Cross-site scripting in Next.js beforeInteractive scripts allows remote unauthenticated attackers to execute arbitrary JavaScript in visitor browsers when applications pass untrusted content to beforeInteractive script features. The vulnerability arises from insufficient HTML escaping of serialized script content before embedding into the document, enabling attackers to break out of the script context. Affected versions include 13.0.0 through 15.5.15 and 16.0.0 through 16.2.4; patched versions 15.5.16 and 16.2.5 are available. No public exploit code or active exploitation has been identified at time of analysis, though the CVSS score of 6.1 reflects moderate risk with required user interaction.
Malicious gNB can corrupt Ella Core's stored UE security capabilities by sending a crafted NGAP PathSwitchRequest message without validation, allowing integrity compromise of security parameters for any user equipment. The vulnerability affects Ella Core versions prior to 1.10.0 and requires access to the NGAP interface (adjacent network), but can degrade security posture by enabling capability downgrades or feature injection. No public exploit code or active exploitation has been reported.
OS command injection in D-Link DNS-320 firmware 2.06B01 allows remote authenticated attackers with high privileges to execute arbitrary system commands via multiple CGI parameters in /cgi-bin/network_mgr.cgi (cgi_speed, cgi_dhcpd_lease, cgi_ddns, cgi_set_ip, cgi_upnp_del, cgi_dhcpd, cgi_upnp_add, cgi_upnp_edit). Publicly available exploit code exists and the vulnerability has been documented with proof-of-concept on GitHub.
OS command injection in D-Link DNS-320 2.06B01 webfile_mgr.cgi allows remote authenticated attackers with high privileges to execute arbitrary commands through manipulated file operation parameters (delete, rename, copy, move, chmod, chown). Publicly available exploit code exists; CVSS 2.0 reflects high privilege requirement and limited confidentiality/integrity impact on the vulnerable system only.
Server-side request forgery in jshERP up to version 3.6 allows authenticated administrators to manipulate the weixinUrl parameter in the updatePlatformConfigByKey endpoint, enabling remote requests to arbitrary servers. The vulnerability affects the getUserByWeixinCode function in UserService.java and can be exploited remotely by high-privilege users to access internal resources, exfiltrate data, or pivot to backend systems. Publicly available exploit code exists, and the project maintainers have not responded to early disclosure.
SQL injection in Corteza 2024.9.8 allows authenticated remote attackers to execute arbitrary SQL queries against the Microsoft SQL Server backend when filtering Compose records by the meta field, potentially leading to unauthorized data access or manipulation. Exploitation requires valid user credentials and attacker control over filter parameters.
Prompt-injected AI models can escalate privileges and persist unauthorized configuration changes in OpenClaw gateway before version 2026.4.20 via insufficient authorization guards on agent-facing config.patch and config.apply endpoints. Authenticated attackers (PR:L) with model tool access can disable sandbox policies, enable malicious plugins, modify TLS/authentication settings, alter SSRF protections, reconfigure MCP servers, and weaken filesystem hardening-effectively bypassing operator-enforced security boundaries. Vendor-released patch available in version 2026.4.20. No evidence of active exploitation; EPSS data not available for this recently disclosed vulnerability.
Heap-based buffer overflow in Squirrel up to version 3.2 within the SQFunctionProto::Load function allows local attackers to cause memory corruption with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists for this vulnerability, and the vulnerability exhibits low CVSS score (2.0) due to local-only attack vector and minimal scope, though the disclosure and POC availability increase practical risk for embedded and scripting environments using Squirrel.
OpenClaw before 2026.4.23 fails to invalidate cached webhook route secrets after rotation, allowing attackers with previously valid secrets to continue authenticating webhook requests and invoking task flows until gateway restart. The vulnerability affects SecretRef-backed webhook authentication where the resolved secret is cached at startup rather than re-resolved per request, weakening credential rotation effectiveness. Vendor-released patch available in version 2026.4.23.
Reflected cross-site scripting (XSS) in Devs Palace ERP Online up to version 4.0.0 allows high-privileged authenticated users to inject malicious scripts via the /accounts/mr-save endpoint, enabling session hijacking or credential theft with user interaction. Exploit code is publicly available and the vendor has not responded to disclosure efforts, leaving affected deployments without an official patch.
Cross-site scripting (XSS) vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows authenticated users with high privileges to inject malicious scripts via the /inventory/add_new_customer endpoint. The vulnerability requires user interaction (UI:P) and has publicly available exploit code, but real-world impact is significantly limited by the requirement for authenticated high-privilege access and user interaction, resulting in a CVSS score of only 1.9 despite network accessibility.
Denial of service in Next.js Image Optimization API allows remote attackers to exhaust server memory by requesting large local assets through the /_next/image endpoint when using the default image loader without size limits. The vulnerability affects self-hosted Next.js deployments with default or configured images.localPatterns; Vercel-hosted and applications using unoptimized images or custom loaders are unaffected. Vendor-released patches available: version 15.5.16 and 16.2.5.
Stack-based buffer overflow in Squirrel up to version 3.2 within the validate_format function of sqstdlib/sqstdstring.cpp allows local authenticated attackers to corrupt stack memory, potentially achieving code execution or denial of service. Public exploit code is available, and the vulnerability has been reported to the project with no vendor response documented at time of analysis.
Denial of service via reachable assertion in WebAssembly Binaryen up to version 117 allows local attackers with low privileges to crash the BrOn parser component by providing malformed WebAssembly bytecode that triggers an unhandled assertion in the IRBuilder::makeBrOn function, with publicly available exploit code and vendor patch already released.
Path traversal vulnerability in cramfs-tools up to version 2.1 allows local authenticated users to escape directory restrictions via malformed filenames in the Directory Handler component (do_directory function in cramfsck.c). Publicly available exploit code exists. CVSS score of 1.9 reflects low confidentiality, integrity, and availability impact combined with local-only attack vector and required low privilege level; however, the vulnerability enables directory traversal that could facilitate unauthorized file access or modification on systems where cramfs-tools processes untrusted filesystem images.
Remote code execution in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.3.0.0 via improper neutralization of formula elements in CSV files processed by the UI. Unauthenticated remote attackers can exploit this vulnerability with user interaction (formula injection attack) to achieve remote execution with limited confidentiality, integrity, and availability impact. No active exploitation confirmed; exploitation requires victim interaction with malicious CSV content.
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in Outline user complete the callback and link that user's Outline account to the attacker's Slack team_id and user_id. The linked Slack identity can then use the Slack /outline search command as the victim Outline user. This vulnerability is fixed in 1.7.1.
Taiga Front prior to version 6.9.1 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users with limited privileges to inject malicious scripts into confirmation messages and dialogs. When other users view these messages, the scripts execute in their browser context, potentially allowing attackers to steal session cookies, perform unauthorized actions, or redirect victims to malicious sites. The vulnerability requires user interaction (UI:R) but affects confidentiality with a CVSS score of 5.7.
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files (e.g., llm.pt, flow.pt, hift.pt) without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a malicious model directory containing specially crafted model files. When a victim starts the CosyVoice Web UI pointing to this directory, arbitrary code is executed on the victim's system during the model loading process.
Authentication bypass in Dell ECS Geo replication (versions 3.8.1.0-3.8.1.7) and Dell ObjectScale (prior to 4.3.0.0) allows unauthenticated remote attackers to access data in transit by exploiting assumed-immutable data assumptions. The vulnerability affects the replication authentication mechanism, enabling unauthorized data exposure without requiring valid credentials or user interaction.
Exposure of sensitive information in Wikimedia Foundation MediaWiki allows remote unauthenticated attackers to access unauthorized data via network requests against affected versions before 1.43.7, 1.44.4, and 1.45.2. The vulnerability has low confidentiality impact with CVSS 5.5 and evidence of proof-of-concept code, though no active exploitation in CISA KEV has been confirmed at time of analysis.
Local authenticated apps bypass user consent mechanisms to access sensitive user data across iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. The vulnerability allows malicious or compromised applications running with standard user privileges to exfiltrate protected information without triggering the expected permission prompts. Apple has patched this by implementing an additional consent verification layer, though the low EPSS score (0.02%) suggests real-world exploitation remains limited.
Race condition in Apple operating systems allows local apps to access sensitive user data without authorization. Affects iOS and iPadOS versions below 26.5, macOS Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5, tvOS, visionOS, and watchOS versions below 26.5. Requires local app execution and user interaction. CVSS 5.5 reflects high confidentiality impact but low exploitation likelihood (EPSS 0.02%, 7th percentile).
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
Gatekeeper security checks in macOS Tahoe can be bypassed using maliciously crafted ZIP archives due to a logic flaw in file handling. An attacker can create a weaponized ZIP file that, when extracted or opened by a user, circumvents Gatekeeper validation, potentially allowing execution of untrusted code. The vulnerability requires user interaction (opening or extracting the malicious archive) and is limited to local attack surface. Vendor-released patch: macOS Tahoe 26.5.
Apple operating systems prior to version 26.5 allow installed applications to access sensitive user data through an information disclosure vulnerability requiring local access and user interaction. The flaw affects iOS, iPadOS, macOS Tahoe, and visionOS across all versions before 26.5, with an EPSS score of 0.02% indicating low real-world exploitation probability despite the local attack vector and high confidentiality impact.
Privacy bypass in Apple operating systems allows local authenticated apps to circumvent user-configured privacy restrictions through permission mishandling. The vulnerability affects iOS, iPadOS, macOS Tahoe, visionOS, and watchOS versions prior to 26.5. An attacker with local app execution privileges can access sensitive data classified as restricted by user privacy settings, though without authentication bypass or integrity compromise. Fixed in coordinated OS updates across Apple's ecosystem.
Stack buffer overflow in ImageMagick display tool prior to versions 7.1.2-21 and 6.9.13-46 allows local attackers to cause denial of service by crafting a malicious MIFF file that triggers memory corruption when a user opens the file and invokes the Load/Update menu via right-click interaction. CVSS score of 5.5 reflects local attack vector and requirement for user interaction, with impact limited to availability (denial of service) rather than code execution.
Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive `file-write` content remains in the stored `payload` as `ContentPreview`, `OldString`, or `NewString` at the default `standard` logging level and at `full`. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts. ### Impact Potentially sensitive data accessed or written by coding agents may be logged to local sqlite database. Users of Gryph are affected ONLY if their local sqlite database is stolen or exported to remote system with the assumption that no sensitive data is logged. ### Patches Fixed in v0.7.0
Jq 1.8.1 and earlier truncate filter files at the first embedded NUL byte when loaded with -f, causing only the prefix before the NUL to execute. A crafted filter file containing a NUL byte and arbitrary suffix allows an attacker to inject malicious code that compiles and runs silently, bypassing intended filter logic and potentially modifying JSON output in undetected ways. This represents a post-CVE-2026-33948 regression on the compilation path.
Improper escaping of a textarea custom field's contents in the Update Issue page (bug_update_page.php) allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. ### Impact Session theft leading to admin account takeover, full project data access. - Precondition: A textarea-type custom field must be configured for the project - Attacker: Authenticated user with bug report permission (low privilege) - Victim: Any user viewing the bug edit form, including administrators ### Patches - 5fec0f448b7a7d7d539a6adb6dccceac4e4e4ab7 ### Workarounds The default Content-Security Policy will block script execution. ### References - https://mantisbt.org/bugs/view.php?id=37003 - This is related to [CVE-2024-34081](https://github.com/advisories/GHSA-wgx7-jp56-65mq). ### Credits Thanks to the following security researchers for independently discovering and responsibly reporting the issue, and providing a patch to fix it. - Thanks to Nozomu Sasaki (Paul) (@morimori-dev) - Tristan Madani (@TristanInSec) from Talence Security
HireFlow v1.2 contains reflected cross-site scripting (XSS) vulnerabilities in the candidate detail interface that allow authenticated users to inject malicious scripts via the Resume or Feedback Comment fields when submitting data to POST /candidates/add or POST /feedback/add endpoints. An attacker with user-level access can craft a malicious request containing JavaScript payloads that execute in the browsers of other users viewing the affected pages, potentially compromising session tokens, stealing credentials, or performing actions on behalf of victims. The CVSS score of 5.4 reflects the requirement for user interaction and authenticated access, though the cross-site scope indicates broader application impact beyond the attacker's session.
Session fixation vulnerability in docuFORM Managed Print Service Client 11.11c allows unauthenticated remote attackers to hijack user sessions via the login page, enabling unauthorized access to application functions and potential disclosure of sensitive print job data. The vulnerability requires user interaction (clicking a malicious link) and affects confidentiality and integrity with a CVSS score of 5.4. No public exploit code or active exploitation has been confirmed at the time of analysis.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
jq 1.8.2rc1 and earlier suffers from infinite recursion in the module loader when two modules include each other circularly, causing denial of service through resource exhaustion. The vulnerability requires user interaction (loading a crafted jq script with circular module dependencies) on local systems. CVSS 5.4 (CVSS:4.0/AV:L/AC:L/PR:N/UI:P) reflects availability impact only; no remote exploitation vector exists. No public exploit code or active exploitation reported at time of analysis.
jq 1.8.1 and earlier are vulnerable to stack exhaustion via unbounded recursion in the jv_contains function when processing deeply nested JSON structures. An attacker can craft a malicious JSON input with excessive nesting depth that exhausts the C stack, causing denial of service. The vulnerability requires user interaction to process the malicious input, and CVSS indicates availability impact with exploitability probability.
Remote code execution in OpenClaw npm package versions before 2026.4.20 allows local authenticated users to inject malicious code through MCP stdio server environment variables. Attackers craft workspace configurations containing dangerous environment variables (NODE_OPTIONS, LD_PRELOAD, BASH_ENV) that execute arbitrary code when operators start sessions using those MCP servers. Vendor-released patch available (version 2026.4.20). No public exploit code or active exploitation confirmed at time of analysis, though VulnCheck published detailed technical advisory. CVSS 7.3 reflects local attack vector requiring user interaction, limiting widespread exploitation risk despite high technical impact.
Cache poisoning in React Server Components allows remote attackers to serve malicious RSC payloads from legitimate URLs when shared caches (CDNs, reverse proxies) do not properly partition response variants by RSC request headers. An attacker can manipulate cache entries so subsequent legitimate users receive component serialization instead of expected HTML, enabling information disclosure and application malfunction. This affects Next.js 14.2.0-15.5.15 and 16.0.0-16.2.4 using App Router with shared caching; no public exploit code identified at time of analysis.
### Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures `classDef` values with an unrestricted regex: ```jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 <CLASSDEFID>[^\n]* { this.popState(); return 'CLASSDEF_STYLEOPTS' } ``` The value passes unsanitized through `addStyleClass()` -> `createCssStyles()` -> `style.innerHTML` (mermaidAPI.ts:418). A `}` in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page. ### PoC ``` stateDiagram-v2 classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")} ``` Live demo: <https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU> ### Patches This has been patched in: - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)) - [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [8fead23c59166b7bab6a39eac81acebee2859102](https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102)) ### Workarounds Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ### Impact Enables page defacement, user tracking via `url()` callbacks, and DOM attribute exfiltration via CSS `:has()` selectors.
Heap-based out-of-bounds read in dnsmasq DNSSEC validation allows remote unauthenticated attackers to trigger a denial of service by sending a crafted DNS packet. The vulnerability affects dnsmasq 2.93 and potentially earlier versions; CVSS 5.3 with network-based access vector indicates moderate severity. No public exploit code or active exploitation confirmed at time of analysis.
Information disclosure in dnsmasq 2.93 allows remote attackers to bypass source IP validation checks by sending crafted DNS packets containing RFC 7871 client subnet (EDNS Client Subnet) information. The vulnerability enables attackers to determine internal network information that should remain hidden behind source address filtering, affecting the confidentiality of network topology and potentially enabling further reconnaissance. CVSS 5.3 reflects the network-accessible nature with low complexity but limited direct impact.
### Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options. Live demo: [mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI6Nmdy3fOPR56wwVQSBIvtXSUeAaD0e4ZlZxPDChhcLxFfwiEauOuLq_9Afv30ZpVczpaITS5kGox1qF2gfSeBwYhJAnThAyz-ewntI68vG5-0z3Z7e7IA9OQwmglB-rsKlJQwircLPgNZeAmocTPAi4GXGfHgOkQYwvqN2PUbzJuGSegA84f0a0LRyeeJI4W_xChubCPcbQD2pwbgHo4Aq2aKmvbqq3zoiu7pizqFE6RybN9VFfFY1HWXRVS-Dr_zLObrt7_V_gGGXZlGg) Example code: ``` %%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%% flowchart LR A --> B ``` The injected CSS exploits stylis's `&` (scope reference) handling. `:not(&)` escapes the `#mermaid-xxx` automatic scoping, applying styles to all page elements. Global at-rules (`@font-face`, `@keyframes`, `@counter-style`) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS `:has()` selectors. ### Patches - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [64769738d5b59211e1decb471ffbaca8afec51aa](https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)) - [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a9d9f0d8eb790349121508688cd338253fd80d76](https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76)) ### Workarounds If you can't upgrade mermaid, you can set the [`secure`](https://mermaid.js.org/config/schema-docs/config.html#secure) config value in the mermaid config to avoid allowing diagrams to modify `fontFamily`, `themeCSS`, `altFontFamily`, and `themeVariables`. Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will also prevent this. ### Credits Reported by @zsxsoft on behalf of @KeenSecurityLab
### Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates. Example: ``` gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d ``` `mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram). ### Patches This has been patched in: - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e](https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)) - [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a59ea56174712ee5430dfd5bc877cb5151f501a6](https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6)) ### Workarounds There are no workarounds available without updating to a newer version of mermaid.
### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. #### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ### Patches - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ### Credits Thanks to @zsxsoft from @KeenSecurityLab for reporting this vulnerability.
Lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issues Page) allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. ### Impact Cross-site scripting (XSS) ### Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 ### Workarounds None ### Credits Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.
HTTP response header injection in WSO2 Webhook API invocations allows unauthenticated remote attackers to inject or overwrite arbitrary HTTP response headers via unsanitized user-supplied input. Successful exploitation enables cache manipulation, security header alteration, cookie injection, and potential session hijacking. CVSS 5.3 (network-accessible, low complexity, no authentication required); no public exploit code or active exploitation confirmed at time of analysis.
MantisBT allows a bugnote author to access the note's Revisions page after losing access to the parent private issue. ### Impact Disclosure of the private Issue's Id and Summary. The bugnote full revision body remains secure. ### Patches - 71df1f67e05b2050cd4bd87839e6cc13747cf03f ### Workarounds None ### Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue.
The mc_issue_update() function in MantisBT allows users having *update_bug_threshold* access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging to other users - bypassing the default DEVELOPER (level 55) threshold required by the dedicated mc_issue_note_update() function. ### Impact 1. UPDATER can edit notes by DEVELOPER/MANAGER/ADMIN - bypassing the DEVELOPER threshold 2. UPDATER can change private notes to public - exposing confidential internal discussion 3. UPDATER can change public notes to private - hiding information from reporters/viewers ### Patches - 6e58fae4f22efdc3987f903c8ba2611de17a9435 ### Workarounds None ### Credits Thanks to the following security researchers for independently discovering and responsibly reporting the issue. - Vishal Shukla - Tristan Madani (@TristanInSec) from Talence Security This advisory's contents was largely copied from Tristan's well-written report.
Flowise versions prior to 3.1.0 allow authenticated remote attackers to bypass SSRF protections by exploiting direct HTTP client imports in four tool implementations (OpenAPIToolkit, WebScraperTool, MCP, and Arxiv) that circumvent the centralized httpSecurity.ts validation wrapper. An attacker with tool access can craft requests to reach blocked internal endpoints such as AWS metadata services, restoring full SSRF capability despite administrative deny-list configuration.
MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied. ### Impact The loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that were previously uploaded by the user themselves remains accessible. ### Patches - de7bdeec36de066235e38a77bf056917d951c84d ### Workarounds None. ### Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue.