websites.
Integer overflow in Google Chrome's Codecs component prior to version 146.0.7680.178 enables remote code execution and arbitrary memory read/write operations when a user visits a malicious HTML page. The vulnerability affects all versions before the patch release and requires no user interaction beyond visiting a crafted webpage. Chromium security team classified this as High severity; no public exploit code or active exploitation has been confirmed at the time of analysis.
Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in WebGL allows unauthenticated remote attackers to execute arbitrary code within the browser sandbox by delivering a crafted HTML page. The vulnerability is marked as High severity by Chromium security and a vendor-released patch is available.
Remote code execution in Google Chrome prior to 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code within the Chrome sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the WebCodecs component. The vulnerability affects all versions before the patched release and has been addressed by Google with a vendor-released patch; no public exploit code or active exploitation has been confirmed at the time of analysis.
Remote code execution in Google Chrome on Android via use-after-free vulnerability in Web MIDI allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects Chrome versions prior to 146.0.7680.178 and carries high severity per Chromium's security classification. A vendor-released patch is available.
Out-of-bounds read in WebCodecs component of Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via specially crafted HTML pages. The vulnerability affects all Chrome versions below the patched release and requires only HTML delivery (no authentication); exploitation could disclose sensitive data from the browser process memory, though the Chromium project assessed this as Medium severity.
Time-based blind SQL injection in OpenSTAManager ≤2.10.1 allows authenticated users to extract complete database contents including credentials, financial records, and PII through multiple AJAX select handlers. The vulnerability affects three core modules (preventivi, ordini, contratti) where the `options[stato]` GET parameter is concatenated directly into SQL WHERE clauses without validation. Exploitation requires only low-privilege authentication (CVSS PR:L) and has been confirmed with working
Command injection in PraisonAI's SubprocessSandbox allows authenticated local users to bypass all sandbox modes (BASIC, STRICT, NETWORK_ISOLATED) and execute arbitrary OS commands. The vulnerability stems from shell=True usage combined with inadequate blocklist filtering that omits 'sh' and 'bash' executables, enabling trivial escape via 'sh -c' wrapper. CVSS 8.8 (High) reflects scope change and complete CIA triad compromise. No active exploitation confirmed (not in CISA KEV), but GitHub advisor
Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.
Remote code execution via heap buffer overflow in Google Chrome's GPU component affects all versions prior to 146.0.7680.178, allowing attackers to execute arbitrary code by crafting malicious HTML pages. The vulnerability requires only a remote attacker with no special privileges or user authentication; users need only visit a compromised or attacker-controlled website. No CVSS score was assigned by NVD, though Chromium classified it as High severity. Patch availability confirmed from vendor.
Path traversal and CSRF vulnerability in phpMyFAQ's MediaBrowserController enables remote deletion of critical server files. Authenticated admin accounts can be exploited via CSRF to delete arbitrary files including database configurations, .htaccess files, and application code. GitHub advisory confirms the vulnerability with POC demonstration. Attack requires low-privilege authentication (PR:L) but succeeds with minimal user interaction (UI:R), achieving high integrity and availability impact w
Command injection in KubeAI Ollama model controller allows Kubernetes users with Model CRD write permissions to execute arbitrary shell commands inside model server pods. The vulnerability stems from unsanitized URL components (model ref and query parameters) being interpolated into bash startup probe scripts. With CVSS 8.7 (AV:N/AC:L/PR:H/UI:N/S:C), this represents a significant privilege escalation risk in multi-tenant clusters where Model creation is delegated to non-admin users. No public exploit identified at time of analysis, though detailed proof-of-concept payloads are documented in the GitHub advisory.
Remote code execution in XenForo versions before 2.3.7 allows authenticated users to invoke unauthorized methods through template callbacks and variable method calls. The vulnerability stems from a loose prefix matching mechanism that permits bypassing intended access restrictions, enabling attackers with low-privilege accounts to achieve high-severity impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the technical details have been publicly disclosed by VulnCheck, increasing weaponization risk.
Haraka email server crashes when processing emails with `__proto__` as a header name, enabling remote unauthenticated denial of service. Attackers can send a specially crafted email via SMTP to crash worker processes, disrupting email delivery. In single-process deployments, the entire server becomes unavailable; in cluster mode, all active sessions are terminated. No public exploit identified at time of analysis beyond the published proof-of-concept code, though exploitation requires only basic SMTP access.
Heap memory disclosure in OpenEXR 3.4.0 through 3.4.7 allows remote attackers to extract sensitive information through decoded pixel data when processing malicious EXR image files. The vulnerability requires no authentication (PR:N) or user interaction (UI:N), triggering automatically during file parsing under default configurations. With CVSS 8.7 and high confidentiality impact (VC:H), this represents significant risk for applications processing untrusted EXR files. No public exploit identified at time of analysis, though the low attack complexity (AC:L) suggests straightforward exploitation once attack methods are documented.
OAuth2 scope enforcement vulnerability in XenForo 2.3.x (prior to 2.3.5) allows authenticated client applications to request and obtain unauthorized scopes, escalating access beyond intended authorization levels. This authentication bypass flaw (CWE-863) enables malicious OAuth2 clients to gain elevated privileges to user data and platform functions. CVSS 8.7 (High) reflects the network-accessible attack vector with low complexity, though requires low-level privileges (authenticated OAuth client). No public exploit identified at time of analysis, with EPSS data unavailable for recent CVE.
Stored Cross-Site Scripting (XSS) in Payload CMS versions prior to 3.78.0 allows authenticated users with write permissions to inject malicious scripts into content that execute in other users' browsers when viewed in the admin panel. The vulnerability requires low privilege access (PR:L) and user interaction (UI:R), enabling attackers to compromise admin accounts with high confidentiality and integrity impact due to scope change (S:C). CVSS score of 8.7 reflects the elevated risk from privileged position abuse. No public exploit identified at time of analysis, though the technical details are publicly documented in GitHub Security Advisory GHSA-mmxc-95ch-2j7c.
XenForo forum software versions prior to 2.3.7 disclose server filesystem paths through exception messages triggered by open_basedir PHP restrictions, enabling remote unauthenticated attackers to map internal directory structures. This information disclosure vulnerability (CWE-209) affects XenForo installations and has been addressed in version 2.3.7 with vendor-confirmed security fixes. No public exploit code or active exploitation is identified at time of analysis, though the unauthenticated remote attack vector and low complexity make reconnaissance straightforward for targeted attacks.
SQL injection in Hi.Events open-source event management platform (versions 0.8.0-beta.1 through 1.7.0-beta) allows remote unauthenticated attackers to execute arbitrary SQL queries via unsanitized sort_by parameters passed to Eloquent's orderBy() method. The PostgreSQL backend supports stacked queries, enabling multi-statement injection. While CVSS 8.7 reflects high confidentiality impact and no authentication requirement, no public exploit code or CISA KEV listing exists at time of analysis. Vendor-released patch available in version 1.7.1-beta.
Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privileged authenticated attackers to execute arbitrary code with elevated system privileges via path traversal in the Web UI. The vulnerability requires high-level administrative access (CVSS PR:H) but presents a direct RCE path once authenticated. WatchGuard self-reported this issue with an official advisory available. EPSS and KEV data not provided; no public exploit identified at time of analysis.
Remote code execution in XenForo versions prior to 2.3.9 and 2.2.18 allows authenticated administrators to execute arbitrary code on the server. Attack requires low-privilege admin panel access (PR:L) with network accessibility (AV:N) and low complexity (AC:L). No public exploit identified at time of analysis, though VulnCheck published technical analysis. This represents a supply-chain or insider-threat risk where compromised admin credentials or malicious insiders could achieve complete server compromise.
Sandbox escape in ByteDance Deer-Flow (pre-commit 92c7a20) enables remote attackers to execute arbitrary commands on the host system by exploiting incomplete shell semantics validation in bash tool handling. Attackers bypass regex-based input filters using directory traversal and relative paths to break sandbox isolation, read/modify host files, and invoke subprocesses with shell interpretation. Authentication requirements not confirmed from available data. No public exploit identified at time of analysis, though detailed technical advisory exists.
Arbitrary file deletion in Joomla! CMS com_joomlaupdate component via the autoupdate server mechanism allows remote attackers to delete files on affected servers due to insufficient input validation. The vulnerability affects all versions of Joomla! CMS through the update component and carries moderate-to-high real-world risk because file deletion can compromise system integrity, availability, and potentially enable privilege escalation or secondary attacks when combined with other weaknesses.
Arbitrary attribute injection in ONNX Python library (versions prior to 1.21.0) allows unauthenticated remote attackers to manipulate internal object properties by embedding malicious metadata in ONNX model files, resulting in potential information disclosure, data integrity violations, and high availability impact (CVSS 8.6). The vulnerability stems from unchecked use of Python's setattr() with externally-controlled keys during ExternalDataInfo deserialization. No public exploit code or CISA KEV listing identified at time of analysis, but proof-of-concept development is trivial given the straightforward nature of Python attribute manipulation. EPSS data not provided, but the unauthenticated network-accessible attack vector and low complexity suggest material risk for organizations processing untrusted ONNX models.
Server-Side Request Forgery (SSRF) in praisonaiagents allows unauthenticated remote attackers to access internal network resources and cloud metadata services. The FileTools.download_file() function passes user-controlled URLs directly to httpx.stream() with redirect following enabled, bypassing network boundaries. On AWS EC2 instances with IMDSv1, attackers can retrieve IAM credentials from the metadata service (169.254.169.254) and write them to disk. Exploitation requires no authentication (P
Improper access control in Joomla! CMS webservice endpoints allows unauthorized attackers to bypass authentication and access protected API functionality without valid credentials. Joomla! CMS versions prior to the patched release are affected. The vulnerability stems from inadequate validation of user permissions before processing webservice requests, enabling remote unauthenticated attackers to interact with restricted endpoints that should require administrative or elevated privileges.
SQL injection in Payload CMS versions prior to 3.79.1 allows authenticated attackers to manipulate database queries and exfiltrate or modify collection data. The vulnerability stems from inadequate input validation on request parameters, enabling low-privilege users to craft malicious SQL queries with low attack complexity over the network. No public exploit identified at time of analysis. EPSS risk data not available, but the CVSS score of 8.5 with scope change (S:C) indicates potential for significant impact beyond the vulnerable component.
{{$context.data.fieldName}}) directly into raw SQL statements, enabling attackers to break out of string literals and inject malicious SQL commands. Publicly available exploit code exists demonstrating UNION-based injection to extract database credentials and system information. With default Docker deployments granting superuser database privileges, attackers gain full read/write access to the database including credential extraction, data modification, and table deletion capabilities.
Heap buffer overflow in OpenEXR 3.4.0 through 3.4.6 allows remote code execution when processing maliciously crafted EXR image files with HTJ2K compression and specific channel width configurations. The vulnerability enables controlled heap overwrites of 2-4 bytes per iteration beyond allocated buffer boundaries, exploitable through user interaction with weaponized .exr files. Attack vector is local (AV:L) requiring user action (UI:A) but no privileges (PR:N), with CVSS 8.4 severity. Vendor-released patch available in version 3.4.7. No public exploit identified at time of analysis, though the precise technical details in the security advisory lower exploitation complexity for capable adversaries.
Stack-based buffer overflow in Fuji Electric/Hakko Electronics V-SFT versions through 6.2.10.0 enables arbitrary code execution when processing malicious V7 project files. Local attackers can exploit this via social engineering to deliver weaponized files requiring user interaction to open. CVSS 8.4 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with EPSS data unavailable for this newly-assigned CVE. Japanese vulnerability coordination (JPCERT/JVN) indicates regional industrial control system exposure.
Stack-based buffer overflow in Fuji Electric/HAKKO Electronics V-SFT automation software (versions ≤6.2.10.0) allows arbitrary code execution when opening a maliciously crafted V7 project file. An attacker must convince a user to open a weaponized file, requiring no authentication but user interaction. EPSS data not available; no public exploit identified at time of analysis, though the specific function (CV7BaseMap::WriteV7DataToRom) and vulnerability class (stack overflow) provide sufficient technical detail for skilled attackers to develop exploits.
Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to disclose sensitive information and potentially achieve code execution when processing maliciously crafted V7 files. The vulnerability resides in the VS6ComFile!get_macro_mem_COM function and requires user interaction to open a weaponized file. No public exploit identified at time of analysis, though the local attack vector and file format parsing nature make this a realistic social engineering target for industrial control system environments.
Out-of-bounds read in Fuji Electric V-SFT 6.2.10.0 and earlier allows local attackers to extract sensitive memory contents and potentially achieve code execution by opening a malicious V7 project file. The vulnerability requires user interaction (opening a crafted file) but no authentication, with an EPSS probability requiring assessment. No public exploit identified at time of analysis, though JPCERT coordination suggests industrial targeting potential.
Out-of-bounds read in Fuji Electric V-SFT industrial HMI software (versions ≤6.2.10.0) enables local attackers to disclose sensitive information and potentially achieve code execution when victims open maliciously crafted V7 project files. The vulnerability resides in the VS6ComFile!load_link_inf function during V7 file parsing. CVSS 8.4 reflects high confidentiality and integrity impact with low attack complexity requiring user interaction. No public exploit identified at time of analysis, though JPCERT coordination suggests targeted industrial sector awareness.
Out-of-bounds heap write in OpenEXR 3.4.0-3.4.7 allows local attackers to crash applications or corrupt memory when processing malicious B44/B44A compressed EXR files. Attack requires user interaction to open a crafted image file. Patched in version 3.4.8. CVSS 8.4 (High) reflects local attack vector with no privileges required but mandatory user action. No confirmed active exploitation or public POC identified at time of analysis, though proof-of-concept development is feasible given the detailed GitHub advisory and commit.
Tinybeans Private Family Album App v5.9.5-prod contains an arbitrary file overwrite vulnerability in its file import process that enables remote attackers to overwrite critical internal files, resulting in arbitrary code execution or information disclosure. No CVSS score, EPSS data, or KEV status is available for this vulnerability, and no public exploit code has been independently confirmed at the time of analysis.
Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 contains an arbitrary file overwrite vulnerability in its file import process that permits attackers to overwrite critical internal files, resulting in remote code execution or information disclosure. The vulnerability affects a mobile application distributed via Google Play Store. No CVSS score, active exploitation status, or patch information is currently available from vendor sources.
Arbitrary file overwrite in Docudepot PDF Reader v1.0.34 enables attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information exposure. The vulnerability affects the mobile PDF viewer application across Android platforms. No public exploit code or active exploitation has been confirmed at time of analysis, though the severity of potential impact (RCE) warrants immediate investigation and patching.
Arbitrary file overwrite in Ora Tools PDF Reader & Editor APP v4.3.5 enables attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information exposure. The vulnerability affects the Android application and has been publicly disclosed; however, CVSS scoring, CISA KEV status, and vendor patch availability have not been independently confirmed at time of analysis.
Path traversal in SillyTavern's chat API allows authenticated attackers to read and delete sensitive configuration files (secrets.json, settings.json) outside the intended chats directory by exploiting insufficient input validation on the avatar_url parameter. The vulnerability (CVSS 8.3) permits traversal using '..' segments due to a regex validator that only blocks '/' and NUL bytes. Publicly available exploit code exists with working proof-of-concept commands provided in the GitHub advisory. EPSS data not available, but the straightforward exploitation path (AV:N/AC:L/PR:L) and availability of working POC code present significant risk for multi-user or internet-facing SillyTavern deployments. Vendor-released patch available in version 1.17.0.
Authentication bypass in CronMaster versions prior to 2.2.0 allows adjacent network attackers to gain unauthorized administrative access without credentials. When session validation requests fail, the middleware incorrectly treats invalid session cookies as authenticated, enabling execution of privileged Next.js Server Actions and access to protected administrative pages. EPSS data not available for this recent CVE; no public exploit identified at time of analysis, though exploitation complexity is low once network access is achieved.