Arbitrary file deletion via path traversal in Betheme WordPress theme version 28.4 and earlier allows authenticated contributors and above to delete arbitrary files on the server by manipulating the mfn-icon-upload parameter in the upload_icons() function. The vulnerability requires valid WordPress account credentials at contributor level or higher but exploits an unconstrained filesystem move operation to bypass upload directory restrictions. No public exploit code or active KEV listing identified at analysis time.
Remote denial of service in vLLM 0.6.1 through 0.19.x allows unauthenticated attackers to crash worker processes by sending text-only prompts containing special multimodal placeholder tokens (e.g., '<|vision_start|><|image_pad|><|vision_end|>') without corresponding image or video data. The vulnerability stems from unprotected array indexing in the input position computation layer when processing vision tokens, causing an IndexError that terminates the worker and degrades service availability. A single malicious request can trigger the fault.
Server-side request forgery in requests-hardened prior to 1.2.1 allows remote attackers to bypass SSRF protection and access internal services within RFC 6598 Shared Address Space (100.64.0.0/10) by supplying arbitrary URLs, particularly impacting AWS EKS deployments where this CIDR is the default pod network. The vulnerability has a CVSS score of 6.5 and is environment-dependent, affecting only deployments using the vulnerable IP range for internal networking. Vendor-released patch: version 1.2.1 extends IP filtering logic to block RFC 6598, 6to4 relay anycast, IPv6 reserved ranges, and multicast addresses.
Traccar versions 6.11.1 through 6.13.0 fail to escape user-controlled device and computed attributes in CSV export functionality, allowing authenticated attackers to inject spreadsheet formulas that execute when a manager or administrator opens the exported file, potentially leading to command execution or data exfiltration. The vulnerability requires user interaction (opening the CSV) but affects all confidentiality, integrity, and availability once exploitation occurs. Patch available in version 6.13.0.
Sensitive information disclosure in Grav CMS v1.8.0-beta.29 allows low-privileged users with page editing permissions to bypass Twig sandbox restrictions and extract administrative password hashes and security salts via the exposed `grav['accounts']` service. A content editor can inject a Twig template with `{{ grav['accounts'].load('admin').get('hashed_password') }}` to retrieve plaintext Bcrypt hashes accessible for offline brute-force attack. Vendor-released patch available (2.0.0-beta.2 and commit c66dfeb5ff679a1667678c6335eb9ff3255dfc47); publicly available proof-of-concept exists demonstrating practical exploitation.
RouterOS fails to properly validate certificate scope across its shared system certificate store, allowing any trusted certificate authority to authenticate in contexts beyond its intended scope. This vulnerability enables partial or full authentication bypass in OpenVPN, CAPsMAN, and 802.1X (Dot1x) services, affecting all RouterOS versions that use the vulnerable shared certificate validation logic. The vulnerability requires network access but no user interaction or authentication, making it remotely exploitable against default configurations.
GenerateBlocks plugin for WordPress up to version 2.2.0 fails to verify object-level authorization on the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint, allowing authenticated Contributor-level users to extract sensitive information from arbitrary posts including author email addresses and post meta values through crafted dynamic tag payloads. The vulnerability checks only for edit_posts capability but does not verify access to specific posts, exposing confidential data across the entire site to low-privilege authenticated users.
Stored Cross-Site Scripting in Royal Addons for Elementor's Instagram Feed widget allows authenticated contributors and above to inject arbitrary JavaScript via the 'instagram_follow_text' setting, which executes in the browsers of all users viewing the affected page. The vulnerability affects all versions up to 1.7.1056 and requires the Instagram Feed widget to be previously configured with a valid access token by an administrator. No public exploit code or active exploitation has been confirmed at this time.
Stored Cross-Site Scripting in WP-Clippy plugin for WordPress up to version 1.0.0 allows authenticated attackers with contributor-level access or higher to inject arbitrary JavaScript via the `clippy` shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page. No public exploit code or active exploitation has been identified at the time of analysis.
Stored Cross-Site Scripting in WP Carousel Free plugin for WordPress affects all versions up to 2.7.10, allowing authenticated attackers with Contributor-level access to inject arbitrary JavaScript via malformed carousel container IDs in the fancybox `data-caption` attribute. The vulnerability arises when the fancybox configuration script fails to initialize due to unsanitized DOM selectors, causing the bundled fancybox library v3.5.7 to fall back to unsafe default caption handling that renders HTML directly. This enables script execution in the context of site visitors clicking images in the compromised carousel lightbox. No public exploit code or active exploitation has been confirmed at the time of analysis.
Stored cross-site scripting in Charts Ninja: Create Beautiful Graphs & Charts plugin for WordPress (all versions up to 2.1.0) allows authenticated contributors and above to inject arbitrary JavaScript via the 'chartid' shortcode attribute due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, potentially compromising site visitors and administrative accounts. No public exploit code or active exploitation has been confirmed at this time.
Stored HTML injection in AVideo's notifySubscribers endpoint allows any authenticated uploader to broadcast platform-branded phishing emails to up to 10,000 channel subscribers without sanitization, escaping, or rate limits. The attacker-supplied HTML is injected directly into the email template via str_replace and rendered by PHPMailer, arriving with the platform's official contact email address, logo, and site title, enabling credential theft and reconnaissance at scale with no visible indication that content originated from an uploader rather than the platform operator.
Stored cross-site scripting in Simple Owl Shortcodes WordPress plugin versions up to 2.1.1 allows authenticated contributors and above to inject arbitrary JavaScript via the 'num' attribute of the 'owls_wrapper' shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, enabling session hijacking, credential theft, or malware distribution. No public exploit code or active exploitation has been confirmed at the time of analysis.
Stored Cross-Site Scripting in Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin up to version 3.5.3 allows authenticated attackers with contributor-level access to inject arbitrary JavaScript into pages via the 'separatorIconSVG' parameter, executing malicious scripts whenever users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping. No public exploit code or active exploitation has been identified at the time of analysis.
Server-Side Request Forgery in Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin versions up to 3.5.3 allows authenticated contributors and above to initiate arbitrary web requests from the vulnerable server via the import_images() function, enabling query and modification of internal services. The vulnerability is exploitable without user interaction over the network, affecting sites with contributor-level users or higher.
Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.
Server-side request forgery in OpenClaw npm package before 2026.4.14 allows authenticated remote attackers to access internal services and cloud metadata endpoints through browser-driven requests. The vulnerability stems from a misconfigured browser SSRF policy that permits private-network navigation by default, enabling cross-scope information disclosure without user interaction. Patch available in version 2026.4.14 with vendor advisory and multiple fix commits confirmed. No public exploit or CISA KEV listing identified at time of analysis, though CVSS 7.7 reflects high confidentiality impact with changed scope.
OpenClaw versions 2026.4.10 through 2026.4.13 fail to enforce sender allowlist checks in the Microsoft Teams SSO invoke handler, allowing attackers to bypass authorization controls and access Teams SSO sign-in functionality without proper validation. The vulnerability affects unauthenticated remote attackers and has been patched in version 2026.4.14, which routes SSO invoke handling through the standard sender authorization path used by normal message handling.
Open redirect vulnerability in Jupyter Server through version 2.17.0 allows unauthenticated remote attackers to redirect users to arbitrary external domains via insufficiently validated next query parameters in the login flow, enabling phishing attacks. User interaction (clicking a crafted login link) is required. The vulnerability is fixed in version 2.18.0.
Stored XSS in LobeChat's message rendering escalates to remote code execution via exposed Electron IPC when victims configure an attacker-controlled LLM provider endpoint. The vulnerability chains unfiltered HTML rendering with an unauthenticated shellCommand IPC handler that executes arbitrary system commands at user privilege level. Confirmed in versions up to 2.1.26; patch released in v2.1.48. Public proof-of-concept demonstrates opening arbitrary applications via malicious LLM API responses.
Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.
Reflected cross-site scripting in Zingaya Click-to-Call WordPress plugin up to version 1.0 allows unauthenticated attackers to inject arbitrary web scripts via the email, first_name, last_name, and phone parameters on the plugin's admin sign-up page. The vulnerability requires user interaction (clicking a malicious link) and results in session hijacking, credential theft, or defacement within the WordPress admin context. No public exploit code or active exploitation has been identified at the time of analysis.
Reflected Cross-Site Scripting in Blog Settings plugin for WordPress versions up to 1.0 allows unauthenticated attackers to inject arbitrary JavaScript via the 'page' parameter due to insufficient input sanitization and output escaping. An attacker must trick a user into clicking a malicious link to execute the injected script in the victim's browser session, potentially compromising WordPress admin credentials or site functionality.
Authentication bypass in Ethyca Fides allows administrators to unknowingly approve privacy erasure requests without identity verification when both subject identity verification and duplicate privacy request detection are enabled, resulting in unauthorized deletion of data subject records across all configured integrations. The vulnerability exploits a UI/UX flaw in the administrative interface that fails to clearly indicate unverified identity status on duplicate-classified requests, combined with a logic gap that processes unverified requests if approved by an admin. No public exploit code identified at time of analysis, but exploitation requires only an unauthenticated attacker with knowledge of a target's email address and access to the public Privacy Center.
Reflected XSS in AVideo's Meet plugin allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unescaped user and pass query parameters into a JavaScript string literal. The vulnerability is reachable without authentication on any public Meet schedule with no password (the default configuration), enabling session cookie theft and account takeover of authenticated users. CVSS 6.1 (AV:N/AC:L/PR:N/UI:R/S:C) reflects network delivery requiring user interaction but changed scope due to cookie exfiltration across the AVideo application origin.
SQL injection in itsourcecode Courier Management System 1.0 via the ids parameter in /print_pdets.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact to confidentiality, integrity, and availability. The vulnerability has a publicly available proof-of-concept and is characterized by low CVSS score (2.1) due to authentication requirement and limited scope, but SQL injection itself represents a persistent threat vector if the system processes sensitive courier data.
Open redirect vulnerability in OpenMage LTS through version 20.17.0 allows authenticated attackers to redirect logged-in customers to arbitrary external URLs via an unvalidated `uenc` parameter in the ProductAlert `stockAction()` controller. The vulnerability occurs when a non-existent product ID is supplied, bypassing the `_isUrlInternal()` validation check present in the analogous `priceAction()` method. Attackers can exploit this for credential phishing, OAuth token theft, affiliate fraud, or malware distribution by crafting a malicious link and distributing it via email, forums, or social media.
Stored Cross Site Scripting in ERPNext v15.103.1 and earlier allows users with email template creation or editing permissions to inject malicious JavaScript that executes in victims' browsers when the template is applied, affecting confidentiality and integrity with a low EPSS score of 0.02% suggesting minimal real-world exploitation despite the moderate CVSS score of 6.1.
Cross-Site Request Forgery in Publish 2 Ping.fm WordPress plugin up to version 1.1 allows unauthenticated attackers to modify plugin settings and inject malicious scripts by tricking site administrators into clicking a crafted link, exploiting missing nonce validation on the admin settings page. The vulnerability requires user interaction (admin click) and affects the plugin's confidentiality and integrity but not availability. No public exploit code or active exploitation has been confirmed.
Out-of-bounds read in X.Org X Server XKB modifier map handling allows local authenticated attackers to read sensitive memory or crash the server by sending malformed X11 requests. The vulnerability affects RHEL 6 through 10 and requires local access with user-level privileges; exploitation results in information disclosure or denial of service.
Out-of-bounds read in X.Org X server XKB geometry processing allows local or remote attackers with X11 server access to disclose sensitive memory contents or cause denial of service by crashing the server. The vulnerability exists in CheckSetGeom() and XkbAddGeomKeyAlias functions and requires low privileges but no user interaction. No public exploit code or active exploitation has been identified at time of analysis.
Reflected cross-site scripting (XSS) in FluentCMS 1.2.3 TextHTML plugin allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by other users via specially crafted requests. The vulnerability requires user interaction (clicking a malicious link) and affects confidentiality and integrity with a CVSS score of 6.1, but is not currently exploited in the wild and carries negligible exploitation probability per EPSS.
Missing authentication in Langchain-Chatchat up to version 0.3.1.3 allows unauthenticated local network attackers to access and manipulate files through the Compatible File Service endpoints (files/list_files, retrieve_file, retrieve_file_content, delete_file) in openai_routes.py without credentials. The vulnerability has a publicly available proof-of-concept exploit and affects confidentiality, integrity, and availability of stored files, though impact is limited to low severity per CVSS scoring; however, the lack of authentication on file operations represents a significant security control failure.
Symlink traversal in OpenClaw versions 2026.3.22 before 2026.4.5 allows unauthenticated remote attackers with user interaction to read arbitrary files outside the remote marketplace repository root. The vulnerability exploits improper path canonicalization in the marketplace plugin's remote repository handler, exposing sensitive information with a CVSS score of 6.5. Vendor-released patch available in version 2026.4.5.
OpenClaw before version 2026.4.12 contains an improper authorization flaw in helper-backed channels where empty resolved approver lists are incorrectly interpreted as explicit approval authorization. Authenticated attackers who know an approval ID can resolve pending approvals without proper authorization by exploiting this logic error, bypassing intended sender authorization checks. This vulnerability has a CVSS score of 6.5 (medium) with network attack vector and requires only low privileges, though no public exploit code or active exploitation has been identified.
PaperCut Hive Ricoh embedded application logs administrative credentials in plain text when Deep Logging diagnostic mode is enabled, allowing authenticated administrators to remotely activate logging and extract device passwords after user authentication. This credential exposure enables lateral movement within the print infrastructure and unauthorized device reconfiguration, affecting organizations that depend on Hive for centralized print management.
OpenTelemetry OpAMP client allocates unbounded buffers when reading HTTP responses from an OpAMP server, enabling memory exhaustion denial-of-service attacks if the configured server is attacker-controlled or subject to network interception. An attacker can send an extremely large HTTP response body that forces the client application to allocate memory without limits, exhausting available memory and crashing the application. CVSS 5.9 reflects moderate severity; exploitation requires network positioning (man-in-the-middle or control of the OpAMP server endpoint), which limits real-world attack surface. Upstream fix available in version 0.2.0-alpha.1.
Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.
Stored cross-site scripting (XSS) in PublishPress Future WordPress plugin versions up to 4.10.0 allows authenticated administrators to inject arbitrary JavaScript via the 'wrapper' attribute of the [futureaction] shortcode, which executes in the browsers of all users viewing the affected page. The vulnerability stems from insufficient sanitization: the plugin uses esc_html() to escape the attribute value but then passes it as a bare HTML tag name in a sprintf() call, permitting event handler injection through spaces. Since administrators can delegate this functionality to lower-privileged contributors, the attack surface extends beyond high-privilege users.
Unchecked return value in the drm/vc4 DRM driver allows a local low-privileged user to cause a kernel crash and denial of service on systems equipped with Broadcom VideoCore 4 GPU hardware. The driver's initialization path passes the return value of platform_get_irq_byname() - which returns a negative errno on failure - directly into devm_request_threaded_irq() without validation, causing undefined kernel behavior when IRQ resource lookup fails. No public exploit exists and EPSS is 0.02% (7th percentile), but unpatched systems running the vc4 module (primarily Raspberry Pi devices) remain susceptible to local DoS via kernel crash.
Resource leak in the Linux kernel's Bluetooth hci_ll driver allows a local authenticated user to cause kernel memory exhaustion by repeatedly triggering an error path in download_firmware() where firmware objects allocated by request_firmware() are never released when their content is invalid. Systems equipped with Texas Instruments Bluetooth hardware (using the hci_ll driver) are affected across numerous stable kernel branches dating back to Linux 4.12. No public exploit exists and EPSS is 0.02% (7th percentile), classifying this as a low-urgency maintenance fix; patches are available across all actively maintained stable branches.
Repeated data loss occurs on Linux kernel systems using ext4 filesystems due to the `ext4_mb_find_by_goal()` function failing to skip corrupted block groups during block allocation. Affected kernels from commit 163a203ddb36 through multiple stable branches will continuously attempt to allocate blocks from a group flagged `EXT4_MB_GRP_BBITMAP_CORRUPT`, producing kernel error messages stating 'This should not happen!! Data will be lost' and causing permanent inode data loss. No public exploit has been identified and EPSS is 0.02%, but the availability impact is rated High; this is a resilience defect in ext4 error-handling that requires local access and pre-existing filesystem corruption to manifest.
Buffer-head reference leak in Linux kernel ext4 fast-commit replay (ext4_fc_replay_inode()) allows local authenticated users to exhaust kernel memory, resulting in denial of service. Four distinct error paths in the function skip the mandatory brelse() call on iloc.bh, and the function previously masked all errors by always returning 0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects very low real-world exploitation probability and no CISA KEV listing corroborates the absence of observed active exploitation.
Availability impact in the Linux kernel's ext4 filesystem subsystem arises from improperly managed discard workqueue lifecycle during remount and unmount operations. When a filesystem mounted with `-o discard` is remounted with `-o nodiscard` and then immediately unmounted, pending `s_discard_work` workqueue items are neither cancelled nor flushed before superblock teardown, potentially causing the work callback to reference freed memory and crash the kernel. Patch commits are confirmed across multiple stable branches; EPSS is 0.02% (7th percentile) and no KEV listing or public exploit exists, indicating negligible real-world exploitation risk outside of automated fuzzer (syzkaller) scenarios.
Resource leak in the Linux kernel dmaengine idxd subsystem allows a local low-privileged user to cause availability impact on systems equipped with Intel DSA (Data Streaming Accelerator) or IAA (Intel Analytics Accelerator) hardware. The .release() callback for the associated workqueue fails to free the workqueue when the device object is destroyed, meaning repeated allocation and deallocation cycles progressively exhaust kernel workqueue resources. No public exploit identified at time of analysis, and an EPSS score of 0.02% (7th percentile) confirms negligible real-world exploitation probability; however, patched stable kernel releases are available and should be applied on affected hardware platforms.
TX deadlock in the Linux kernel's 8250 serial UART driver permanently blocks DMA transmissions when a DMA transaction is terminated without its completion callback executing. Specifically, `dmaengine_terminate_async` does not guarantee that `__dma_tx_complete` runs, leaving `dma->tx_running` permanently set and preventing any subsequent TX DMA scheduling. This availability-only denial-of-service (CVSS A:H) requires local low-privileged access and only manifests on systems with 8250 UART hardware operating in DMA mode; no public exploit exists and no KEV listing is present.
Path traversal vulnerability in RTGS2017 NagaAgent up to version 5.1.0 allows remote unauthenticated attackers to manipulate the Name argument in the Skills Endpoint (apiserver/routes/extensions.py) to access arbitrary files on the server with limited confidentiality impact. Exploit code has been publicly disclosed and the vendor was informed via issue report but has not responded with a patch.
Misuse of the `__copy_user_nocache()` function in the Linux kernel's x86-64 subsystem - specifically within NTB driver code and several other drivers - causes STAC/CLAC (SMAP-disabling) instructions to execute during kernel-to-kernel memory copies where no user-space access is actually performed. This incorrect usage defeats the Supervisor Mode Access Prevention (SMAP) protection temporarily and, critically, attaches user-space exception handling semantics to pure kernel copies; if a machine check exception or memory fault occurs during this window, the kernel may not handle it gracefully, resulting in a kernel panic. The CVSS availability-high rating (A:H) reflects this crash potential for any local authenticated user able to trigger the affected driver paths. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%.
Heap buffer overflow in GPAC's SVG attribute parser allows local attackers to cause denial of service by providing crafted SVG input that triggers out-of-bounds memory access in the svg_parse_strings() function. The vulnerability requires user interaction (opening a malicious SVG file) and operates with low complexity on local systems. While CVSS score is moderate (5.5) and EPSS probability is very low (0.02%), the issue affects the widely-used multimedia framework's SVG handling and has been confirmed fixed upstream.
Formula injection in Kimai 2.27.0 through 2.53.0 allows authenticated users with ROLE_USER to create tags containing formula strings (e.g., =SUM(54+51)) via the POST /api/tags endpoint. When administrators export timesheets to XLSX format, the ArrayFormatter joins tag names without sanitization, and OpenSpout automatically promotes formula-prefixed strings to FormulaCell objects. Excel or LibreOffice Calc evaluates these formulas when the exported file is opened, enabling code execution on any workstation that imports and opens the poisoned spreadsheet. Publicly available exploit code demonstrates the attack via normal user account and admin export workflow.