Remote code execution in MATCHA INVOICE 2.6.6 and earlier allows authenticated administrators to upload arbitrary files with dangerous types, enabling arbitrary code execution on the affected server. The vulnerability affects ICZ Corporation's MATCHA INVOICE product across all versions up to and including 2.6.6. While CVSS 4.7 reflects the requirement for administrative authentication, the RCE impact and file upload mechanism present a significant post-authentication risk in environments where administrative accounts may be compromised or insider threats exist. No public exploit code or CISA KEV confirmation identified at time of analysis.
Stored cross-site scripting (XSS) in MATCHA SNS 1.3.9 and earlier allows authenticated users to inject arbitrary scripts that execute in the browsers of other users accessing affected pages, potentially leading to session hijacking, credential theft, or malware distribution. CVSS 5.4 reflects the requirement for user interaction and authenticated access; no public exploit code or active exploitation has been identified at the time of analysis.
Hayabusa versions before 3.8.0 contain a stored cross-site scripting (XSS) vulnerability in HTML report generation that allows authenticated attackers to inject arbitrary JavaScript into the Computer field of JSON-exported logs, which executes in a forensic examiner's browser when viewing the generated HTML report. The vulnerability requires user interaction (report viewing) and results in information disclosure or session compromise, affecting forensic analysis workflows that process untrusted or adversary-controlled log data.
Vim 9.2.0315 and earlier contains a command injection vulnerability in the netbeans interface that allows a malicious netbeans server to execute arbitrary Ex commands via unsanitized strings in defineAnnoType and specialKeys protocol messages. An authenticated local attacker with user-level privileges and ability to interact with a netbeans connection can achieve code execution with the privileges of the Vim process. The vulnerability is fixed in Vim 9.2.0316.
Remnawave Backend prior to version 2.7.5 allows authenticated users to bypass HWID device registration limits through a race condition in the device registration logic, enabling subscription resale and excessive traffic consumption. The vulnerability requires valid authentication credentials but affects the integrity of subscription management controls across the system. A vendor-released patch is available in version 2.7.5.
Authentication bypass in LobeHub webapi allows unauthenticated attackers to forge X-lobe-chat-auth headers using a publicly disclosed XOR key, gaining unauthorized access to protected routes including chat, model listing, and image generation endpoints. The vulnerability affects LobeHub versions up to 2.1.47 and has a confirmed proof-of-concept; however, the CVSS vector indicates PR:L (low privilege required), suggesting the advertised attack may require some initial authentication. Vendor-released patch version 2.1.48 is available.
WPSchoolPress plugin through version 2.2.35 allows authenticated high-privilege users to bypass authorization controls and access sensitive information they should not be able to view due to incorrectly configured access control security levels. The CVSS score of 4.9 reflects the confidentiality impact limited to authenticated high-privilege attackers with no integrity or availability risk, though the EPSS score of 0.02% suggests exploitation in real-world scenarios remains minimal at time of analysis. No public exploit code or active exploitation has been identified.
Server-Side Request Forgery (SSRF) in Nelio Content WordPress plugin through version 4.3.1 allows authenticated attackers to make arbitrary HTTP requests from the vulnerable server, potentially accessing internal services and exfiltrating sensitive data. The vulnerability requires authenticated access (PR:L) and high attack complexity (AC:H), limiting real-world risk despite affecting all versions up to 4.3.1. No public exploit code or active exploitation has been confirmed; EPSS score of 0.02% (4th percentile) indicates very low exploitation probability.
Cookie prefix protections can be bypassed in Hono's parse() function due to overly aggressive character trimming that diverges from RFC 6265bis browser behavior. An attacker who can set cookies (via MITM, injection, or other means) can use non-breaking space (U+00A0) prefixed cookie names to shadow legitimate cookies, potentially overriding security-sensitive cookies including those protected by __Secure- and __Host- prefixes. Patch available in Hono v4.12.12.
Out-of-bounds read in The Sleuth Kit through 4.14.0 allows local attackers with user interaction to disclose sensitive information via a crafted ISO9660 image, exploiting the parse_susp() function's failure to validate field lengths before copying SUSP extension data into stack buffers. The vulnerability can also trigger infinite parsing loops with malformed zero-length SUSP entries. Patch available from upstream repository.
Out-of-bounds read in Sleuth Kit through version 4.14.0 allows local attackers to disclose heap memory or crash the application via a malicious APFS disk image with crafted length fields in the keybag parser. The vulnerability requires user interaction to process the malicious image but affects all Sleuth Kit tools that parse APFS volumes, with a public fix available on GitHub.
Stored cross-site scripting (XSS) in CI4MS prior to 0.31.4.0 allows authenticated administrators with blacklist privileges to inject arbitrary JavaScript through unsanitized note parameters, which executes in the browsers of other administrators viewing the user management page. The vulnerability requires high-privilege authenticated access and user interaction (admin viewing the affected page), limiting real-world impact despite the network-accessible attack vector.
Open redirect vulnerability in Hide My WP Ghost WordPress plugin versions below 7.0.00 allows unauthenticated remote attackers to redirect users to arbitrary external websites, enabling phishing attacks. The vulnerability requires user interaction (clicking a malicious link) and affects the plugin's URL handling. With an EPSS score of 0.02% and no confirmed active exploitation, this represents a low real-world exploitation risk despite the moderate CVSS score of 4.7.
Kamailio versions prior to 6.0.5 and 5.8.7 contain an out-of-bounds read in the auth module that allows remote attackers with high privileges to trigger a denial of service via a specially crafted SIP packet when successful user authentication without a database backend is followed by additional identity checks. The vulnerability requires high privilege level and high attack complexity but can reliably crash the Kamailio process, impacting SIP service availability.
Stored cross-site scripting in the Inquiry Form to Posts or Pages WordPress plugin up to version 1.0 allows authenticated administrators to inject arbitrary JavaScript via the 'Form Header' field, executing when users access the plugin settings page or view pages containing the [inquiry_form] shortcode. The vulnerability stems from insufficient input sanitization during option storage and missing output escaping in two rendering locations. CVSS 4.4 reflects the high privilege requirement (administrator-only access) and limited impact, though the stored nature and cross-site scope elevate concern for sites with multiple administrators or role delegation.
Stored Cross-Site Scripting (XSS) in Whole Enquiry Cart for WooCommerce plugin allows authenticated administrators to inject arbitrary JavaScript via the 'woowhole_success_msg' parameter, affecting all versions up to 1.2.1. The injected scripts execute for all users viewing affected pages, but exploitation is restricted to multi-site WordPress installations or sites with unfiltered_html disabled, and requires administrator-level privileges. No public exploit code or active exploitation has been identified at time of analysis.
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.6 and 9.11.0.0 through 9.13.0.0 disclose sensitive information through error messages accessible to high-privileged local attackers. The vulnerability stems from improper error handling (CWE-209) that exposes confidential data in system responses, requiring local access and administrative privileges to exploit. With a CVSS score of 4.4 reflecting high confidentiality impact but low attack complexity and no public exploit identified at time of analysis, this represents a moderate risk primarily to organizations where insider threats or compromised admin accounts pose concerns.
Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to 8.8.3 allow authenticated attackers with Subscriber-level access to modify, reschedule, or delete other users' scheduled social media posts through authorization bypass in AJAX handlers. The vulnerability stems from insufficient validation of user-controlled 'b2s_id' parameters before performing UPDATE and DELETE operations, enabling privilege escalation within multi-user WordPress environments. No public exploit code or active exploitation has been reported, but the low CVSS complexity and minimal authentication barrier (Subscriber role) make this a practical attack vector in shared hosting scenarios.
Google Chrome prior to version 147.0.7727.55 contains an information disclosure vulnerability in the Navigation component that allows a remote attacker with a compromised renderer process to leak cross-origin data via a crafted HTML page. The vulnerability requires user interaction and only affects confidentiality (CVSS 4.3), with an extremely low EPSS score of 0.03% indicating minimal real-world exploitation probability despite the unauthenticated attack vector.
Omnibox spoofing in Google Chrome on Android prior to version 147.0.7727.55 allows remote attackers to deceive users by displaying falsified URL bar contents through a crafted HTML page, enabling phishing and social engineering attacks without requiring user interaction beyond visiting a malicious site. Despite a low CVSS score of 4.3 and minimal EPSS exploitation probability (0.03%), the vulnerability has real-world impact because attackers can trick users into believing they are on legitimate domains while actually on attacker-controlled pages.
UI spoofing in Google Chrome on iOS prior to version 147.0.7727.55 allows remote attackers to deceive users through malicious HTML pages that manipulate the Omnibox security indicator, enabling phishing or credential theft without code execution. The vulnerability requires user interaction and has low confidentiality impact, reflected in both the CVSS score of 4.3 and minimal EPSS score of 0.03%, indicating limited real-world exploitation likelihood despite public discoverability.
UI spoofing in Google Chrome's Downloads interface prior to version 147.0.7727.55 allows remote attackers to deceive users into performing unintended actions via crafted HTML pages exploiting incorrect security UI rendering. The vulnerability requires user interaction with specific UI gestures on a malicious webpage, resulting in limited integrity impact through visual deception rather than code execution or data exfiltration. Although marked as low severity by Chromium and carrying minimal exploitation probability (EPSS 0.03%), the attack surface is broad given Chrome's prevalence as a target for social engineering.
UI spoofing in Google Chrome fullscreen mode prior to version 147.0.7727.55 allows remote attackers to deceive users with crafted HTML pages displaying fake security UI elements, potentially leading to credential theft or malware distribution through trusted-looking interface impersonation. The vulnerability requires user interaction (clicking/navigating to the malicious page) but poses moderate integrity risk due to the deceptive nature of fullscreen UI manipulation. No active exploitation has been confirmed, though the attack vector is straightforward for mass phishing campaigns.
UI spoofing via incorrect security UI rendering in Google Chrome's Blink engine allows remote attackers to deceive users into trusting malicious content through crafted HTML pages, affecting Chrome versions prior to 147.0.7727.55. The attack requires user interaction (clicking or viewing the malicious page) but no authentication. While assigned Medium severity by Google and carrying low EPSS exploitation probability (0.03%, 10th percentile), the integrity impact centers on user trust and phishing enablement rather than code execution.
UI spoofing in Google Chrome prior to version 147.0.7727.55 allows remote attackers with a compromised renderer process to deceive users through crafted HTML pages. The vulnerability requires prior renderer compromise, limiting real-world exploitation to scenarios where an attacker has already achieved code execution within the browser's sandboxed rendering context. No active exploitation confirmed; EPSS score of 0.03% indicates minimal exploitation probability.
Omnibox spoofing in Google Chrome prior to 147.0.7727.55 allows remote attackers with a compromised renderer process to spoof the URL bar contents via crafted HTML, deceiving users about the actual page origin. The vulnerability requires renderer process compromise (post-sandbox-escape condition) and user interaction, limiting real-world exploitation to multi-stage attacks. Patch available in Chrome 147.0.7727.55 and later; EPSS score of 0.03% reflects low autonomous exploitation likelihood despite medium CVSS rating.
Heap buffer overflow in WebML (a web markup language component) in Google Chrome prior to version 147.0.7727.55 allows remote attackers to obtain potentially sensitive information from process memory by serving a crafted HTML page. The vulnerability requires no user authentication and can be triggered through normal web browsing, though exploitation has a low probability (EPSS 0.03%) and no public exploit code has been identified.
Heap buffer overflow in WebML component of Google Chrome prior to version 147.0.7727.55 allows unauthenticated remote attackers to read sensitive information from process memory via a specially crafted HTML page. The vulnerability requires no user authentication and only user interaction (page visit), with a CVSS score of 6.5 reflecting confidentiality impact and limited availability risk. No public exploit code or active exploitation has been confirmed at time of analysis, though a vendor patch is available.
Heap buffer overflow in Google Chrome's WebAudio component prior to version 147.0.7727.55 allows unauthenticated remote attackers to read sensitive information from process memory by serving a crafted HTML page. The vulnerability has a CVSS score of 6.5 and EPSS probability of 0.03% (8th percentile), indicating low real-world exploitation likelihood despite the network attack vector and lack of user interaction requirements. Vendor-released patch is available.
Export sensitive Contact Form 7 submissions without proper authorization in Advanced Contact form 7 DB plugin for WordPress versions up to 2.0.9 allows authenticated attackers with Subscriber-level or higher permissions to export form data to Excel files due to a missing capability check on the 'vsz_cf7_export_to_excel' function. While the CVSS score of 4.3 reflects low severity and no public exploit code exists, the vulnerability enables unauthorized data access on any WordPress site using this plugin, affecting site administrators managing contact form submissions that may contain sensitive user information.
Kibana's Fleet agent management endpoint fails to enforce space-scoped access controls, allowing authenticated users with Fleet privileges in one space to retrieve sensitive Fleet Server policy details from unauthorized spaces including policy names, operational identifiers, and infrastructure linkage information. The vulnerability affects Kibana across multiple versions and requires valid user authentication with Fleet agent management permissions, resulting in cross-space information disclosure without the ability to modify data.
Google Chrome on Windows prior to version 147.0.7727.55 fails to properly validate user input in the Downloads functionality, allowing remote attackers to bypass download restrictions through a crafted HTML page. The vulnerability requires user interaction (clicking a link or visiting a malicious page) but has low real-world impact-it enables integrity bypass only, not code execution or confidentiality breaches. No public exploit code or active exploitation has been identified; the low EPSS score (0.02%) reflects minimal practical risk despite the network attack vector.
Sensitive system information exposure in magepeopleteam Bus Ticket Booking with Seat Reservation plugin (versions prior to 5.6.5) allows remote, unauthenticated attackers to retrieve embedded sensitive data via network access with high complexity exploitation. The vulnerability carries low real-world risk with EPSS score of 0.02% (5th percentile) and no confirmed active exploitation, though it may expose configuration details or internal system information to unauthorized parties.
DirectoryPress WordPress plugin versions 3.6.26 and earlier expose sensitive system information through an information disclosure vulnerability that allows unauthenticated remote attackers to retrieve embedded sensitive data with high attack complexity. The vulnerability has a CVSS score of 4.0 with low confidentiality impact and affects the scope beyond the vulnerable component. No public exploit code or active exploitation has been identified at the time of analysis, though the EPSS score of 0.02% suggests minimal real-world exploitation likelihood.
Softaculous PageLayer WordPress plugin through version 2.0.8 allows authenticated users to retrieve embedded sensitive data through exposure of information to an unauthorized control sphere. The vulnerability has a low CVSS score of 4.3 and an extremely low EPSS percentile of 5%, indicating minimal real-world exploitation probability despite requiring authenticated access. No active exploitation or public exploit code has been identified at time of analysis.
Missing authorization in Deepen Bajracharya's Video Conferencing with Zoom WordPress plugin through version 4.6.6 allows authenticated attackers to modify video conference data via broken access control. The plugin fails to properly validate whether users have permission to access or modify specific conference resources, enabling privilege escalation within the plugin's functionality. CVSS 4.3 reflects limited integrity impact; EPSS 0.02% (percentile 4%) suggests exploitation is unlikely in practice despite the authorization defect.
Missing authorization in the Ashe WordPress theme through version 2.266 allows unauthenticated remote attackers to access restricted functionality through incorrectly configured access control security levels. The vulnerability requires user interaction and is limited to low-impact information disclosure, with a CVSS score of 4.3 and minimal exploitation probability (EPSS 0.02%), indicating this is a low-priority authorization bypass rather than a critical vulnerability.
Missing authorization controls in the DEPART WordPress plugin (versions up to 1.0.7) allow authenticated attackers to access sensitive functionality by exploiting incorrectly configured access control security levels. The vulnerability requires valid user credentials but grants low-confidentiality access through broken authorization checks. While EPSS scoring indicates minimal real-world exploitation probability (0.02%, 4th percentile), the flaw represents a critical architectural weakness in permission enforcement that could enable privilege escalation or data disclosure depending on plugin functionality.
WpTravelly tour-booking-manager plugin through version 2.1.7 allows authenticated users to access sensitive information via broken access control, enabling privilege escalation within WordPress sites. The vulnerability requires user authentication and network access but does not permit modification or denial of service, affecting all WpTravelly installations up to the specified version. EPSS exploitation probability is minimal at 0.02%, and no public exploit code has been identified.
Missing authorization controls in Jordy Meow AI Engine (Pro) WordPress plugin versions prior to 3.4.2 allow authenticated users to modify content they should not have permission to access due to incorrectly configured access control security levels. The vulnerability requires authenticated access (CVSS PR:L) and affects integrity but not confidentiality or availability. With an EPSS score of 0.02% (4th percentile) and no evidence of active exploitation, this represents a low real-world risk despite the authentication bypass tag, primarily affecting multi-user WordPress installations where privilege escalation is possible.
Missing authorization in embedplus Youtube Embed Plus plugin versions up to 14.2.4 allows authenticated users to access restricted functionality through incorrectly configured access controls, resulting in limited information disclosure. The vulnerability affects all installations of Youtube Embed Plus from version 0 through 14.2.4, requires authenticated access (PR:L), and carries low real-world risk with EPSS score of 0.02% (4th percentile) despite CVSS 4.3 rating.
Missing authorization in Brainstorm Force CartFlows WordPress plugin versions up to 2.2.3 allows authenticated attackers to modify data through incorrectly configured access control, enabling unauthorized changes to plugin settings or resources. CVSS 4.3 (low severity) with EPSS 0.02% indicates limited real-world exploitation probability; the vulnerability requires prior authentication and does not enable code execution or confidentiality breaches.
Missing authorization in Syed Balkhi User Feedback plugin versions up to 1.10.1 allows authenticated users to access sensitive feedback data and functionalities they should not have permission to view or modify, due to incorrectly configured access control security levels. With CVSS 4.3 and EPSS 0.02%, this represents a low-probability real-world exploitation risk, though it affects WordPress installations using this plugin.
Content security policy bypass in Google Chrome prior to version 147.0.7727.55 allows remote attackers to bypass CSP protections via ServiceWorker policy manipulation when users interact with crafted HTML pages. The vulnerability requires user interaction (UI:R in CVSS) and results in integrity impact only; EPSS exploitation probability is minimal at 0.02%, and Chromium rates the security severity as low despite the policy bypass nature.
Google Chrome versions prior to 147.0.7727.55 contain a policy bypass vulnerability in the Downloads feature that allows remote attackers to circumvent multi-download protections through a crafted HTML page. The vulnerability requires user interaction (clicking or accepting a download), affects integrity only (no code execution or availability impact), and carries a low Chromium severity rating. EPSS exploitation probability is minimal at 0.02% (3rd percentile), indicating this is primarily a user-experience or policy-enforcement issue rather than a critical security risk.
Google Chrome prior to version 147.0.7727.55 contains an inappropriate PDF implementation that allows remote attackers to bypass navigation restrictions via a crafted HTML page. The vulnerability requires user interaction to trigger and offers low real-world risk, with an EPSS score of 0.02% (3rd percentile) indicating minimal exploitation probability despite its network-accessible attack vector. A vendor-released patch is available.
UI spoofing via policy bypass in Blink rendering engine in Google Chrome prior to version 147.0.7727.55 allows remote attackers to deceive users through crafted HTML pages. The vulnerability requires user interaction (clicking or viewing) but needs no authentication, affecting all Chrome users on unpatched versions. Chromium security team rated this as Medium severity; EPSS score of 0.02% indicates low real-world exploitation probability despite public disclosure.
Cross-Site Request Forgery (CSRF) in the Quran Translations WordPress plugin versions up to 1.7 allows unauthenticated attackers to modify plugin settings by tricking site administrators into clicking a malicious link. The vulnerability stems from missing nonce validation in the quran_playlist_options() function, which processes POST requests to update options like PDF, RSS, podcast, and media player display settings without cryptographic request verification. No public exploit code or active exploitation has been identified at time of analysis.
GitLab EE versions 18.6-18.8.8, 18.9-18.9.4, and 18.10-18.10.2 allow authenticated users with auditor role privileges to modify vulnerability flag data in private projects due to improper authorization checks. The vulnerability requires valid GitLab credentials and auditor-level access but enables unauthorized data integrity compromise within project security contexts.
GitLab CE/EE versions 18.2-18.10.2 allow authenticated users to export confidential issues assigned to other users via CSV export due to missing authorization validation. The vulnerability affects approximately three release branches with a moderate CVSS score of 4.3, limited by the requirement for prior authentication and lack of integrity impact, but represents a direct confidentiality breach in multi-tenant environments where issue classification is a security boundary.