The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
DjangoBlog up to version 2.1.0.0 contains hard-coded credentials in djangoblog/settings.py that can be exploited remotely to bypass authentication and gain unauthorized access. The vulnerability stems from sensitive USER/PASSWORD arguments being embedded in configuration files, allowing attackers with network access to retrieve database credentials. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
NoSQL injection in Cockpit-HQ Cockpit up to version 2.13.5 allows authenticated remote attackers to manipulate data query logic through the Asset Handler or Aggregate Handler components, resulting in information disclosure with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Remote authenticated path traversal in SonicCloudOrg sonic-server up to version 2.0.0 allows attackers with low-level privileges to manipulate the Type parameter in the File Upload Endpoint (FileTool.java) to traverse the filesystem and read or write arbitrary files. The vulnerability has publicly available exploit code and affects all versions up to 2.0.0; the vendor has not responded to early disclosure attempts, leaving no patch available.
TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to bypass authorization controls in the Agent Execution Endpoint by manipulating the agent_execution_id parameter in get_agent_execution and update_agent_execution functions. An attacker with valid credentials can access or modify agent execution records they should not have permission to interact with. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.
Code injection in langflow-ai langflow up to version 1.8.3 allows authenticated remote attackers to execute arbitrary code via manipulation of the X-Forwarded-For HTTP header in the Model Context Protocol Configuration API endpoint. The vulnerability affects the get_client_ip function in src/backend/base/langflow/api/v1/mcp_projects.py and has publicly available exploit code; the vendor did not respond to early disclosure notification.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files on the server by manipulating the Name argument in the LoadImage Node's folder_paths.get_annotated_filepath function. The vulnerability has publicly available exploit code and affects the image loading functionality, enabling attackers with valid credentials to access sensitive files outside intended directories.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files via manipulation of the get_model_preview function in the Model Preview Endpoint. An attacker with valid credentials can traverse the file system to access sensitive configuration files, model weights, or other data outside intended directories. Public exploit code is available, and the vendor has not provided a patched version despite early disclosure notification.
Denial of service in Lagom WHMCS Template through version 2.4.2 allows authenticated remote attackers to exhaust server resources via manipulation of the Datatables component, resulting in application unavailability. Publicly available exploit code exists and the vendor has not responded to early disclosure notification. CVSS 4.3 reflects moderate severity with low attack complexity requiring authenticated access.
Server-side request forgery in Qibo CMS 1.0 allows authenticated remote attackers to manipulate the 'starts' parameter in /index/image/headers endpoint, triggering arbitrary internal requests from the server. Publicly available exploit code exists. The vendor did not respond to early disclosure notification, leaving no patched version available.
Improper authorization in usememos memos up to version 0.22.1 allows authenticated remote attackers to bypass access controls via manipulation of additionalStyle and additionalScript arguments in the UpdateInstanceSetting component, potentially leading to unauthorized information disclosure, modification, and service disruption. The vulnerability has publicly available exploit code and affects the memos_access_token function in src/App.tsx. The vendor did not respond to early disclosure efforts.
Server-side request forgery in Dify up to version 1.13.3 allows authenticated remote attackers to manipulate the URL argument in the ApiBasedToolSchemaParser component, enabling arbitrary HTTP requests from the server to internal or external systems. The vulnerability affects the parse_openai_plugin_json_to_tool_bundle function in api/core/tools/utils/parser.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Server-side request forgery (SSRF) in Dify's ApiToolManageService allows authenticated remote attackers to manipulate the URL argument in the get_api_tool_provider_remote_schema function, enabling them to make arbitrary HTTP requests from the server. Affects Dify versions up to 0.6.9. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.
Server-side request forgery (SSRF) in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to manipulate the WebScraperTool's webpage extraction functions (extract_with_bs4, extract_with_3k, extract_with_lxml) to forge requests to arbitrary servers. The vulnerability has publicly available exploit code and low vendor responsiveness, creating immediate risk for deployments using affected versions.
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to access or modify project data without proper authorization checks in the project controller endpoints (get_project, update_project, get_projects_organisation). The vulnerability has publicly available exploit code and affects the project management functionality with limited confidentiality and integrity impact. The vendor did not respond to early disclosure notification.
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated attackers to manipulate the agent_id parameter in delete_agent, stop_schedule, and get_schedule_data endpoints, bypassing access controls to perform unauthorized operations on agents and schedules. The vulnerability is remotely exploitable by any authenticated user and publicly available exploit code exists; however, the vendor has not responded to early disclosure attempts.
Improper authorization in liangliangyy DjangoBlog versions up to 2.1.0.0 allows authenticated remote attackers to manipulate the oauthid parameter in the oauth/views.py form_valid function, bypassing access controls to perform unauthorized operations. The vulnerability has confirmed public exploit code available and affects all instances where OAuth functionality is enabled. This is a privilege escalation or horizontal access control bypass vulnerability accessible to any authenticated user.
SQL injection in phili67 Ecclesia CRM up to version 8.0.0 allows authenticated remote attackers to execute arbitrary SQL queries via the 'custom' parameter in the Query Viewer Component (/v2/query/view/). The vulnerability has a publicly available exploit and affects confidentiality, integrity, and availability of database operations. The vendor has not responded to early disclosure notification.
Cross-site request forgery (CSRF) in ComfyUI up to version 0.13.0 allows unauthenticated remote attackers to modify application state via crafted requests to the create_origin_only_middleware function in server.py. The vulnerability requires user interaction (clicking a malicious link or visiting an attacker-controlled site) but has low integrity impact and is publicly exploitable with proof-of-concept code available. The vendor has not responded to early disclosure notification.
Path traversal in p2r3 convert's Bun.serve API endpoint allows authenticated remote attackers to access arbitrary files on the server by manipulating the pathname parameter in buildCache.js. The vulnerability affects all versions up to commit 6998584ace3e11db66dff0b423612a5cf91de75b, with publicly available exploit code and no vendor patch forthcoming due to non-response from the maintainer. CVSS score of 5.3 reflects limited scope (confidentiality only) but the public exploit and authenticated attack vector present moderate operational risk.
Langflow up to version 1.8.3 stores authentication settings in cleartext on disk when processing project creation requests, allowing authenticated remote attackers to read sensitive credentials. The vulnerability exists in the create_project/encrypt_auth_settings function within the Project Creation Endpoint, where the auth_settings parameter bypasses encryption despite the function's intent. Publicly available exploit code exists, and the vendor has not released a patch or responded to disclosure notices.
Server-side request forgery in vibrantlabsai RAGAS up to version 0.4.3 allows authenticated remote attackers to manipulate the retrieved_contexts argument in the Collections Module's _try_process_local_file and _try_process_url functions, enabling arbitrary file reads and network requests with the application's privileges. Publicly available exploit code exists; the vendor has not responded to early disclosure attempts despite the security patch for related CVE-2025-45691 being applied to a different module only.
Improper neutralization of directives in dynamically evaluated code in Pagekit CMS up to version 1.0.18 allows high-privileged remote attackers to inject and execute arbitrary PHP code through the StringStorage Template Handler's evaluate function in app/modules/view/src/PhpEngine.php. The vulnerability requires administrator-level access but enables information disclosure, code injection, and potential system compromise. Publicly available exploit code exists; the vendor has not responded to disclosure efforts.
Z-BlogPHP 1.7.5 allows authenticated remote attackers with administrative privileges to upload arbitrary files via the App::UnPack function in the ZBA File Handler component (/zb_users/plugin/AppCentre/app_upload.php), bypassing file upload restrictions and potentially enabling remote code execution. Public exploit code exists, and the vendor has not responded to early disclosure attempts.
Cross-site scripting (XSS) in Qibo CMS 1.0 Internal Message Module allows authenticated remote attackers to inject malicious scripts through message manipulation, affecting user sessions and data integrity. The vulnerability requires user interaction (UI:P) and valid authentication (PR:L), limiting exposure to authenticated users. Public exploit code is available, though the vendor has not responded to disclosure attempts.
Stored cross-site scripting (XSS) in Yifang CMS up to version 2.0.5 allows authenticated attackers to inject malicious scripts via the Account parameter in the Extended Management Module's RBAC admin component, affecting stored data integrity with user interaction required. The vulnerability has publicly available proof-of-concept code, though the CVSS score of 3.5 reflects its limited scope (no confidentiality or availability impact, information disclosure only). The vendor has not responded to early disclosure efforts.
Cross-site scripting in Dify's ImagePreview component (web/app/components/base/image-uploader/image-preview.tsx) allows authenticated users to inject malicious scripts via the filename argument in the openInNewTab function, affecting versions up to 1.13.3. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting impact to low integrity compromise with no confidentiality or availability impact. Publicly available exploit code exists; vendor has not responded to early disclosure.
Stored cross-site scripting (XSS) in langflow-ai langflow up to version 1.8.3 allows authenticated users to inject malicious scripts into chat messages via the edit-message component, which are then executed in the browsers of other users viewing the manipulated message. The vulnerability requires user interaction (recipient must view the crafted message) and authenticated access, limiting scope to users within a langflow instance, but publicly available exploit code exists and the vendor has not responded to early disclosure.
Cross-site scripting (XSS) in ComfyUI up to version 0.13.0 allows authenticated remote attackers to inject malicious scripts through the View Endpoint in server.py, affecting user integrity with publicly available exploit code. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity despite network accessibility. ComfyUI's vendor has not responded to early disclosure attempts, and the exploit has been published on GitHub, making this a low-CVSS but publicly weaponized vulnerability affecting an AI image generation framework.
Stored cross-site scripting (XSS) in ComfyUI's userdata endpoint (getuserdata function in app/user_manager.py) allows authenticated attackers to inject malicious scripts that execute in other users' browsers. Affected versions range from 0.1 through 0.13.0. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact, but publicly available exploit code exists and the vendor has not responded to disclosure.
Langflow up to version 1.8.3 stores API credentials without encryption in the remove_api_keys and has_api_terms functions, allowing remote attackers with high privileges to disclose sensitive credentials through the Flow Using API component. The vulnerability has publicly available exploit code, though real-world exploitation likelihood is constrained by the requirement for high-privilege access; vendor has not responded to disclosure.
Cross-site scripting (XSS) in erponline.xyz ERP Online up to version 4.0.0 allows authenticated attackers with high privileges to inject malicious scripts via the Item Name parameter on the Inventory Edit Item Page, requiring user interaction to execute. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification, leaving affected deployments without a patched remediation path.
Cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Pool List Interface (/?_route=pool/add endpoint), affecting data integrity through stored or reflected XSS. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk; however, publicly available exploit code exists and the vendor has not responded to disclosure, leaving affected deployments without an official patch.
Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated remote attackers with high privileges to inject malicious scripts via the Customer Handler edit endpoint (/?_route=customers/edit/), affecting other users who view manipulated customer records. Exploitation requires user interaction (victim viewing the crafted page), but publicly available exploit code exists and the vendor has not responded to disclosure attempts.
DjangoBlog versions up to 2.1.0.0 use a hard-coded cryptographic key in djangoblog/settings.py when the SECRET_KEY argument is manipulated during file upload operations, allowing remote attackers with user interaction to obtain sensitive information. The attack requires high complexity and user participation, resulting in a low confidentiality impact (CVSS 2.3). Publicly available exploit code exists, though the vendor has not responded to disclosure attempts.
Out-of-bounds read in wolfSSHd on Windows allows authenticated users to leak adjacent stack memory via malformed terminal resize requests, exposing sensitive data through pseudo-console output. Affects wolfSSH versions prior to 1.5.0. CVSS score of 2.3 reflects low severity due to authentication requirement and limited confidentiality impact; vendor patch available.
StorageGRID versions before 11.9.0.13 and 12.0.0.6 allow authenticated attackers with low privileges to execute arbitrary metrics queries, exposing metric data they lack authorization to access. The vulnerability requires low-privilege authentication and specific timing conditions but poses direct information disclosure risk in multi-tenant or role-restricted deployments where metric visibility should be compartmentalized.
Remote authentication bypass in TransformerOptimus SuperAGI budget endpoints (versions up to 0.0.14) allows authenticated users to manipulate budget settings without proper authorization checks, potentially enabling unauthorized modification of financial controls. The vulnerability affects the get_budget and update_budget functions in superagi/controllers/budget.py and has publicly available exploit code. The vendor did not respond to early disclosure attempts.
GNU sed with -i (in-place edit) and --follow-symlinks options is vulnerable to a time-of-check-time-of-use (TOCTOU) race condition that allows local attackers to overwrite arbitrary files with attacker-controlled content. An attacker can atomically replace a symlink target between sed's symlink resolution and file open operations, causing sed to read from an attacker-chosen file while writing output to an unintended location. The vulnerability affects sed versions prior to 4.10 and requires precise timing on the same filesystem, resulting in a CVSS score of 2.1 due to low attack complexity but limited practical exploitation window.