Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[]. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in FilePress up to version 2.2.0 allows unauthenticated remote attackers to manipulate the order parameter in the Shares Filelist API (dzz/shares/admin.php and dzz/shares/ajax.php) to execute arbitrary SQL queries. The vulnerability exploits insufficient input validation on the order parameter, enabling data exfiltration or manipulation. Publicly available exploit code exists, and a vendor patch has been released.
SQL injection in CodeAstro Leave Management System 1.0 allows remote unauthenticated attackers to manipulate the txt_username parameter in /login.php, enabling database queries to be executed with low confidentiality and integrity impact. Publicly available exploit code exists for this vulnerability, increasing real-world exploitation risk despite the moderate CVSS score of 5.5.
SQL injection in SourceCodester SUP Online Shopping 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the msgid parameter in /admin/replymsg.php, enabling data extraction or modification. Publicly available exploit code exists and the vulnerability has a CVSS score of 5.5 with confirmed low impact to confidentiality, integrity, and availability.
SQL injection in SourceCodester SUP Online Shopping 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the seenid parameter in /admin/message.php. The vulnerability has a publicly available exploit and presents moderate confidentiality and integrity risk with a CVSS score of 5.5, though impact is limited to partial data access and modification without availability impact.
SQL injection in SourceCodester SUP Online Shopping 1.0 allows remote unauthenticated attackers to manipulate the delwlistid parameter in wishlist.php, enabling arbitrary SQL query execution with potential impact on data confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk despite the moderate CVSS 5.5 score.
SQL injection in SourceCodester SUP Online Shopping 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via manipulation of the msgid parameter in /admin/viewmsg.php. The vulnerability has a publicly available exploit and impacts data confidentiality, integrity, and availability with a CVSS score of 5.5. While actively demonstrated through public proof-of-concept code, the lack of authentication requirements combined with network accessibility presents moderate real-world risk to exposed instances.
SQL injection in SourceCodester Comment System 1.0 allows remote unauthenticated attackers to manipulate the Name argument in post_comment.php, enabling arbitrary SQL query execution with low confidentiality and integrity impact. Publicly available exploit code exists and the attack requires no special user interaction or authentication, making it accessible to any network-connected attacker.
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the GINA UI, allowing remote attackers to retrieve sensitive system information including configuration details, internal paths, and potentially credentials. The vulnerability requires only network access to the affected endpoint with no authentication, authentication complexity, or user interaction; it is classified as an information disclosure flaw with limited confidentiality impact (CVSS 6.9).
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. This issue has been patched in version 2.2.0.
Path traversal vulnerability in YARD prior to version 0.9.42 allows remote attackers to access arbitrary files on a server running yard server with unsanitized HTTP requests when using the --docroot flag. The vulnerability affects the documentation serving functionality and has been patched in version 0.9.42. No public exploit code or active exploitation has been identified at the time of analysis.
Buffer overflow in CROSS crypto_sign_open() function allows remote attackers to corrupt memory via malformed signature input due to integer underflow in message length validation. The vulnerability affects the reference implementation prior to commit fc6b7e7, enabling potential code execution or denial of service when processing untrusted signatures. The flaw exists in the core cryptographic signing operation with no authentication required, making it exploitable in any system integrating this algorithm for signature verification.
pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.
Denial of service in Zebra's JSON-RPC HTTP middleware allows authenticated RPC clients to crash a Zebra node by disconnecting mid-request, exploiting improper error handling that treats incomplete HTTP body reads as unrecoverable failures instead of returning error responses. Affects zebrad versions 2.2.0 through 4.3.0 and zebra-rpc versions 1.0.0-beta.45 through 6.0.1. No public exploit code or active exploitation confirmed; patch available in zebrad 4.3.1 and zebra-rpc 6.0.2.
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and create sharing links to those users' personal notes. This gives attackers read and write access to notes of other users. This exploit works in both SysReptor Professional and Community. In Community it has, however, no impact because all users have superuser permissions and can list personal notes of other users at /admin/pentests/usernotebookpage/. This issue has been patched in version 2026.27.
The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This issue will be fixed in the following versions: - v1.14.2 - v1.13.3 - v1.12.4 Users running versions below these should upgrade accordingly. No known workarounds. Upgrade to the patched versions listed above.
Out-of-bounds read in ASUS System Control Interface IOCTL handler allows local authenticated users to trigger denial of service via oversized read operations. A local user with limited privileges can supply a read size exceeding the allocated buffer, causing a system crash (BSOD). No public exploit code or active exploitation has been confirmed at this time.
Authentication bypass in Scoold prior to version 1.67.0 allows high-privileged attackers to inject arbitrary administrator email addresses via the /api/config/set/admins endpoint using a forged Bearer token, establishing persistent administrative access after application restart. The vulnerability exploits insufficient token validation in the configuration API, enabling attackers to escalate privileges reliably by injecting their own email into the admin configuration file, which is loaded on startup.
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_message_defer_timeout and set_retained_message_defer_timeout_spread are configured to non-default values, resulting in denial of service. If anonymous retained publishing is allowed, no authentication is required; otherwise, the attacker needs the corresponding publish permission. This issue has been patched in version 1.26.1.
Unauthenticated attackers can create file-type pushes through Password Pusher's JSON API endpoints when the application is configured to allow anonymous pushes, bypassing intended authentication requirements for file uploads. Affected versions prior to 1.69.3 and 2.4.2 permit remote POST requests to /p.json and /api/v2/pushes endpoints with file payloads without valid credentials, allowing unauthorized file storage and potential information disclosure. Vendor-released patches versions 1.69.3 and 2.4.2 enforce mandatory authentication for all file-type push creation regardless of anonymous-push configuration.
{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions` handler panics on a single authenticated request against a fresh UDR instance when the supplied `ueId` does not exist in `UESubsCollection`. The processor checks `value, ok := udrSelf.UESubsCollection.Load(ueId)` and sets a `404 USER_NOT_FOUND` problem-details on the miss path, but execution continues and immediately runs `value.(*udr_context.UESubsData)` -- a Go type assertion on a nil interface, which panics with `interface conversion: interface {} is nil, not *context.UESubsData`. Gin recovery converts the panic into `HTTP 500`, but the endpoint remains repeatedly panicable. This is the no-precondition sibling of free5gc/free5gc#919: same handler, same bug pattern (set `pd`, do not return, then dereference), but the panic site is the nil-interface type assertion at line 61 instead of the nil-pointer deref at line 69. No earlier EE-subscription create is required. This endpoint requires a valid `nudr-dr` OAuth2 access token (PR:L, NOT PR:N), so this is scored as an authenticated panic-DoS, not as an unauth-bypass finding. Validated against the UDR container in the official Docker compose lab. - Source repo tag: `v4.2.1` - Running Docker image: `free5gc/udr:v4.2.1` - Runtime UDR commit: `754d23b0` - Docker validation date: 2026-03-22 - UDR endpoint: `http://10.100.200.11:8000` Vulnerable handler (the `ok` miss path sets `pd` but does not return; the next line type-asserts the nil interface): ```go subsId := c.Params.ByName("subsId") s.Processor().RemoveAmfSubscriptionsInfoProcedure(c, subsId, ueId) ``` In the processor: ```go value, ok := udrSelf.UESubsCollection.Load(ueId) if !ok { pd = util.ProblemDetailsNotFound("USER_NOT_FOUND") } UESubsData := value.(*udr_context.UESubsData) // panics: nil interface ``` When `ueId` is absent from `UESubsCollection`, `value` is the nil `interface{}` returned by `sync.Map.Load`, and `value.(*udr_context.UESubsData)` panics with: ``` panic: interface conversion: interface {} is nil, not *context.UESubsData ``` Code evidence (paths in `free5gc/udr`): - Route exposure + handler dispatch: - `NFs/udr/internal/sbi/api_datarepository.go:2161` - `NFs/udr/internal/sbi/api_datarepository.go:2170` - `NFs/udr/internal/sbi/api_datarepository.go:2172` - Panic root cause (nil interface type assertion): - `NFs/udr/internal/sbi/processor/event_amf_subscription_info_document.go:53` - `NFs/udr/internal/sbi/processor/event_amf_subscription_info_document.go:56` - `NFs/udr/internal/sbi/processor/event_amf_subscription_info_document.go:61` Reproduced end-to-end against the running UDR at `http://10.100.200.11:8000` -- single authenticated request, no preconditions. 1. Restart UDR (clean state -- proves no precondition is needed): ``` docker restart udr ``` 2. Obtain a valid `nudr-dr` token from NRF: ``` curl -sS -X POST 'http://10.100.200.3:8000/oauth2/token' \ -H 'Content-Type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials&nfType=NEF&nfInstanceId=eb9990de-4cd3-41b0-b5d9-c2102b088c57&targetNfType=UDR&scope=nudr-dr' ``` 3. Trigger the panic with one DELETE for a nonexistent `ueId=x`: ``` curl -i -sS -X DELETE \ 'http://10.100.200.11:8000/nudr-dr/v2/subscription-data/x/bad/ee-subscriptions/x/amf-subscriptions' \ -H 'Authorization: Bearer <valid_nudr_dr_jwt>' ``` ``` HTTP/1.1 500 Internal Server Error Content-Length: 0 ``` 4. UDR container logs (`docker logs udr`) confirm the nil-interface conversion panic at `event_amf_subscription_info_document.go:61` inside `RemoveAmfSubscriptionsInfoProcedure`: ``` [ERRO][UDR][GIN] panic: interface conversion: interface {} is nil, not *context.UESubsData github.com/free5gc/udr/internal/sbi/processor.(*Processor).RemoveAmfSubscriptionsInfoProcedure .../event_amf_subscription_info_document.go:61 github.com/free5gc/udr/internal/sbi.(*Server).HandleRemoveAmfSubscriptionsInfo .../api_datarepository.go:2172 [INFO][UDR][GIN] | 500 | DELETE | /nudr-dr/v2/subscription-data/x/bad/ee-subscriptions/x/amf-subscriptions | ``` Incorrect type conversion on a nil interface (CWE-704) inside an authenticated UDR data-repository handler, caused by improper handling of the missing-ueId branch (CWE-754): the handler sets a `404` problem-details value but does not return, then runs a Go type assertion on the nil interface returned by `sync.Map.Load`. This is NOT framed as an auth-bypass finding: the endpoint requires a valid `nudr-dr` OAuth2 access token. A network attacker who already holds (or can obtain) a valid token can: - Trigger a reliable, single-request panic on the `amf-subscriptions` delete route against a fresh UDR (no preparatory state needed -- this is strictly easier than free5gc/free5gc#919). - Repeat the trigger to sustain a per-request panic-DoS on UDR's data-repository surface, with each panic costing more CPU + log writes than the intended `404 USER_NOT_FOUND` response would have. No Confidentiality impact (the response is `500` with empty body). No Integrity impact (the panic happens before any state mutation). Availability impact is limited to per-request degradation (Gin recovers; the UDR process keeps running). Affected: free5gc v4.2.1. Upstream issue: https://github.com/free5gc/free5gc/issues/920 Upstream fix: https://github.com/free5gc/udr/pull/60
URL injection via unsanitized path parameters in i18next-locize-backend prior to 9.0.2 allows remote attackers to manipulate translation resource URLs by injecting path traversal sequences, query strings, or fragments through user-controlled lng, ns, projectId, or version parameters. When these values are exposed via query parameters, cookies, or request headers through i18next-browser-languagedetector, an attacker can redirect requests to unintended translation resources or trigger SSRF/arbitrary-file-read attacks against internal/file-scheme URLs. No public exploit code has been identified, but the vulnerability is straightforward to exploit given network-accessible backend services.
{"ascReqData":{"suppFeat":"1","notifUri":"http://127.0.0.1:9999/appsess","ueIpv4":"10.60.0.3","dnn":"internet","medComponents":{"1":{"medCompN":1,"afAppId":"app1"}}}}' ``` ``` HTTP/1.1 500 Internal Server Error ``` 3. Control comparison -- same request shape but `suppFeat="0"` -> normal `201 Created`: ``` curl -i -X POST 'http://10.100.200.9:8000/npcf-policyauthorization/v1/app-sessions' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <valid_npcf_policyauthorization_jwt>' \ --data '{"ascReqData":{"suppFeat":"0","notifUri":"http://127.0.0.1:9999/appsess","ueIpv4":"10.60.0.3","dnn":"internet","medComponents":{"1":{"medCompN":1,"afAppId":"app1"}}}}' ``` ``` HTTP/1.1 201 Created ``` 4. PCF container logs show the panic stack landing in `provisioningOfTrafficRoutingInfo` with `routeReq = 0x0`: ``` [ERRO][PCF][GIN] panic: runtime error: invalid memory address or nil pointer dereference github.com/free5gc/pcf/internal/sbi/processor.provisioningOfTrafficRoutingInfo(..., 0x0, ...) .../policyauthorization.go:1740 github.com/free5gc/pcf/internal/sbi/processor.(*Processor).postAppSessCtxProcedure .../policyauthorization.go:288 github.com/free5gc/pcf/internal/sbi/processor.(*Processor).HandlePostAppSessionsContext .../policyauthorization.go:139 github.com/free5gc/pcf/internal/sbi.(*Server).HTTPPostAppSessions .../api_policyauthorization.go:119 [INFO][PCF][GIN] | 500 | POST | /npcf-policyauthorization/v1/app-sessions | ``` NULL pointer dereference (CWE-476) caused by improper handling of an exceptional branch (CWE-754): the create path passes `routeReq` straight into `provisioningOfTrafficRoutingInfo` without a nil check, even though `medComp.AfRoutReq` is optional and is nil for the demonstrated valid input shape. The control experiment with `suppFeat="0"` proves the request shape itself is otherwise valid. Gin recovery catches the panic, so the PCF process is NOT killed and other endpoints continue serving. The realized impact is per-request: any authenticated POST against this endpoint with `suppFeat="1"` and `medComponents.*.AfAppId` set but `AfRoutReq` absent returns `HTTP 500` with empty body and a stack trace in PCF logs. Any party that holds (or can obtain) a valid `npcf-policyauthorization` token can repeatedly drive this code path to sustain a per-request panic-DoS on the app-session create endpoint, with each panic costing more CPU + log writes than the intended controlled response would have. No Confidentiality impact (the response is `500` with empty body). No persistent Integrity impact (the panic happens before any state mutation). Availability impact is limited to per-request degradation. Affected: free5gc v4.2.1. Upstream issue: https://github.com/free5gc/free5gc/issues/879 Upstream fix: https://github.com/free5gc/pcf/pull/65
Wrong reuse of HTTP Negotiate-authenticated connections in curl exposes a high-integrity-impact vulnerability where subsequent HTTP requests may inherit an authentication context they should not, potentially allowing requests to be dispatched under incorrect Negotiate (Kerberos/NTLM/SPNEGO) credentials. Affecting an extraordinarily broad version range - curl 7.10.6 through at least 8.19.0 per EUVD data - this flaw was coordinated and disclosed by curl maintainer Daniel Stenberg via oss-security on 2026-04-29 alongside three related connection-reuse CVEs. No public exploit code has been identified and no active exploitation has been confirmed; a vendor-released patch is available, with downstream fixes confirmed by Red Hat (RHSA-2026:12916) and SUSE.
{subId}` handler has an unsynchronized write on the global `Subscriptions` map. The handler first reads the map under `RLock()` via `BSFContext.GetSubscription(subId)`, but if the subscription does not exist, `ReplaceIndividualSubcription()` writes back to the same map directly without taking the mutex (`bsfContext.BsfSelf.Subscriptions[subId] = subscription`). Under concurrent authenticated PUT load, one goroutine can read while another writes the map, which causes the Go runtime to abort the process with `fatal error: concurrent map read and map write` (Go runtime panics that come from concurrent map access bypass `recover()` and terminate the process). The BSF container exits with code `2` -- the entire BSF SBI surface goes down until restart. This endpoint requires a valid `nbsf-management` OAuth2 access token (PR:L, NOT PR:N), so this is scored as an authenticated process-kill DoS. Validated against the BSF container in the official Docker compose lab. - Source repo tag: `v4.2.1` - Running Docker image: `free5gc/bsf:v4.2.1` - Docker validation date: 2026-03-22 - BSF endpoint: `http://10.100.200.11:8000` Read side (locked): ```go func (c *BSFContext) GetSubscription(subId string) (*BsfSubscription, bool) { c.mutex.RLock() defer c.mutex.RUnlock() sub, exists := c.Subscriptions[subId] return sub, exists } ``` Unsafe write side in the create-if-absent branch of `ReplaceIndividualSubcription` (no `Lock()`): ```go subscription.SubId = subId bsfContext.BsfSelf.Subscriptions[subId] = subscription ``` Under concurrent traffic, the Go runtime detects the unsynchronized read/write on `c.Subscriptions` and aborts the process. Go's `concurrent map read and map write` fatal is NOT a normal panic -- it is unrecoverable, Gin's recovery middleware does not catch it, and the BSF process terminates. Code evidence (paths in `free5gc/bsf`): - Read side (locked): - `NFs/bsf/internal/sbi/processor/subscriptions.go:81` - `NFs/bsf/internal/context/context.go:726` - `NFs/bsf/internal/context/context.go:730` - Unsafe write side (the create-if-absent branch in PUT, no lock): - `NFs/bsf/internal/sbi/processor/subscriptions.go:111` - `NFs/bsf/internal/sbi/processor/subscriptions.go:114` The normal locked helpers (`CreateSubscription()`, `GetSubscription()`, `UpdateSubscription()`, `DeleteSubscription()`) DO take the mutex correctly. The bug is specific to the inline write inside the PUT create-if-absent branch. Reproduced end-to-end against the running BSF at `http://10.100.200.11:8000`. 1. Obtain a valid `nbsf-management` token from NRF: ``` curl -sS -X POST 'http://10.100.200.3:8000/oauth2/token' \ -H 'Content-Type: application/x-www-form-urlencoded' \ --data 'grant_type=client_credentials&nfType=NEF&nfInstanceId=eb9990de-4cd3-41b0-b5d9-c2102b088c57&targetNfType=BSF&scope=nbsf-management' ``` 2. Send concurrent PUT requests against fresh `subId` values (the validated lab uses 64 worker threads x 50 fresh subIds = 3200 concurrent PUTs): ```python import json, threading, urllib.request TOKEN = "<valid_nbsf_management_jwt>" BASE = "http://10.100.200.11:8000/nbsf-management/v1" PAYLOAD = json.dumps({ "events": ["PCF_BINDING_CREATION"], "notifUri": "http://127.0.0.1/cb", "notifCorreId": "1", "supi": "imsi-208930000000003", }).encode() def send_put(i, n): url = f"{BASE}/subscriptions/race-mix-{i}-{n}" req = urllib.request.Request(url, data=PAYLOAD, method="PUT") req.add_header("Authorization", f"Bearer {TOKEN}") req.add_header("Content-Type", "application/json") urllib.request.urlopen(req, timeout=2).read() threads = [] for i in range(64): for n in range(50): threads.append(threading.Thread(target=send_put, args=(i, n))) for t in threads: t.start() for t in threads: t.join() ``` 3. BSF container logs (`docker logs bsf`) show the Go runtime fatal that terminated the process: ``` [INFO][BSF][Proc] Handle ReplaceIndividualSubcription fatal error: concurrent map read and map write github.com/free5gc/bsf/internal/sbi/processor.ReplaceIndividualSubcription(0xc000514300) github.com/free5gc/bsf/internal/sbi/processor/subscriptions.go:81 +0x15f ``` 4. Container state confirms exit code 2: ``` exited|2|0 ``` Unsynchronized concurrent access (CWE-362) to a shared map (`BsfSelf.Subscriptions`), combined with missing synchronization on the create-if-absent branch (CWE-820). Go's runtime detects concurrent map read/write and terminates the process via a non-recoverable fatal error -- Gin's `recover()` middleware does NOT catch this class of fatal, unlike ordinary nil-deref panics. The whole BSF process exits, dropping BSF's `nbsf-management` SBI surface (PCF binding lookups for SMF, AF -> PCF binding discovery, etc.) until restart. Any party that holds (or can obtain) a valid `nbsf-management` token can: - Drive the create-if-absent code path at high concurrency by PUTting a stream of fresh `subId` values, deterministically tripping the runtime fatal and killing the BSF process. - Repeat the trigger after every restart to sustain the outage. No Confidentiality impact (the crash returns no attacker-readable data). No persistent Integrity impact (BSF subscription state is in-memory and is lost when the process dies). The whole impact concentrates in Availability: complete loss of BSF service via concurrent attacker traffic on a single endpoint. Affected: free5gc v4.2.1. Upstream issue: https://github.com/free5gc/free5gc/issues/926 Upstream fix: https://github.com/free5gc/bsf/pull/7
Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4-v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulnerability: isSafePublicHttpsUrl() resolves DNS to validate the target IP, but subsequent fetch() calls resolve DNS independently. An attacker controlling a DNS server can exploit this gap via DNS rebinding to redirect requests to internal network addresses. This issue has been patched in version 2.21.7.
A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix. No workaround is available. Many thanks to Seoyoung Kang @seoyoung-kang from AhnLab and an independent security researcher for reporting this issue. If there are any questions or comments about this advisory: * Visit Wagtail's [support channels](https://docs.wagtail.org/en/stable/support.html) * Send an email to [security@wagtail.org](mailto:security@wagtail.org) (view the [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).
{ "model": "any-accessible-model", "messages": [{"role": "user", "content": "What does this document say about pricing?"}], "files": [{"type": "file", "id": "<revoked_file_id>"}] } ``` 5. The non-full-context path (default) constructs collection name `file-<id>` and queries the vector store with no access check. 6. Matching chunks are injected into the LLM context, and the response contains the victim's private file content. The same attack works via `{"type": "text", "collection_name": "<knowledge_base_id>"}` for knowledge bases. - Access revocation is ineffective for RAG content - users who previously had access can continue extracting file and knowledge base content indefinitely - Private document content can be systematically extracted through targeted queries - Breaks the access control model for files and knowledge bases at the RAG layer - Attacker must know the file ID or knowledge base ID (UUID) of the target resource - The target file/knowledge base must have been processed into the vector store - Attacker must have a valid user account
Server-side request forgery (SSRF) in Lemmy prior to version 0.19.18 allows authenticated low-privileged users to bypass internal IP range restrictions and access internal image endpoints. An attacker can submit a crafted post whose Open Graph image tag points to an internal server; Lemmy will fetch and cache the image server-side, potentially exposing sensitive internal resources. The vulnerability exists because the initial page URL is validated against internal IP ranges, but the extracted og:image URL is not subject to the same restriction, creating a two-stage bypass.
{file_id} endpoint that permits authenticated users to download any other user's files by directly accessing file UUIDs. The endpoint enforces authentication but lacks per-file ownership validation, allowing attackers with valid credentials to exfiltrate confidential documents and chat attachments belonging to other users system-wide. No public exploit code or active exploitation has been identified at time of analysis.
{resource}/{resourceId}) was protected only by web + auth:<guard> middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource - including users who do not have access to Nova itself (for example, frontend customers sharing the web guard with the Nova admin area). The endpoint also accepted an arbitrary attribute parameter, which meant a valid caller could toggle any boolean column on the underlying model - not just columns exposed as Toggle fields on the resource. This issue has been patched in version 1.3.0.
A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix. No workaround is available. Wagtail thanks Vishal Shukla @shukla304 for reporting this issue. If there are any questions or comments about this advisory: * Visit Wagtail's [support channels](https://docs.wagtail.org/en/stable/support.html) * Send an email to [security@wagtail.org](mailto:security@wagtail.org) (view the [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).
Open WebUI's POST /api/v1/models/import endpoint allows authenticated users with workspace.models_import permission to overwrite any existing model in the database without ownership validation, silently replacing system prompts, base model routing, and access grants. This enables a low-privilege user to hijack organization-wide models and inject malicious behavior affecting all downstream queries. The vulnerability bypasses access grant restrictions enforced on all other model mutation endpoints by never calling filter_allowed_access_grants.
A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix. No workaround is available. Wagtail thanks independent security researcher Sanjok Karki @thesanjok for reporting this issue. If there are any questions or comments about this advisory: * Visit Wagtail's [support channels](https://docs.wagtail.org/en/stable/support.html) * Send an email to [security@wagtail.org](mailto:security@wagtail.org) (view the [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).
ViewComponent preview routes allow authenticated attackers to invoke inherited helper methods including render_with_template, enabling rendering of internal Rails templates and exposure of secrets, configuration, and debug data not otherwise routable. The vulnerability requires authenticated access (CVSS PR:L) and affects versions 3.0.0 through 4.8.x; it is confirmed by proof-of-concept code in the vendor repository and requires preview routes to be externally exposed.
Improper access control in the CloudStack Backup plugin allows authenticated users in CloudStack 4.21.0.0 through 4.22.0.0 to create new virtual machines using backups belonging to other users, enabling unauthorized data access and VM provisioning. The vulnerability requires valid CloudStack credentials and access to specific backup-related APIs but carries elevated risk in multi-tenant environments. Vendor-released patch available in CloudStack 4.22.0.1.
Improper authorization logic in the CloudStack Backup plugin allows authenticated users to enumerate backups from any account in the environment across versions 4.21.0.0 through 4.22.0.0. An attacker with valid user credentials can exploit this to gain unauthorized visibility into backup metadata and existence across all accounts, though backup contents remain protected. The vulnerability requires the Backup plugin to be enabled and affects multi-tenant CloudStack environments where account isolation is a critical security boundary.
{ options.HttpClientFactory = () => { var handler = new HttpClientHandler() { #if NET ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator, #else ServerCertificateCustomValidationCallback = static (_, _, _, _) => true, #endif }; return new HttpClient(handler, disposeHandler: true); }; }); ``` - [PR #4153](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4153)
Apache CloudStack fails to properly validate resource allocation limits due to time-of-check time-of-use race conditions and missing validations, allowing authenticated users to exceed configured account and domain resource quotas and trigger denial of service conditions. Authenticated network attackers can exploit this vulnerability without user interaction to exhaust infrastructure resources. Affected versions prior to 4.20.3.0 and 4.22.0.1 require immediate patching.
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/28. ck_archive() doesn't check for Windows absolute paths in ZIPs (Alan Coopersmith <alan.coopersmith@...cle.com>) Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction (Xen.org security team <security@....org>) Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command (Xen.org security team <security@....org>) Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file (Xen.org security team <security@....org>) Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table
Stored cross-site scripting in Sky Addons plugin for WordPress (versions up to 3.3.2) allows authenticated attackers with Author-level access to inject arbitrary JavaScript via the REST API that persists in the `sky-custom-scripts` post type and executes on all frontend pages for every site visitor. The vulnerability stems from insufficient input sanitization on the `sky_script_content` meta field combined with lack of output escaping during frontend rendering. No public exploit code or active exploitation has been identified at time of analysis, but the attack requires only Author-level privileges and standard REST API access, making it a practical threat in multi-user WordPress environments.
Stored Cross-Site Scripting (XSS) in the NMR Strava Activities WordPress plugin through version 1.0.14 allows authenticated contributors and above to inject arbitrary JavaScript into pages via the `strava_nmr_connect` shortcode due to insufficient input sanitization and output escaping. The injected scripts execute in the context of any user viewing the affected page, compromising session security and enabling account takeover or malware distribution. A vendor patch addressing the vulnerability is available in version 1.0.15.
Stored Cross-Site Scripting in E2Pdf - Export Pdf Tool for WordPress plugin versions up to 1.32.17 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript via the 'id' attribute of the e2pdf-download shortcode, which executes when any user views the affected page. The vulnerability stems from insufficient input sanitization and output escaping on shortcode attributes, enabling persistent script injection with moderate confidentiality and integrity impact across site scopes.
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal MCP server URL. That stored URL could later be used by workflow execution without revalidating the destination. An authenticated user with permission to create or manage MCP toolsets could store an internal endpoint such as http://localhost:3000/mcp and later cause the FastGPT backend workflow runner to connect to that internal destination. This issue has been patched in version 4.14.17.
Denial of service vulnerability in FastGPT 4.14.13 and prior affects the code-sandbox component due to insufficient resource isolation and reliance on weak application-level memory limits. Unauthenticated remote attackers can trigger complete service unavailability by launching time-window memory attacks or exhausting the JavaScript worker pool via concurrent CPU-intensive requests. Attack complexity is reported as low with attack timing considerations (AT:P), and no vendor-released patch is available at time of publication.