Authenticated users in GitLab EE versions 16.6-18.8.8, 18.9-18.9.4, and 18.10-18.10.2 can expose other users' email addresses through specific GraphQL queries due to improper authorization checks. An authenticated attacker can enumerate valid user accounts and retrieve their email addresses without additional privileges, violating confidentiality. No public exploit code or active exploitation has been confirmed; patches are available in GitLab 18.8.9, 18.9.5, and 18.10.3.
Cross-Site Request Forgery in BEAR - Bulk Editor and Products Manager Professional for WooCommerce (all versions up to 1.1.5) allows unauthenticated attackers to delete WooCommerce taxonomy terms via a malicious link that tricks site administrators or shop managers into performing an action. The vulnerability stems from missing nonce validation on the woobe_delete_tax_term() function, enabling integrity compromise with low CVSS impact (4.3) but requiring user interaction.
GitLab EE versions 11.3 through 18.10.2 allow authenticated developers to modify protected environment settings through improper authorization checks in the API, enabling privilege escalation within project scope. The vulnerability requires valid developer credentials and network access but allows an attacker to alter security-critical environment configurations without appropriate permissions. CVSS 4.3 (low severity) reflects limited scope and integrity-only impact; no public exploit or active exploitation via CISA KEV has been confirmed.
Cryptographic weakness in PDFium allows unauthenticated remote attackers to decrypt and read sensitive information from password-protected PDFs through brute-force attacks when users view malicious or compromised PDF files in Google Chrome versions prior to 147.0.7727.55. The vulnerability requires user interaction (opening a PDF) but combines weak cryptographic design (CWE-326) with low attack complexity, making it feasible for attackers to extract confidential content from encrypted documents. EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite Chromium's medium severity classification.
Cross-Site Request Forgery in themearile NewsExo WordPress theme versions through 7.1 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users with user interaction (clicking a malicious link). The vulnerability has a CVSS score of 4.3 with low integrity impact but no confidentiality or availability impact. EPSS exploitation probability is negligible at 0.01%, and no public exploit code or active exploitation has been confirmed.
LightRAG API authentication can be bypassed via JWT algorithm confusion attack, where an attacker forges tokens by specifying 'alg': 'none' in the JWT header to impersonate any user including administrators. The vulnerability exists in the validate_token() method in lightrag/api/auth.py (line 128), which accepts the unsigned 'none' algorithm despite not explicitly permitting it, allowing unauthenticated remote attackers to gain unauthorized access to protected resources. Publicly available proof-of-concept code demonstrates the attack; vendor has released a patch addressing the root cause of improper algorithm validation.
Insufficient session expiration in parisneo/lollms allows authenticated attackers with high privileges to maintain unauthorized account access after a victim resets their password, due to failure to invalidate active sessions and excessively long default session duration (31 days). The vulnerability requires prior compromise and high privileges but enables persistent access to accounts with confidentiality, integrity, and availability impact. No public exploit code or active exploitation has been confirmed.
openclaw-claude-bridge v1.1.0 incorrectly disables CLI tool access by passing --allowed-tools "" to the Claude Code subprocess, when the correct flag to disable tools is --tools. The --allowed-tools flag only controls which tools auto-approve without prompts; all CLI tools (Read, Write, Bash, WebFetch, etc.) remain nominally available. Users deploying the bridge to handle untrusted prompts or in gateway contexts may unknowingly operate without the sandboxing protections claimed in the README, exposing systems to prompt-injection attacks that could trigger arbitrary code execution in the process context. Vendor-released patch: v1.1.1 (commit 8a296f5).