Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Remote unauthenticated denial of service crashes GoBGP routing daemon via malformed BGP UPDATE message exploiting index-out-of-bounds panic. Attackers send crafted BGP UPDATE with AS4_PATH attribute preceding AS_PATH, causing slice index mismanagement in UpdatePathAttrs4ByteAs function (internal/pkg/table/message.go). Publicly available exploit code exists with hex-level proof-of-concept payload demonstrating immediate process termination. Affects GoBGP v4.2.0 and earlier; vendor-released patch v4.3.0 available per GitHub advisory GHSA-8rxh-r2p6-7f2q. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects network-accessible, low-complexity attack requiring no privileges, resulting in complete routing service disruption.
Remote denial of service via nil pointer dereference crashes GoBGP 4.3.0 when processing malformed BGP UPDATE messages containing unrecognized well-known path attributes. A single crafted UPDATE packet with an invalid Type Code (e.g., 0xEE or 0xFF) marked as well-known (Optional bit = 0) triggers a panic that terminates the entire BGP daemon process, not just the affected session. Publicly available exploit code exists with detailed proof-of-concept payloads confirmed by GitHub advisory GHSA-7235-89m6-f4px. Network-facing BGP deployments are at immediate operational risk despite CVSS 7.5, as BGP peering relationships make this trivially exploitable by any established peer.
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.
B1 Free Archiver v1.5.86 strips Mark of the Web (MotW) protections from files extracted from internet-downloaded archives, allowing untrusted executables to run without Windows Defender SmartScreen warnings. Attackers can deliver malware via email attachments or malicious downloads that, when extracted using this archiver, bypass Windows security prompts entirely. EPSS exploitation probability is minimal (0.01%) with no active exploitation or public POC identified, suggesting limited real-world targeting despite the 7.3 CVSS score and theoretical RCE capability.
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze requiring hardware reset) by sending a single crafted DHCPv6 packet. The issue is present whenever DHCPv6 is enabled. To mitigate this issue, users should upgrade to version V4.2.6 or V4.4.1 or newer.
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
Sandbox escape in n8n's Python Task Runner enables authenticated workflow editors to execute arbitrary code on the task runner container. This vulnerability (CWE-94: Improper Control of Generation of Code) affects n8n instances with the Python Code Node feature enabled, allowing attackers with workflow creation/modification permissions to break out of the Python sandbox. Vendor-released patches are available in versions 1.123.32, 2.17.4, and 2.18.1. No public exploit identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for exploitation by authenticated users.
Authenticated users with shared workflow access in n8n can exfiltrate other users' API credentials by injecting foreign credential IDs into dynamic-node-parameters endpoint requests. The vulnerability forces the n8n backend to decrypt and replay stolen credentials against attacker-controlled URLs, enabling credential theft across workflow collaborators. Affects npm package n8n versions <1.123.33 and 2.17.0-2.17.4, with vendor-confirmed patches available in 1.123.33 and 2.17.5. No public exploit identified at time of analysis, though CVSS 8.5 with scope change (S:C) reflects the multi-tenant credential boundary violation.
Inverted authorization logic in Admidio's two-factor authentication reset module allows non-admin users with profile edit permissions to strip TOTP protection from administrator accounts while paradoxically blocking users from resetting their own 2FA. A group leader holding 'hasRightEditProfile()' rights on an admin account can send a single POST request to /adm_program/modules/profile/two_factor_authentication.php with the admin's UUID, disabling the admin's 2FA and reducing account security to password-only. This vulnerability affects Admidio versions ≤5.0.8; patched version 5.0.9 corrects the inverted comparison operator. Public exploit code exists via the GitHub advisory's proof-of-concept. No confirmed active exploitation (not in CISA KEV).
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information on the targeted system.
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system.
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system.
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint. To mitigate this issue, users should upgrade to the fixed version when available.
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.