IObit Advanced SystemCare 19 contains a symlink following vulnerability in the ASC.exe Service component that allows local authenticated attackers to achieve high-impact confidentiality and integrity violations. The vulnerability requires local access and elevated privileges (PR:L) but has high attack complexity (AC:H), making real-world exploitation difficult despite public exploit availability. CVSS 6.4 reflects the local-only attack vector and privilege requirement, though the confidentiality and integrity impacts are rated high.
PocketBase versions before 0.22.42 and 0.30.0-0.37.3 allow account pre-hijacking via OAuth2 autolinking, where an attacker knowing a victim's email can create an unverified account linked to one OAuth2 provider, then retain access when the victim authenticates with a different provider and the accounts are auto-merged, because previous OAuth2 links are not cleared during the upgrade from unverified to verified status. Publicly available exploit code exists; vendor recommends immediate upgrade to v0.37.4 or v0.22.42.
Dify before version 1.14.0 allows authenticated users to bypass authorization controls and read arbitrary files uploaded by other users within the same tenant by supplying unauthorized file UUIDs in chat-messages API requests. The vulnerability exploits insufficient permission verification on file access endpoints, enabling attackers to circumvent workspace separation and signed URL protections to retrieve sensitive file contents processed through workflows. Publicly available exploit code exists, and a vendor-released patch (version 1.14.0) is available.
Command injection in code-mcp's git_operation function allows remote attackers to execute arbitrary system commands by manipulating the operation argument. The vulnerability affects all versions up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 and has publicly available exploit code. Continuous delivery model means no versioned releases exist, complicating patching timelines.
Path traversal vulnerability in 54yyyu code-mcp's MCP File Handler (function is_safe_path in src/code_mcp/server.py) allows remote unauthenticated attackers to access files outside intended directories with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the project uses rolling releases without versioned releases, and the vendor has not yet responded to early disclosure.
Path traversal in UsamaK98 python-notebook-mcp allows remote unauthenticated attackers to read, write, and manipulate notebook files outside their intended directory via crafted input to the create_notebook, read_notebook, edit_cell, and add_cell functions in server.py. Public exploit code is available. The project uses rolling releases with no versioning, and the vendor has not yet responded to the initial issue report despite early notification.
Path traversal in Axle-Bucamp MCP-Docusaurus document handling functions allows remote unauthenticated attackers to manipulate the DOCS_DIR path parameter in update_document, continue_document, delete_document, and get_content endpoints, enabling unauthorized file access and manipulation. The vulnerability affects all versions up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0, with publicly available exploit code disclosed via GitHub issues.
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in MinIO's ReadMultiple internode storage-REST endpoint allows authenticated cluster peers or root-credential holders to read arbitrary files from the host filesystem outside configured drive roots. Distributed-erasure (multi-node) deployments are affected; single-node standalone deployments are not. The vulnerability exists in all releases from RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z and has been fixed as of MinIO AIStor RELEASE.2024-10-23T19-38-07Z (with security patch RELEASE.2026-04-14T21-32-45Z recommended). No public exploit code or active exploitation has been identified at time of analysis.
Stored cross-site scripting in Grav CMS via Markdown media attribute injection allows authenticated page editors to inject executable JavaScript event-handler attributes into rendered image HTML. An editor can craft Markdown syntax like `)` which bypasses the attribute() media method's input validation and renders as `<img onload="alert(1)">`, executing arbitrary JavaScript in the browsers of any user viewing the affected page, including administrators and reviewers in multi-user installations. Publicly available patch confirmed in version 2.0.0-beta.2.
Arbitrary file write in wireshark-mcp up to version 1.1.5 allows remote attackers to write files to any filesystem location via prompt injection in pcap payloads that trigger the wireshark_export_objects MCP tool. The vulnerability exploits missing mandatory path restrictions when the WIRESHARK_MCP_ALLOWED_DIRS environment variable is not configured (default state). An attacker can craft a malicious pcap with embedded HTTP objects bearing filenames like authorized_keys, manipulate an AI model using the MCP server into calling export_objects with dest_dir=/home/user/.ssh/, and achieve SSH access, cron hijacking, or web shell placement. Publicly available proof of concept confirms exploitation against version 1.1.5 with tshark 4.6.4; no vendor-released patch exists at time of analysis.
Password hash exposure in AVideo's MobileManager OAuth redirect enables account takeover when unauthenticated attackers capture the redirect URL from server logs, browser history, or referrer leakage, then replay the hash via the login endpoint's encodedPass bypass. The vulnerability affects all users who authenticate through OAuth (Google, etc.) when the MobileManager plugin is enabled, including administrators, and requires only user interaction to trigger the initial OAuth flow-no active exploitation in the wild has been confirmed at analysis time, but a working proof-of-concept exists and patch has been released by the vendor.
DNS rebinding in Admidio's SSO metadata fetch endpoint bypasses SSRF protections by validating a hostname's IP address with gethostbyname() but passing the original hostname to curl_init(), allowing attackers to redirect requests to internal services including cloud metadata endpoints. Authenticated administrators can exploit this TOCTOU window between DNS resolution check and cURL connection to access internal IP ranges, read instance metadata, or scan internal networks.
Arbitrary file read as root via symlink following vulnerability in Tunnelblick versions 3.3beta26 through 9.0beta01 allows any local user to exploit tunnelblick-helper through the world-accessible tunnelblickd Unix socket to read arbitrary root-owned files. The vulnerability exists because tunnelblick-helper constructs paths to configuration files within user-controlled directories and reads them as root without validating symlinks, enabling attackers to redirect reads to sensitive files. Vendor-released patch available in version 9.0beta02. SSVC framework identifies this as exploitable with publicly available proof-of-concept code but not automatically exploitable.
Event spoofing in sse-channel (npm) allows attackers to inject arbitrary Server-Sent Events (SSE) messages by passing unsanitized user input to the event, retry, or id fields, enabling client-side manipulation and data integrity violations. Affects sse-channel versions 4.0.0 and earlier; patched in v4.0.1. No public exploit code identified at time of analysis, but vulnerability is straightforward to exploit if user-controlled data reaches SSE field parameters.
ElementsKit Elementor Addons plugin for WordPress versions up to 3.8.2 allows unauthenticated attackers to overwrite Elementor widget content via a missing capability check in the Live_Action::reset() function. By crafting a URL with specific GET parameters (post and action=elementor), attackers can permanently replace any elementskit_widget custom post type's design, text, and configurations with a blank template, causing data loss without requiring authentication or user interaction.
EmailKit plugin for WordPress versions up to 1.6.5 allows authenticated attackers with Author-level access to read arbitrary files from the server due to a path traversal vulnerability in the create_template() method. The vulnerability exploits a PHP 8.x type coercion flaw where realpath() returns false for non-existent directories, causing strpos() validation to incorrectly evaluate and bypass directory restrictions. Attackers can retrieve sensitive files such as wp-config.php by submitting absolute paths via the emailkit-editor-template REST API parameter. No public exploit code identified at time of analysis, though the vulnerability mechanism is trivial to weaponize once authentication is obtained.
Path traversal in PyLoad-ng package folder name sanitization allows authenticated users with ADD permission to write files outside the intended download directory via insufficient string replacement logic. The sanitizer replaces `../` with `_`, but the pattern `....//` bypasses this filter by becoming `.._` after replacement, leaving exploitable `..` sequences that the OS later resolves. CVSS 6.5 (network-accessible, low complexity, requires low-privilege authentication, high integrity impact). Publicly available proof-of-concept code demonstrates exploitation against default credentials.
Subscribe To Comments Reloaded plugin for WordPress up to version 240119 allows unauthenticated attackers to extract a global secret key from public post pages and forge authorization tokens, enabling unauthorized modification of comment subscription preferences for arbitrary users. The vulnerability stems from weak hash generation and key exposure, affecting all installations without authentication requirements. Active exploitation potential is high given the trivial access vector (network, no user interaction) and the ability to manipulate user subscription data.
Arbitrary file deletion via path traversal in Betheme WordPress theme version 28.4 and earlier allows authenticated contributors and above to delete arbitrary files on the server by manipulating the mfn-icon-upload parameter in the upload_icons() function. The vulnerability requires valid WordPress account credentials at contributor level or higher but exploits an unconstrained filesystem move operation to bypass upload directory restrictions. No public exploit code or active KEV listing identified at analysis time.
Remote denial of service in vLLM 0.6.1 through 0.19.x allows unauthenticated attackers to crash worker processes by sending text-only prompts containing special multimodal placeholder tokens (e.g., '<|vision_start|><|image_pad|><|vision_end|>') without corresponding image or video data. The vulnerability stems from unprotected array indexing in the input position computation layer when processing vision tokens, causing an IndexError that terminates the worker and degrades service availability. A single malicious request can trigger the fault.
Server-side request forgery in requests-hardened prior to 1.2.1 allows remote attackers to bypass SSRF protection and access internal services within RFC 6598 Shared Address Space (100.64.0.0/10) by supplying arbitrary URLs, particularly impacting AWS EKS deployments where this CIDR is the default pod network. The vulnerability has a CVSS score of 6.5 and is environment-dependent, affecting only deployments using the vulnerable IP range for internal networking. Vendor-released patch: version 1.2.1 extends IP filtering logic to block RFC 6598, 6to4 relay anycast, IPv6 reserved ranges, and multicast addresses.
Traccar versions 6.11.1 through 6.13.0 fail to escape user-controlled device and computed attributes in CSV export functionality, allowing authenticated attackers to inject spreadsheet formulas that execute when a manager or administrator opens the exported file, potentially leading to command execution or data exfiltration. The vulnerability requires user interaction (opening the CSV) but affects all confidentiality, integrity, and availability once exploitation occurs. Patch available in version 6.13.0.
{{ grav['accounts'].load('admin').get('hashed_password') }}` to retrieve plaintext Bcrypt hashes accessible for offline brute-force attack. Vendor-released patch available (2.0.0-beta.2 and commit c66dfeb5ff679a1667678c6335eb9ff3255dfc47); publicly available proof-of-concept exists demonstrating practical exploitation.
RouterOS fails to properly validate certificate scope across its shared system certificate store, allowing any trusted certificate authority to authenticate in contexts beyond its intended scope. This vulnerability enables partial or full authentication bypass in OpenVPN, CAPsMAN, and 802.1X (Dot1x) services, affecting all RouterOS versions that use the vulnerable shared certificate validation logic. The vulnerability requires network access but no user interaction or authentication, making it remotely exploitable against default configurations.
GenerateBlocks plugin for WordPress up to version 2.2.0 fails to verify object-level authorization on the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint, allowing authenticated Contributor-level users to extract sensitive information from arbitrary posts including author email addresses and post meta values through crafted dynamic tag payloads. The vulnerability checks only for edit_posts capability but does not verify access to specific posts, exposing confidential data across the entire site to low-privilege authenticated users.
Stored Cross-Site Scripting in Royal Addons for Elementor's Instagram Feed widget allows authenticated contributors and above to inject arbitrary JavaScript via the 'instagram_follow_text' setting, which executes in the browsers of all users viewing the affected page. The vulnerability affects all versions up to 1.7.1056 and requires the Instagram Feed widget to be previously configured with a valid access token by an administrator. No public exploit code or active exploitation has been confirmed at this time.
Stored Cross-Site Scripting in WP-Clippy plugin for WordPress up to version 1.0.0 allows authenticated attackers with contributor-level access or higher to inject arbitrary JavaScript via the `clippy` shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page. No public exploit code or active exploitation has been identified at the time of analysis.
Stored Cross-Site Scripting in WP Carousel Free plugin for WordPress affects all versions up to 2.7.10, allowing authenticated attackers with Contributor-level access to inject arbitrary JavaScript via malformed carousel container IDs in the fancybox `data-caption` attribute. The vulnerability arises when the fancybox configuration script fails to initialize due to unsanitized DOM selectors, causing the bundled fancybox library v3.5.7 to fall back to unsafe default caption handling that renders HTML directly. This enables script execution in the context of site visitors clicking images in the compromised carousel lightbox. No public exploit code or active exploitation has been confirmed at the time of analysis.
Stored cross-site scripting in Charts Ninja: Create Beautiful Graphs & Charts plugin for WordPress (all versions up to 2.1.0) allows authenticated contributors and above to inject arbitrary JavaScript via the 'chartid' shortcode attribute due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, potentially compromising site visitors and administrative accounts. No public exploit code or active exploitation has been confirmed at this time.
Stored HTML injection in AVideo's notifySubscribers endpoint allows any authenticated uploader to broadcast platform-branded phishing emails to up to 10,000 channel subscribers without sanitization, escaping, or rate limits. The attacker-supplied HTML is injected directly into the email template via str_replace and rendered by PHPMailer, arriving with the platform's official contact email address, logo, and site title, enabling credential theft and reconnaissance at scale with no visible indication that content originated from an uploader rather than the platform operator.
Stored cross-site scripting in Simple Owl Shortcodes WordPress plugin versions up to 2.1.1 allows authenticated contributors and above to inject arbitrary JavaScript via the 'num' attribute of the 'owls_wrapper' shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, enabling session hijacking, credential theft, or malware distribution. No public exploit code or active exploitation has been confirmed at the time of analysis.
Stored Cross-Site Scripting in Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin up to version 3.5.3 allows authenticated attackers with contributor-level access to inject arbitrary JavaScript into pages via the 'separatorIconSVG' parameter, executing malicious scripts whenever users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping. No public exploit code or active exploitation has been identified at the time of analysis.
Server-Side Request Forgery in Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin versions up to 3.5.3 allows authenticated contributors and above to initiate arbitrary web requests from the vulnerable server via the import_images() function, enabling query and modification of internal services. The vulnerability is exploitable without user interaction over the network, affecting sites with contributor-level users or higher.
Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.
Server-side request forgery in OpenClaw npm package before 2026.4.14 allows authenticated remote attackers to access internal services and cloud metadata endpoints through browser-driven requests. The vulnerability stems from a misconfigured browser SSRF policy that permits private-network navigation by default, enabling cross-scope information disclosure without user interaction. Patch available in version 2026.4.14 with vendor advisory and multiple fix commits confirmed. No public exploit or CISA KEV listing identified at time of analysis, though CVSS 7.7 reflects high confidentiality impact with changed scope.
OpenClaw versions 2026.4.10 through 2026.4.13 fail to enforce sender allowlist checks in the Microsoft Teams SSO invoke handler, allowing attackers to bypass authorization controls and access Teams SSO sign-in functionality without proper validation. The vulnerability affects unauthenticated remote attackers and has been patched in version 2026.4.14, which routes SSO invoke handling through the standard sender authorization path used by normal message handling.
Open redirect vulnerability in Jupyter Server through version 2.17.0 allows unauthenticated remote attackers to redirect users to arbitrary external domains via insufficiently validated next query parameters in the login flow, enabling phishing attacks. User interaction (clicking a crafted login link) is required. The vulnerability is fixed in version 2.18.0.
Stored XSS in LobeChat's message rendering escalates to remote code execution via exposed Electron IPC when victims configure an attacker-controlled LLM provider endpoint. The vulnerability chains unfiltered HTML rendering with an unauthenticated shellCommand IPC handler that executes arbitrary system commands at user privilege level. Confirmed in versions up to 2.1.26; patch released in v2.1.48. Public proof-of-concept demonstrates opening arbitrary applications via malicious LLM API responses.
Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.
Reflected cross-site scripting in Zingaya Click-to-Call WordPress plugin up to version 1.0 allows unauthenticated attackers to inject arbitrary web scripts via the email, first_name, last_name, and phone parameters on the plugin's admin sign-up page. The vulnerability requires user interaction (clicking a malicious link) and results in session hijacking, credential theft, or defacement within the WordPress admin context. No public exploit code or active exploitation has been identified at the time of analysis.
Reflected Cross-Site Scripting in Blog Settings plugin for WordPress versions up to 1.0 allows unauthenticated attackers to inject arbitrary JavaScript via the 'page' parameter due to insufficient input sanitization and output escaping. An attacker must trick a user into clicking a malicious link to execute the injected script in the victim's browser session, potentially compromising WordPress admin credentials or site functionality.
Authentication bypass in Ethyca Fides allows administrators to unknowingly approve privacy erasure requests without identity verification when both subject identity verification and duplicate privacy request detection are enabled, resulting in unauthorized deletion of data subject records across all configured integrations. The vulnerability exploits a UI/UX flaw in the administrative interface that fails to clearly indicate unverified identity status on duplicate-classified requests, combined with a logic gap that processes unverified requests if approved by an admin. No public exploit code identified at time of analysis, but exploitation requires only an unauthenticated attacker with knowledge of a target's email address and access to the public Privacy Center.
Reflected XSS in AVideo's Meet plugin allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unescaped user and pass query parameters into a JavaScript string literal. The vulnerability is reachable without authentication on any public Meet schedule with no password (the default configuration), enabling session cookie theft and account takeover of authenticated users. CVSS 6.1 (AV:N/AC:L/PR:N/UI:R/S:C) reflects network delivery requiring user interaction but changed scope due to cookie exfiltration across the AVideo application origin.
Open redirect vulnerability in OpenMage LTS through version 20.17.0 allows authenticated attackers to redirect logged-in customers to arbitrary external URLs via an unvalidated `uenc` parameter in the ProductAlert `stockAction()` controller. The vulnerability occurs when a non-existent product ID is supplied, bypassing the `_isUrlInternal()` validation check present in the analogous `priceAction()` method. Attackers can exploit this for credential phishing, OAuth token theft, affiliate fraud, or malware distribution by crafting a malicious link and distributing it via email, forums, or social media.
Stored Cross Site Scripting in ERPNext v15.103.1 and earlier allows users with email template creation or editing permissions to inject malicious JavaScript that executes in victims' browsers when the template is applied, affecting confidentiality and integrity with a low EPSS score of 0.02% suggesting minimal real-world exploitation despite the moderate CVSS score of 6.1.
Cross-Site Request Forgery in Publish 2 Ping.fm WordPress plugin up to version 1.1 allows unauthenticated attackers to modify plugin settings and inject malicious scripts by tricking site administrators into clicking a crafted link, exploiting missing nonce validation on the admin settings page. The vulnerability requires user interaction (admin click) and affects the plugin's confidentiality and integrity but not availability. No public exploit code or active exploitation has been confirmed.
Out-of-bounds read in X.Org X Server XKB modifier map handling allows local authenticated attackers to read sensitive memory or crash the server by sending malformed X11 requests. The vulnerability affects RHEL 6 through 10 and requires local access with user-level privileges; exploitation results in information disclosure or denial of service.
Out-of-bounds read in X.Org X server XKB geometry processing allows local or remote attackers with X11 server access to disclose sensitive memory contents or cause denial of service by crashing the server. The vulnerability exists in CheckSetGeom() and XkbAddGeomKeyAlias functions and requires low privileges but no user interaction. No public exploit code or active exploitation has been identified at time of analysis.
Reflected cross-site scripting (XSS) in FluentCMS 1.2.3 TextHTML plugin allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by other users via specially crafted requests. The vulnerability requires user interaction (clicking a malicious link) and affects confidentiality and integrity with a CVSS score of 6.1, but is not currently exploited in the wild and carries negligible exploitation probability per EPSS.