Dell PowerProtect Data Domain appliances versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 contain an improper privilege management vulnerability in iDRAC that allows a high-privileged local attacker with user interaction to elevate privileges and perform unauthorized delete operations. The vulnerability requires high privileges and local access combined with user interaction, limiting real-world attack surface primarily to insider threats or physical facility access scenarios.
NoSQL injection in Cockpit-HQ Cockpit up to version 2.13.5 allows authenticated remote attackers to manipulate data query logic through the Asset Handler or Aggregate Handler components, resulting in information disclosure with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Remote authenticated path traversal in SonicCloudOrg sonic-server up to version 2.0.0 allows attackers with low-level privileges to manipulate the Type parameter in the File Upload Endpoint (FileTool.java) to traverse the filesystem and read or write arbitrary files. The vulnerability has publicly available exploit code and affects all versions up to 2.0.0; the vendor has not responded to early disclosure attempts, leaving no patch available.
TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to bypass authorization controls in the Agent Execution Endpoint by manipulating the agent_execution_id parameter in get_agent_execution and update_agent_execution functions. An attacker with valid credentials can access or modify agent execution records they should not have permission to interact with. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.
Code injection in langflow-ai langflow up to version 1.8.3 allows authenticated remote attackers to execute arbitrary code via manipulation of the X-Forwarded-For HTTP header in the Model Context Protocol Configuration API endpoint. The vulnerability affects the get_client_ip function in src/backend/base/langflow/api/v1/mcp_projects.py and has publicly available exploit code; the vendor did not respond to early disclosure notification.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files on the server by manipulating the Name argument in the LoadImage Node's folder_paths.get_annotated_filepath function. The vulnerability has publicly available exploit code and affects the image loading functionality, enabling attackers with valid credentials to access sensitive files outside intended directories.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files via manipulation of the get_model_preview function in the Model Preview Endpoint. An attacker with valid credentials can traverse the file system to access sensitive configuration files, model weights, or other data outside intended directories. Public exploit code is available, and the vendor has not provided a patched version despite early disclosure notification.
Denial of service in Lagom WHMCS Template through version 2.4.2 allows authenticated remote attackers to exhaust server resources via manipulation of the Datatables component, resulting in application unavailability. Publicly available exploit code exists and the vendor has not responded to early disclosure notification. CVSS 4.3 reflects moderate severity with low attack complexity requiring authenticated access.
Server-side request forgery in Qibo CMS 1.0 allows authenticated remote attackers to manipulate the 'starts' parameter in /index/image/headers endpoint, triggering arbitrary internal requests from the server. Publicly available exploit code exists. The vendor did not respond to early disclosure notification, leaving no patched version available.
Improper authorization in usememos memos up to version 0.22.1 allows authenticated remote attackers to bypass access controls via manipulation of additionalStyle and additionalScript arguments in the UpdateInstanceSetting component, potentially leading to unauthorized information disclosure, modification, and service disruption. The vulnerability has publicly available exploit code and affects the memos_access_token function in src/App.tsx. The vendor did not respond to early disclosure efforts.
Server-side request forgery in Dify up to version 1.13.3 allows authenticated remote attackers to manipulate the URL argument in the ApiBasedToolSchemaParser component, enabling arbitrary HTTP requests from the server to internal or external systems. The vulnerability affects the parse_openai_plugin_json_to_tool_bundle function in api/core/tools/utils/parser.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Server-side request forgery (SSRF) in Dify's ApiToolManageService allows authenticated remote attackers to manipulate the URL argument in the get_api_tool_provider_remote_schema function, enabling them to make arbitrary HTTP requests from the server. Affects Dify versions up to 0.6.9. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.
Server-side request forgery (SSRF) in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to manipulate the WebScraperTool's webpage extraction functions (extract_with_bs4, extract_with_3k, extract_with_lxml) to forge requests to arbitrary servers. The vulnerability has publicly available exploit code and low vendor responsiveness, creating immediate risk for deployments using affected versions.
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to access or modify project data without proper authorization checks in the project controller endpoints (get_project, update_project, get_projects_organisation). The vulnerability has publicly available exploit code and affects the project management functionality with limited confidentiality and integrity impact. The vendor did not respond to early disclosure notification.
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated attackers to manipulate the agent_id parameter in delete_agent, stop_schedule, and get_schedule_data endpoints, bypassing access controls to perform unauthorized operations on agents and schedules. The vulnerability is remotely exploitable by any authenticated user and publicly available exploit code exists; however, the vendor has not responded to early disclosure attempts.
Improper authorization in liangliangyy DjangoBlog versions up to 2.1.0.0 allows authenticated remote attackers to manipulate the oauthid parameter in the oauth/views.py form_valid function, bypassing access controls to perform unauthorized operations. The vulnerability has confirmed public exploit code available and affects all instances where OAuth functionality is enabled. This is a privilege escalation or horizontal access control bypass vulnerability accessible to any authenticated user.
SQL injection in phili67 Ecclesia CRM up to version 8.0.0 allows authenticated remote attackers to execute arbitrary SQL queries via the 'custom' parameter in the Query Viewer Component (/v2/query/view/). The vulnerability has a publicly available exploit and affects confidentiality, integrity, and availability of database operations. The vendor has not responded to early disclosure notification.
Cross-site request forgery (CSRF) in ComfyUI up to version 0.13.0 allows unauthenticated remote attackers to modify application state via crafted requests to the create_origin_only_middleware function in server.py. The vulnerability requires user interaction (clicking a malicious link or visiting an attacker-controlled site) but has low integrity impact and is publicly exploitable with proof-of-concept code available. The vendor has not responded to early disclosure notification.
Path traversal in p2r3 convert's Bun.serve API endpoint allows authenticated remote attackers to access arbitrary files on the server by manipulating the pathname parameter in buildCache.js. The vulnerability affects all versions up to commit 6998584ace3e11db66dff0b423612a5cf91de75b, with publicly available exploit code and no vendor patch forthcoming due to non-response from the maintainer. CVSS score of 5.3 reflects limited scope (confidentiality only) but the public exploit and authenticated attack vector present moderate operational risk.
Langflow up to version 1.8.3 stores authentication settings in cleartext on disk when processing project creation requests, allowing authenticated remote attackers to read sensitive credentials. The vulnerability exists in the create_project/encrypt_auth_settings function within the Project Creation Endpoint, where the auth_settings parameter bypasses encryption despite the function's intent. Publicly available exploit code exists, and the vendor has not released a patch or responded to disclosure notices.
Server-side request forgery in vibrantlabsai RAGAS up to version 0.4.3 allows authenticated remote attackers to manipulate the retrieved_contexts argument in the Collections Module's _try_process_local_file and _try_process_url functions, enabling arbitrary file reads and network requests with the application's privileges. Publicly available exploit code exists; the vendor has not responded to early disclosure attempts despite the security patch for related CVE-2025-45691 being applied to a different module only.
Improper neutralization of directives in dynamically evaluated code in Pagekit CMS up to version 1.0.18 allows high-privileged remote attackers to inject and execute arbitrary PHP code through the StringStorage Template Handler's evaluate function in app/modules/view/src/PhpEngine.php. The vulnerability requires administrator-level access but enables information disclosure, code injection, and potential system compromise. Publicly available exploit code exists; the vendor has not responded to disclosure efforts.
Z-BlogPHP 1.7.5 allows authenticated remote attackers with administrative privileges to upload arbitrary files via the App::UnPack function in the ZBA File Handler component (/zb_users/plugin/AppCentre/app_upload.php), bypassing file upload restrictions and potentially enabling remote code execution. Public exploit code exists, and the vendor has not responded to early disclosure attempts.
Cross-site scripting (XSS) in Qibo CMS 1.0 Internal Message Module allows authenticated remote attackers to inject malicious scripts through message manipulation, affecting user sessions and data integrity. The vulnerability requires user interaction (UI:P) and valid authentication (PR:L), limiting exposure to authenticated users. Public exploit code is available, though the vendor has not responded to disclosure attempts.
Stored cross-site scripting (XSS) in Yifang CMS up to version 2.0.5 allows authenticated attackers to inject malicious scripts via the Account parameter in the Extended Management Module's RBAC admin component, affecting stored data integrity with user interaction required. The vulnerability has publicly available proof-of-concept code, though the CVSS score of 3.5 reflects its limited scope (no confidentiality or availability impact, information disclosure only). The vendor has not responded to early disclosure efforts.
Cross-site scripting in Dify's ImagePreview component (web/app/components/base/image-uploader/image-preview.tsx) allows authenticated users to inject malicious scripts via the filename argument in the openInNewTab function, affecting versions up to 1.13.3. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting impact to low integrity compromise with no confidentiality or availability impact. Publicly available exploit code exists; vendor has not responded to early disclosure.
Stored cross-site scripting (XSS) in langflow-ai langflow up to version 1.8.3 allows authenticated users to inject malicious scripts into chat messages via the edit-message component, which are then executed in the browsers of other users viewing the manipulated message. The vulnerability requires user interaction (recipient must view the crafted message) and authenticated access, limiting scope to users within a langflow instance, but publicly available exploit code exists and the vendor has not responded to early disclosure.
Cross-site scripting (XSS) in ComfyUI up to version 0.13.0 allows authenticated remote attackers to inject malicious scripts through the View Endpoint in server.py, affecting user integrity with publicly available exploit code. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity despite network accessibility. ComfyUI's vendor has not responded to early disclosure attempts, and the exploit has been published on GitHub, making this a low-CVSS but publicly weaponized vulnerability affecting an AI image generation framework.
Stored cross-site scripting (XSS) in ComfyUI's userdata endpoint (getuserdata function in app/user_manager.py) allows authenticated attackers to inject malicious scripts that execute in other users' browsers. Affected versions range from 0.1 through 0.13.0. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact, but publicly available exploit code exists and the vendor has not responded to disclosure.
Langflow up to version 1.8.3 stores API credentials without encryption in the remove_api_keys and has_api_terms functions, allowing remote attackers with high privileges to disclose sensitive credentials through the Flow Using API component. The vulnerability has publicly available exploit code, though real-world exploitation likelihood is constrained by the requirement for high-privilege access; vendor has not responded to disclosure.
Cross-site scripting (XSS) in erponline.xyz ERP Online up to version 4.0.0 allows authenticated attackers with high privileges to inject malicious scripts via the Item Name parameter on the Inventory Edit Item Page, requiring user interaction to execute. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification, leaving affected deployments without a patched remediation path.
Cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Pool List Interface (/?_route=pool/add endpoint), affecting data integrity through stored or reflected XSS. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk; however, publicly available exploit code exists and the vendor has not responded to disclosure, leaving affected deployments without an official patch.
Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated remote attackers with high privileges to inject malicious scripts via the Customer Handler edit endpoint (/?_route=customers/edit/), affecting other users who view manipulated customer records. Exploitation requires user interaction (victim viewing the crafted page), but publicly available exploit code exists and the vendor has not responded to disclosure attempts.
Server-Side Request Forgery in Vexa meeting bot allows unauthenticated remote attackers to forge HTTP POST requests to arbitrary internal URLs (Redis, databases, cloud metadata endpoints) via unvalidated webhook configuration, enabling credential theft and lateral movement. CVSS 5.8 with network attack vector and no user interaction required. Fixed in version 0.10.0-260419-1910.
Roxy-WI versions prior to 8.2.6.4 allow authenticated attackers to read arbitrary files via path traversal in the POST /config/<service>/show API endpoint. The configver parameter is directly concatenated into a file path without proper validation, permitting directory escape sequences (../) to bypass the existing path guard. An authenticated user can exploit this to access sensitive configuration files and other data readable by the web application process.
Canonical Livepatch snap client prior to 10.15.0 allows local unprivileged users to obtain a root-level authentication token via an unauthenticated request to the livepatchd.sock Unix domain socket, enabling attackers to impersonate the victim and access Livepatch services on systems with an active Ubuntu Pro subscription.
Cryptographic algorithm downgrade in AWS Encryption SDK for Python's caching layer allows authenticated local attackers to bypass key commitment policy enforcement through a shared key cache, enabling decryption of single ciphertext to multiple different plaintexts. Affected versions include Python 2 up to 2.5.1, Python 3 up to 3.3.0, and Python 4 up to 4.0.4. AWS has released vendor patches (versions 3.3.1, 4.0.5, and later) to remediate the vulnerability, which requires local access and authenticated credentials but has no known public exploit.
nginx-ui before version 2.3.5 allows Cross-Site WebSocket Hijacking (CSWSH) attacks due to improper WebSocket origin validation and insecurely configured authentication cookies. An attacker can trick a logged-in administrator into visiting a malicious webpage that establishes authenticated WebSocket connections to the target nginx-ui instance, enabling information disclosure and administrative actions without explicit user consent. Version 2.3.5 patches the issue; no public exploit code or active exploitation confirmed at time of analysis.
Cross-cache slab free in the Linux kernel's socket buffer (SKB) subsystem allows a local authenticated attacker to trigger a kernel panic and denial of service on systems where KFENCE is enabled. When KFENCE intercepts a kzalloc() call whose requested size exactly matches SKB_SMALL_HEAD_CACHE_SIZE, the computed skb_end_offset misleads skb_kfree_head() into freeing the object to skb_small_head_cache instead of the originating kmalloc cache, corrupting slab allocator state. No public exploit is identified at time of analysis and EPSS is 0.02% (4th percentile), placing this firmly in the low-urgency tier absent a KFENCE-enabled production environment.
Stored cross-site scripting (XSS) in Apartment Visitors Management System v1.1 allows authenticated attackers to inject malicious JavaScript via the visname parameter in visitors-form.php, which executes when other users view the injected data in manage-newvisitors.php or visitor-detail.php. The vulnerability requires user interaction (victim visiting affected pages) and valid authentication but can escalate privileges, steal session tokens, or perform actions on behalf of administrative users viewing visitor records.
SQL injection in Apache Doris MCP Server versions before 0.6.1 allows unauthenticated remote attackers to execute unintended SQL statements and bypass query validation and access restrictions via improper neutralization in the MCP query execution interface. The vulnerability has a CVSS score of 5.3 (network-accessible, low complexity, no authentication required) but is classified as partial impact (confidentiality only, no integrity or availability impact) and has not been confirmed as actively exploited. A vendor patch is available.
Dify prior to version 1.13.1 allows any authenticated user to delete other users' chat histories via the DELETE /console/api/installed-apps/<appId>/conversations/<conversationId> endpoint due to insufficient authorization checks. An authenticated attacker can target any conversation ID to perform unauthorized deletion, resulting in data loss for other users. This vulnerability requires valid Dify authentication but no special privileges, affecting all vulnerable versions via network access.
Magento LTS prior to version 20.17.0 allows authenticated attackers to access private wishlist items from other users via an authorization bypass in the shared wishlist add-to-cart endpoint. The vulnerability permits an attacker with a valid sharing code for one wishlist to import items from a different victim's wishlist into their cart by manipulating the wishlist_item_id parameter, potentially exposing private custom option data and enabling cross-user file disclosure when file upload custom options are present. CVSS 5.3 (AV:N/AC:L/PR:L) indicates network-accessible exploitation requiring low privileges; patch version 20.17.0 resolves the issue.
Session key derivation in HKUDS OpenHarness prior to PR #159 fails to verify sender identity in shared chat/thread scopes, allowing authenticated users to hijack other participants' sessions and disrupt their active tasks through collision attacks on the shared ohmo session key. The vulnerability requires prior authentication and network access but enables lateral privilege escalation within collaborative environments. No public exploit code has been identified, though the fix is available via upstream commit 3186851c.
DjangoBlog versions up to 2.1.0.0 use a hard-coded cryptographic key in djangoblog/settings.py when the SECRET_KEY argument is manipulated during file upload operations, allowing remote attackers with user interaction to obtain sensitive information. The attack requires high complexity and user participation, resulting in a low confidentiality impact (CVSS 2.3). Publicly available exploit code exists, though the vendor has not responded to disclosure attempts.
Apache Kafka's NetworkClient component logs entire request and response payloads at DEBUG level, exposing sensitive authentication credentials, delegation tokens, and configuration data in plaintext logs. This affects Kafka versions 0.11.0 through 3.9.1 and 4.0.0 across the broker and client libraries. While DEBUG logging is not enabled by default (INFO is the standard), organizations that enable DEBUG logging for troubleshooting inadvertently create persistent records of authentication material and secrets that can be harvested by local log readers or accessed via log aggregation systems. CVSS 5.3 reflects low network attack surface (requires prior DEBUG enablement), but SSVC rates this as automatable with partial technical impact, suitable for prioritization in environments using centralized logging.
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.
User enumeration via timing/response code discrepancy in OpenAEV /api/reset endpoint allows unauthenticated remote attackers to reliably discover registered email addresses by observing HTTP 400 vs HTTP 200 responses. Affected versions 1.11.0 through 2.0.12 expose account lists without authentication; no active exploitation confirmed but the vulnerability requires trivial effort to exploit at scale. Fixed in version 2.0.13.
Stored cross-site scripting in GFI HelpDesk before version 4.99.9 allows authenticated staff members to inject arbitrary JavaScript via the Troubleshooter step subject field, with execution occurring when any user views the affected step. The vulnerability stems from unsanitized POST parameter handling in Controller_Step.InsertSubmit() and EditSubmit() methods, enabling persistent payload storage and broad user impact within the application.
Stored cross-site scripting in GFI HelpDesk before version 4.99.10 allows authenticated attackers to inject arbitrary JavaScript into report titles via the Reports module, with payload execution triggered when staff members access the report link in the Manage Reports interface. The vulnerability requires attacker authentication and user interaction (clicking the report link), limiting real-world impact to internal staff compromise scenarios rather than mass exploitation. Patch is available from the vendor.