A race condition was addressed with additional validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Denial of Service in Red Hat Build of Keycloak allows unauthenticated remote attackers to exhaust server resources by submitting specially crafted POST requests with excessively long scope parameters to the OpenID Connect token endpoint. No public exploit identified at time of analysis, but CVSS 7.5 (High) with network attack vector and low complexity indicates straightforward exploitation. Authentication requirements: unauthenticated (CVSS PR:N). The vulnerability stems from improper resource management (CWE-1050), enabling attackers to cause prolonged processing times and service disruption without any authentication or user interaction.
W3 Total Cache plugin for WordPress exposes security tokens to unauthenticated remote attackers through User-Agent header manipulation. Versions up to 2.9.3 bypass output buffering when requests contain 'W3 Total Cache' in the User-Agent, leaking W3TC_DYNAMIC_SECURITY tokens embedded in dynamic fragment HTML comments. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicating trivial exploitation requiring no authentication, attackers can extract these tokens from any page using fragment caching, enabling potential security bypass or escalation attacks. Patch available in version 2.9.4+ per upstream changeset.
Blind SQL injection in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows unauthenticated remote attackers to extract sensitive database contents via the mb24api endpoint. The vulnerability enables complete confidentiality breach through crafted SQL SELECT commands with CVSS 7.5 (High). EPSS data not available; no public exploit identified at time of analysis. Vendor advisory published by CERT@VDE with remediation guidance.
SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to extract sensitive data through the getinfo endpoint. The vulnerability permits direct database queries without authentication, enabling complete confidentiality breach of stored information. EPSS and KEV data not provided; exploitation status unknown beyond technical disclosure by CERT@VDE.
NULL pointer dereference in Suricata 8.0.0 through 8.0.3 causes denial of service when processing malformed TLS traffic with the 'tls.alpn' rule keyword. Remote unauthenticated attackers can crash the IDS/IPS engine by sending specially crafted network packets, completely disabling network security monitoring. EPSS data not available, but the low attack complexity (AC:L) and network vector (AV:N) combined with high availability impact (A:H) indicate significant operational risk for organizations relying on Suricata for traffic inspection. No evidence of active exploitation (no CISA KEV listing) or public exploit code identified at time of analysis.
Unbounded disk consumption in Rack's multipart parser allows remote denial of service when HTTP requests lack Content-Length headers. Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 fail to enforce size limits on multipart/form-data uploads sent via chunked transfer encoding, enabling unauthenticated attackers to exhaust disk space by streaming arbitrarily large file uploads. CVSS 7.5 (High) reflects the network-accessible, low-complexity attack requiring no privileges. No public exploit identified at time of analysis, though the attack technique is well-understood.
Denial of service via algorithmic complexity in Rack multipart parser allows unauthenticated remote attackers to exhaust CPU resources by sending specially crafted multipart/form-data requests with backslash-heavy escaped parameter values. Affects Rack 3.0.0.beta1-3.1.20 and 3.2.0-3.2.5, a critical Ruby web server interface used across Rails and Sinatra applications. CVSS 7.5 (High) with network-accessible attack vector and low complexity. Vendor-released patches available in versions 3.1.21 and 3.2.6. No public exploit identified at time of analysis, though EPSS data not provided to assess probability of exploitation.
Denial of service in Apache Traffic Server 9.0.0-9.2.12 and 10.0.0-10.1.1 caused by improper handling of POST requests that triggers a server crash under specific conditions. The vulnerability affects all instances of the affected versions and requires no authentication or special privileges to exploit. Vendor-released patches are available in versions 9.2.13 and 10.1.2.
Network denial-of-service in Suricata prior to 7.0.15 allows remote unauthenticated attackers to degrade intrusion detection performance via inefficient DCERPC buffering. The flaw enables attackers to bypass or impair network security monitoring by exhausting system resources through malformed DCERPC traffic, effectively blinding detection capabilities. No public exploit identified at time of analysis, though EPSS score and exploitation likelihood were not provided in available data.
Memory exhaustion in Suricata network IDS/IPS via HTTP/2 CONTINUATION frame flooding allows remote unauthenticated attackers to trigger denial of service, typically forcing operating system termination of the Suricata process. Affects all versions prior to 7.0.15 and 8.0.4. EPSS data not available, but CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no privileges. No public exploit identified at time of analysis, though the attack technique (HTTP/2 frame flooding) is well-documented in protocol security research.
Denial of service in Suricata 8.0.0 through 8.0.3 allows unauthenticated remote attackers to degrade performance via specially crafted SMTP traffic containing MIME-encoded messages with URLs. The quadratic complexity vulnerability (CWE-407) triggers excessive processing when the IDS/IPS engine searches for URLs in malformed messages. EPSS data not provided, but exploitation probability appears low given no public exploit identified at time of analysis and the requirement for sustained malicious SMTP traffic to achieve impact.
Network-accessible resource exhaustion in Suricata IDS allows remote attackers to degrade detection performance via specially crafted traffic. Affects versions prior to 7.0.15 and 8.0.4 (CVSS 7.5 HIGH). Attack requires no authentication (PR:N) and low complexity (AC:L), enabling trivial performance degradation that could blind security monitoring. EPSS data not available, but no public exploit identified at time of analysis. Vendor patches released for both affected branches (7.0.15, 8.0.4).
Performance degradation in Suricata IDS/IPS engine allows remote unauthenticated attackers to cause denial of service through inefficient Kerberos 5 buffering. Affects versions prior to 7.0.15 and 8.0.4. CVSS 7.5 with high availability impact. No public exploit identified at time of analysis, EPSS data not provided. Vendor-released patches available in versions 7.0.15 and 8.0.4.
Information disclosure in Rack web server interface (versions <2.2.23, <3.1.21, <3.2.6) allows unauthenticated remote attackers to access sensitive files due to flawed prefix matching in Rack::Static. The vulnerability enables access to unintended files sharing configured URL prefixes (e.g., '/css' matching '/css-backup.sql'), exposing configuration files, database backups, or environment variables. CVSS 7.5 (High) with network vector and no complexity. No public exploit identified at time of analysis.
Apache Traffic Server versions 9.0.0-9.2.12 and 10.0.0-10.1.1 are vulnerable to HTTP request smuggling through malformed chunked transfer encoding, allowing attackers to bypass security controls and smuggle malicious requests. The vulnerability stems from improper parsing of chunked messages (CWE-444: Inconsistent Interpretation of HTTP Requests) and affects all deployments using these versions as reverse proxies or intermediaries. Apache has released patched versions 9.2.13 and 10.1.2; no public exploit code or active exploitation has been reported at the time of analysis.
Out-of-bounds read in Mbed TLS 3.x before 3.6.6 allows attackers to leak adjacent CCM context data through the multipart CCM API by passing an oversized tag_len parameter to mbedtls_ccm_finish(), which lacks validation against the internal 16-byte authentication buffer. Mbed TLS 4.x contains the same vulnerability in internal code but does not expose the vulnerable function publicly; exploitation requires direct application-level invocation of the affected API. No public exploit code or active exploitation has been reported, but the attack requires no special privileges.
TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.
Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.
Authorization code forgery in Red Hat Keycloak enables unauthenticated attackers to escalate privileges to admin-level access tokens. The SingleUseObjectProvider's lack of type and namespace isolation permits attackers to forge valid authorization codes remotely, though exploitation requires high complexity (AC:H). No public exploit identified at time of analysis, with CVSS 7.4 indicating high confidentiality and integrity impact but no availability disruption.
Open redirect in Red Hat Build of Keycloak allows authenticated attackers with control over another path on the same web server to bypass wildcard-based redirect URI validation and steal OAuth access tokens. Attack requires low complexity and user interaction (CVSS 7.3). EPSS and KEV status not available; no public exploit identified at time of analysis. This CWE-601 flaw enables token theft through maliciously crafted redirect flows, posing significant risk to SSO deployments where Keycloak shares a web server with attacker-controllable content.
Remote code execution in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows high-privileged authenticated attackers to achieve full system compromise through command injection in the generateSrpArray function. Exploitation requires the attacker to first write arbitrary data to the user table via another vulnerability, establishing a chained attack scenario. No public exploit identified at time of analysis, though the low attack complexity (AC:L) indicates straightforward exploitation once database write access is obtained.
Server-Side Request Forgery (SSRF) in WordPress Webmention plugin versions ≤5.6.2 allows unauthenticated remote attackers to force the web server to make arbitrary HTTP requests to internal or external systems. The vulnerability exists in the MF2::parse_authorpage function called through Receiver::post, enabling attackers to probe internal network services, exfiltrate data from cloud metadata endpoints, or modify internal resources. EPSS data not provided; no CISA KEV status indicating confirmed active exploitation at time of analysis. Public exploit code exists (proof-of-concept references available via Wordfence and WordPress plugin repository).
Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through the /cgi-bin/backup.cgi remove ARCHIVE parameter. Attackers with low-privileged network access can leverage unsanitized path construction passed to unlink() to achieve high-integrity impact by removing critical system files. EPSS data not available; no public exploit identified at time of analysis, though the technical details disclosed by VulnCheck increase weaponization risk for authenticated threat actors.
A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
Denial-of-service vulnerability in TP-Link Tapo C520WS v2.6 camera allows adjacent network attackers to trigger buffer overflow through crafted HTTP requests with excessively long paths that bypass initial length validation during path normalization, resulting in memory corruption and device reboot without requiring authentication. Vendor has released a patch; no public exploit code identified at time of analysis.
Arbitrary code execution in AWS Kiro IDE versions prior to 0.8.140 occurs when a local user opens a maliciously crafted workspace containing an unsanitized color theme name, exploiting improper neutralization of input during webview generation. The attack requires user interaction (trusting the workspace when prompted) and can deliver full system compromise with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, though SSVC framework rates technical impact as total with manual (non-automatable) exploitation potential.
Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows local network attackers to cause denial of service by sending crafted payloads during asynchronous video stream processing, triggering memory corruption and process crashes. The vulnerability stems from insufficient buffer boundary validation in streaming input handling. A vendor patch is available.
Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows unauthenticated network attackers to trigger denial-of-service by sending crafted HTTP payloads that bypass boundary validation during segmented request body parsing. The vulnerability exploits insufficient write-boundary verification in the HTTP parsing loop, causing heap memory corruption that crashes or hangs the device process. Patch is available from the vendor.
Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers on the same network segment to trigger denial-of-service by sending crafted HTTP POST payloads that exceed allocated buffer boundaries. The vulnerability stems from missing validation in HTTP body parsing logic, causing process crashes or unresponsiveness. No CVSS score or vector data is available, limiting precise severity quantification, but the practical attack vector is network-adjacent and does not require authentication.
Stack-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers to trigger denial-of-service by sending oversized configuration parameters to a vulnerable configuration handling component. Successful exploitation causes device crash or reboot, impacting camera availability. Vendor has released a patch.