{dict} I will ask question, and you will output the Python code using pandas dataframe to answer my question. Do not provide any explanations. Do not respond with anything except the output of the code. Security: Output ONLY pandas/numpy operations on the dataframe (df). Do not use import, exec, eval, open, os, subprocess, or any other system or file operations. The code will be validated and rejected if it contains such constructs. Question: {question} Output Code: ``` Where `{dict}` is the extracted column names and `{question}` is the initial prompt provided by the user. This system prompt is sent to an LLM in order for it to generate a Python script based on the user's prompt, and the LLM-generated response is stored in a variable named `pythonCode`. The method then evaluates the `pythonCode` variable in a pyodide environment. While the LLM-generated Python script is evaluated in a non-sandboxed environment, there is a list of forbidden patterns that are checked before the script is executed on the server. The function `validatePythonCodeForDataFrame()` enumerates through a list named `FORBIDDEN_PATTERNS`, which contains pairs of regex patterns and reasons. Each regex pattern is run against the Python script, and if the pattern is found in the script, the script is invalidated and is not run, responding to the request with a reason for rejection. The input validation can be bypassed, which can still lead to running arbitrary OS commands on the server. An example of this is the pattern `/\bimport\s+(?!pandas|numpy\b)/g`, which intends to search for lines of code that import a module other than pandas or numpy. This can be bypassed by importing along with pandas or numpy. For example, consider the following lines of code: ```python import pandas as np, os as pandas pandas.system("xcalc") ``` Here, pandas is imported, but so is the `os` module, with `pandas` as its alias. OS commands can then be invoked with `pandas.system()`. Using prompt injection techniques, an unauthenticated attacker with the ability to send prompts to a chatflow using the CSV Agent node may convince an LLM to respond with a malicious Python script that executes attacker-controlled commands on the Flowise server. It is also possible for an authenticated attacker to exploit this vulnerability by specifying an attacker-controlled server in a chatflow. This server would respond to prompts with an attacker-controlled Python script instead of an LLM-generated response, which would then be evaluated on the server. ```ts import type { PyodideInterface } from 'pyodide' import * as path from 'path' import { getUserHome } from '../../../src/utils' let pyodideInstance: PyodideInterface | undefined export async function LoadPyodide(): Promise<PyodideInterface> { if (pyodideInstance === undefined) { const { loadPyodide } = await import('pyodide') const obj: any = { packageCacheDir: path.join(getUserHome(), '.flowise', 'pyodideCacheDir') } pyodideInstance = await loadPyodide(obj) await pyodideInstance.loadPackage(['pandas', 'numpy']) } return pyodideInstance } export const systemPrompt = `You are working with a pandas dataframe in Python. The name of the dataframe is df. The columns and data types of a dataframe are given below as a Python`*
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OS command injection in NewSoft NewSoftOA allows remote unauthenticated attackers to execute arbitrary system commands on the server. CVSS 9.3 (Critical) with network attack vector and no authentication required. The description contains a contradiction - it states 'local attackers' while CVSS vector indicates AV:N (network-accessible). Based on CVSS vector, this is remotely exploitable without authentication. No CISA KEV listing or public exploit code identified at time of analysis, but network accessibility and lack of auth barriers make this a high-priority remediation target for organizations running NewSoftOA.
Cross-site request forgery (CSRF) in Dovestones AD Self Update versions before 4.0.0.5 allows unauthenticated attackers to modify authenticated user account information by crafting malicious requests that exploit missing CSRF token validation. The vulnerability affects state-changing endpoints that accept both POST and GET requests without proper anti-CSRF protections, enabling account takeover when a victim visits a malicious page while logged in. Publicly available exploit code exists.
Reflected cross-site scripting (XSS) in Dovestones ADPhonebook versions below 4.0.1.1 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser via the search parameter of the /ADPhonebook?Department=HR endpoint. User input is reflected without proper encoding. Publicly available exploit code exists, though CISA KEV status is not confirmed, and CVSS 6.1 with UI:R indicates user interaction is required for successful exploitation.
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains two `eval()` sinks fed directly by those relayed fields (`json.msg.autoEvalCodeOnHTML` at line 568 and `json.callback` at line 95). Because tokens are minted for anonymous visitors and never revalidated beyond decryption, an unauthenticated attacker can broadcast arbitrary JavaScript that executes in the origin of every currently-connected user (including administrators), resulting in universal account takeover, session theft, and privileged action execution. Commit c08694bf6264eb4decceb78c711baee2609b4efd contains a fix.
Storable versions before 3.05 for Perl has a stack overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Remote code execution with complete system compromise affects Net::Dropbear Perl module versions before 0.14 due to bundled vulnerable libtomcrypt library. The module ships with Dropbear 2019.78 or earlier containing libtomcrypt v1.18.1, inheriting CVE-2016-6129 (RSA signature forgery) and CVE-2018-12437 (RSA key recovery via side-channel). CVSS 10.0 reflects network-accessible attack with no authentication or user interaction required and complete confidentiality, integrity, and availability impact with scope change. CISA SSVC framework confirms automatable exploitation with total technical impact, though no active exploitation reported. Patch available in Net::Dropbear 0.14 with updated cryptographic dependencies.
Unauthenticated path traversal in CrowdStrike LogScale cluster API allows remote attackers to read arbitrary files from server filesystems. Affects only self-hosted LogScale deployments with specific vulnerable versions; Next-Gen SIEM customers are not impacted. CrowdStrike proactively identified this during internal testing and deployed network-layer blocks for SaaS customers on April 7, 2026, with log analysis confirming no evidence of exploitation. CVSS 9.8 critical severity with network vector and no authentication required (AV:N/PR:N), though EPSS and KEV data not available at time of analysis.
Command injection in Tenda W30E V2.0 firmware V16.01.0.21 allows remote unauthenticated attackers to execute arbitrary operating system commands as root through the formSetUSBPartitionUmount function by manipulating the usbPartitionName parameter. The vulnerability achieves maximum CVSS severity (9.8) due to network accessibility without authentication, though EPSS exploitation probability remains low (0.17%, 38th percentile), suggesting limited attacker interest at time of analysis. No active exploitation confirmed by CISA KEV, and public exploit code status is unverified from researcher disclosure.
Uninitialized memory access in Firefox's Web Codecs API enables remote code execution without authentication. Attackers can exploit this CWE-457 (Use of Uninitialized Variable) flaw through network-accessible vectors with low complexity (AV:N/AC:L/PR:N/UI:N) to achieve complete system compromise including data exfiltration, arbitrary code execution, and denial of service. CVSS 9.8 severity is supported by SSVC assessment indicating automatable exploitation with total technical impact. Vendor-released patches available in Firefox 150 and Firefox ESR 140.10. CISA SSVC reports no active exploitation at time of analysis, though the vulnerability is classified as automatable with total technical impact.
DOM security mitigation bypass in Mozilla Firefox allows remote unauthenticated attackers to completely compromise browser security, achieving high confidentiality, integrity, and availability impact. Affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10. The vulnerability bypasses critical browser security controls designed to protect the Document Object Model. SSVC assessment indicates the flaw is automatable with total technical impact, though no active exploitation has been confirmed at time of analysis. CVSS 9.8 critical rating reflects network-based attack with no complexity barriers.
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
Authentication bypass in Firefox's cookie-handling mechanism allows remote unauthenticated attackers to bypass security controls via network requests, achieving full confidentiality, integrity, and availability compromise. Affects Firefox versions prior to 150. Mozilla has released patches in security advisories MFSA2026-30 and MFSA2026-33. CISA SSVC framework classifies this as fully automatable with total technical impact, though no active exploitation is confirmed at time of analysis. CVSS 9.8 critical severity reflects the network attack vector with no authentication or user interaction required.
Authentication bypass in Firefox's cookie handling mechanism allows remote unauthenticated attackers to circumvent security controls and potentially execute arbitrary code or access protected resources. The vulnerability affects Firefox versions prior to 150 and has a critical CVSS score of 9.8 (network-exploitable, no authentication required, low complexity). Despite the severe CVSS rating, EPSS probability indicates only 0.02% likelihood of exploitation (4th percentile), suggesting limited real-world targeting. Mozilla has patched this in Firefox 150 per security advisories MFSA2026-30 and MFSA2026-33. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis.
Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers to execute arbitrary OS commands via command injection vulnerability. The attack requires low-privilege authentication (PR:L) but no user interaction, enabling complete system compromise across confidentiality, integrity, and availability with cross-scope impact (SC:H/SI:H/SA:H indicating container escape or lateral movement potential). Atlassian has released patches for three major version branches (9.6.25, 10.2.18, 12.1.6). No active exploitation confirmed in CISA KEV at time of analysis, though the authenticated nature and critical CVSS 9.4 score warrant immediate patching for internet-exposed instances with broad user access.
Remote unauthenticated path traversal in excel-mcp-server versions ≤0.1.7 allows network attackers to read, write, and overwrite arbitrary files on the host filesystem. The server's get_excel_path() function fails to validate file paths in two ways: it passes absolute paths without checking boundaries and joins relative paths without resolving traversal sequences. With default configuration binding to 0.0.0.0 (all network interfaces) and no authentication on SSE/Streamable-HTTP transport modes, exploitation is trivial. Vendor-released patch available in version 0.1.8. EPSS data not available; no CISA KEV listing identified at time of analysis.
Stored cross-site scripting in mailcow dockerized versions before 2026-03b enables remote attackers to execute arbitrary JavaScript in admin sessions by injecting malicious code through unauthenticated Autodiscover requests. The payload persists in Redis and triggers when administrators view Autodiscover logs on the admin dashboard. CVSS 9.3 reflects the network attack vector and high cross-scope impact, though exploitation requires admin interaction (UI:P) and no public exploit has been identified at time of analysis.
{ item_typ.len() * elem_count } ``` For the **outer** array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size. However, for **nested** arrays, `allocate_foreign_call_result_array()` contains a bug. When it encounters a nested `Type::Array(types, nested_size)`, it calls: ```rust Type::Array(_, nested_size) => { let inner_array = self.brillig_context.allocate_brillig_array(*nested_size as usize); // .... } ``` The pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the **semantic length** of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Consider a nested array of type `[(u32, u32); 3]`: - Semantic length: 3 (three tuples) - Element size: 2 (each tuple has two fields) - Required semi-flattened size: 6 memory slots The current code passes `3` to `allocate_brillig_array()`, which then calls `codegen_initialize_array()`. This function allocates `array.size + ARRAY_META_COUNT` slots, only 4 slots instead of the required 7 (6 data + 1 metadata). When the VM executes the foreign call and writes 6 values plus metadata, it overwrites adjacent heap memory. Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap. Multiply the semantic length by the number of element types when allocating nested arrays. Extract the inner types from the pattern and replace the `nested_size` argument to `allocate_brillig_array()` with `types.len() * nested_size` to compute the semi-flattened size. Alternatively, reuse the existing `compute_array_length()` helper function to maintain consistency with outer array allocation.
Remote code execution in WWBN AVideo up to version 29.0 allows unauthenticated attackers to execute arbitrary system commands via unsanitized URL parameters in test.php. This vulnerability stems from an incomplete fix that sanitized wget calls but left file_get_contents and curl code paths exploitable through regex bypass (accepting strings like 'httpevil[.]com'). CVSS 9.3 with Critical scope change reflects the severity. Upstream fix available in commit 78bccae but no tagged release version confirmed at time of analysis. EPSS data not provided; no CISA KEV listing identified.
SQL injection in Zeon Academy Pro allows remote unauthenticated attackers to execute arbitrary SQL commands via the 'phonenumber' parameter in /private/continue-upload.php, enabling full database compromise including data exfiltration, modification, and deletion. The vulnerability is exploitable over the network without authentication (CVSS:4.0 9.3 Critical, AV:N/PR:N), representing a complete compromise of database confidentiality and integrity. Patch available from vendor per INCIBE-CERT advisory, though specific fixed version not disclosed in public references.
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience (aud) claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia. This vulnerability is fixed in 0.16.2.
Remote code execution in AVideo versions 29.0 and below allows unauthenticated attackers to execute arbitrary shell commands on the server via command injection in the CloneSite plugin's cloneServer.json.php endpoint. Attackers exploit unsanitized user input in the 'url' parameter that gets directly concatenated into a wget command executed through PHP's exec() function. With CVSS 8.9 (AV:N/AC:L/PR:N/UI:N) and proof-of-concept exploitation confirmed (E:P), this represents a critical risk requiring immediate patching. Fix available in commit 473c609fc2defdea8b937b00e86ce88eba1f15bb.
Reflected cross-site scripting in Bludit CMS search plugin allows unauthenticated attackers to inject arbitrary JavaScript through malicious search queries. When users visit attacker-crafted URLs containing the XSS payload, malicious scripts execute in their browsers, enabling session cookie theft and actions performed on behalf of victims. Publicly available exploit code exists; patch available via commit 6732dde.
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Cryptographic signature verification bypass in ASP.NET Core 10.0 enables remote unauthenticated attackers to forge authentication tokens and gain unauthorized access to protected resources. Tagged as a JWT attack involving authentication bypass, this vulnerability allows complete compromise of confidentiality and integrity without requiring any special conditions (AV:N/AC:L/PR:N/UI:N). Microsoft has released a security update addressing this flaw. No active exploitation confirmed in CISA KEV at time of analysis, though the authentication bypass nature and network-accessible attack surface present significant risk for widely deployed ASP.NET Core applications.
Arbitrary file write in FreeScout (prior to 1.8.215) allows authenticated administrators to achieve remote code execution by uploading malicious ZIP archives during module installation. The path traversal vulnerability (CWE-22) enables attackers to write files to any location on the server filesystem, including web-accessible directories where PHP shells can be placed. With CVSS 9.1 (Critical) and EPSS data not provided, the primary risk factor is the changed scope (S:C) indicating potential container/hosting infrastructure compromise beyond the application itself. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis, though the fix commit provides implementation details that could facilitate exploit development.
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Remote unauthenticated attackers can leak GitHub workflow tokens from goshs repositories via ArtiPACKED attack. The vulnerability exploits artifact packaging mechanisms to extract GITHUB_TOKEN credentials despite the token never appearing in source code. With CVSS 9.1 (Critical) and network attack vector requiring no authentication, this poses immediate risk to CI/CD pipelines using goshs. No public exploit identified at time of analysis, though the attack technique (ArtiPACKED) is documented. EPSS data unavailable; not listed in CISA KEV.
Crafty Controller Users API allows authenticated administrators with high privileges to modify other user accounts due to improper API permission validation. Despite requiring PR:H (high privileges) and authentication, the vulnerability achieves CVSS 9.0 due to scope change, enabling privilege escalation and potential system-wide compromise. GitLab reports this as an authentication bypass affecting Crafty Controller by Arcadia Technology, LLC. No CISA KEV listing or public exploit code identified at time of analysis, though the authentication bypass tag suggests deviation from intended access controls even for privileged users.
Mass assignment vulnerability in FreeScout versions before 1.8.213 allows authenticated administrators to covertly exfiltrate all outgoing emails and inject malicious content into email communications. By exploiting unfiltered parameter binding in mailbox connection settings endpoints, an attacker with admin credentials can silently set auto_bcc to forward copies of every outgoing email, redirect SMTP traffic through attacker-controlled servers, inject tracking pixels or phishing links into signatures, and enable malicious auto-replies-all invisible to other administrators. The CVSS score of 9.0 reflects high confidentiality and integrity impact with changed scope, though exploitation requires high-privilege (admin) access. No public exploit code or CISA KEV listing identified, but the vulnerability is particularly dangerous in multi-admin deployments and when combined with session compromise vectors like XSS (noted in tags), as it provides persistent email surveillance beyond initial access.
Sandbox bypass in OpenClaw (pre-2026.3.31) enables authenticated remote attackers to escalate privileges by manipulating heartbeat context inheritance and senderIsOwner parameters. Exploitation requires low attack complexity with present attack technique capability, achieving complete compromise of confidentiality, integrity, and availability across vulnerable and subsequent system scope. No active exploitation confirmed (not in CISA KEV), but VulnCheck disclosure indicates researcher-identified vulnerability with public GitHub commit and security advisory available.
Stored cross-site scripting (XSS) in mailcow: dockerized (versions prior to 2026-03b) allows remote unauthenticated attackers to execute arbitrary JavaScript in administrator sessions by delivering emails with malicious attachment filenames. When administrators view quarantined emails through the web interface, unsanitized filenames inject into HTML without escaping, triggering automatic JavaScript execution that can compromise administrator accounts. No public exploit or active exploitation confirmed at time of analysis, though CVSS 8.9 (CVSS 4.0) reflects high impact with low attack complexity requiring user interaction.
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebook viewer followed HTTP redirects without revalidating the destination host, enabling an unauthenticated SSRF to internal services. By chaining this with regex filter queries against an internal API and measuring response time differences, an attacker could infer secret values character by character. Exploitation required that private mode be disabled and that the attacker be able to chain the instance's open redirect endpoint through an external redirect to reach internal services. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.26, 3.15.21, 3.16.17, 3.17.14, 3.18.8, 3.19.5, and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.
Unauthenticated remote attackers can access administrative diagnostic endpoints in FreeScout versions prior to 1.8.213, exploiting a predictable MD5 hash derived from the exposed APP_KEY. Attackers can harvest sensitive server information (full path disclosure, process IDs) and trigger resource exhaustion denial-of-service by repeatedly invoking unprotected background tasks. The vulnerability has publicly available exploit code (CVSS E:P), making it immediately actionable for attackers. EPSS data not provided, but the combination of network exposure (AV:N), no authentication required (PR:N), and confirmed POC significantly elevates real-world risk for internet-facing FreeScout installations.
Remote code execution in Dolibarr ERP 22.0.4 and earlier allows authenticated users with PHP content editing permissions to execute arbitrary OS commands on the server. The vulnerability stems from a bypassable blacklist-based filter for dangerous PHP functions in the Website module. Attack complexity is low (CVSS AV:N/AC:L/PR:L), requiring only valid low-privilege credentials. Public proof-of-concept code exists on GitHub, though CISA has not confirmed active exploitation. EPSS data is unavailable, but SSVC assessment indicates total technical impact with no current exploitation evidence.
Privilege escalation in Neko virtual browser (versions 3.0.0-3.0.10, 3.1.0-3.1.1) allows any authenticated user with low privileges to immediately gain full administrative control over the entire instance, including member management, room settings, broadcast control, and session termination. This complete instance compromise requires only network access and valid user credentials (CVSS 8.8, AV:N/AC:L/PR:L). While EPSS exploitation probability is low (0.12%, 31st percentile) and no active exploitation has been confirmed, the vulnerability is trivially exploitable by any authenticated user and classified as non-automatable but with total technical impact per SSVC. Vendor patches are available in versions 3.0.11 and 3.1.2.
Privilege escalation in Firefox WebRender allows remote attackers to gain elevated access through malicious web content requiring user interaction. Affects Firefox versions before 150, Firefox ESR before 115.35, and Firefox ESR before 140.10. Mozilla released patches in advisories MFSA2026-30 through MFSA2026-34. CVSS 8.8 (High) severity with network attack vector, but exploitation requires user interaction (visiting malicious site). No public exploit identified at time of analysis, with SSVC framework indicating no confirmed exploitation and partial technical impact.
Insecure token generation in FreeScout <1.8.213 allows unauthenticated remote attackers to download private email attachments by forging MD5-based download tokens. The predictable formula (md5(APP_KEY + sequential_attachment_id + guessable_size)) enables enumeration of all stored attachments without credentials. CVSS 8.8 reflects high confidentiality and integrity impact via network vector with no authentication required. EPSS data not provided. Proof-of-concept exploitation exists (E:P in CVSS vector). Vendor-released patch version 1.8.213 available via GitHub.
Authenticated users with restricted HTML/JavaScript editing permissions in Dolibarr ERP & CRM 22.0.4 and earlier can escalate privileges to execute arbitrary PHP code via the Website module. The vulnerability exploits inconsistent permission enforcement across input parameters during website page creation, allowing low-privileged authenticated users to bypass intended restrictions and inject PHP code. Public proof-of-concept exists on GitHub (PhDg1410), though no active exploitation is confirmed by CISA KEV. EPSS data unavailable, but the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability when exploited by authenticated insiders or compromised accounts.
State corruption in UltraDAG 0.1 allows remote unauthenticated attackers to bypass authorization controls and manipulate blockchain state integrity through malformed SmartOp::Vote transactions. The vulnerability enables attackers to trigger state mutations before authorization checks complete, causing high availability impact and low integrity impact to the blockchain. No active exploitation or public POC has been identified, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations. Upstream fixes are available via GitHub commits but no tagged release version has been confirmed.
Privilege escalation in Firefox's Debugger component allows remote attackers to gain elevated system privileges after user interaction with a malicious site. Affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10. CVSS 8.8 severity with network attack vector and no authentication required. SSVC framework indicates no active exploitation detected and non-automatable attack pattern. Vendor-released patches available in Firefox 150 and Firefox ESR 140.10 per Mozilla security advisories MFSA2026-30 through MFSA2026-34.
Remote attackers can escalate privileges in Firefox and Firefox ESR through a flaw in the Networking component when a user interacts with malicious content. The vulnerability affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10, allowing attackers with no initial privileges to achieve high impact on confidentiality, integrity, and availability. Mozilla has released patches for both product lines. EPSS data not available; no confirmed active exploitation (not listed in CISA KEV); public exploit code status unknown.
Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORDER BY expressions. This vulnerability is fixed in 1.5.0.
Remote filesystem bridge in OpenClaw (<2026.3.31) enables sandbox escape through a TOCTOU race condition in readFile validation. Authenticated remote attackers can exploit the timing gap between path validation and file read operations to bypass sandbox restrictions and access arbitrary files outside the intended security boundary, potentially compromising both confidentiality and integrity of the underlying system. EPSS score of 0.03% (7th percentile) suggests low probability of widespread exploitation despite CVSS 8.8 severity, though patch availability from vendor (commit 121870a) enables defenders to remediate proactively before active exploitation begins.
A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.