Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
Remote code execution in Ivanti Virtual Traffic Manager allows authenticated administrators to execute arbitrary OS commands via command injection. Affects all versions before 22.9r4. Attack requires network access and administrative credentials but has low complexity (CVSS AC:L). No active exploitation confirmed at time of analysis, though administrative access requirement significantly limits attack surface compared to unauthenticated RCE vulnerabilities.
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Information disclosure in Apache Tomcat versions 7.0.83 through 11.0.21 exposes HTTP authentication headers to unintended hosts during WebSocket authentication handshakes, enabling credential leakage to third-party endpoints. The flaw carries a CVSS 7.3 score with partial confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) but SSVC marks the issue as automatable, indicating that scripted exploitation is feasible if attacker positioning is achieved.
Memory corruption in Mozilla Firefox's WebAssembly JavaScript engine component allows remote attackers to trigger a use-after-free condition via crafted web content, with limited impact across confidentiality, integrity, and availability. The flaw affects Firefox versions prior to 150.0.3 and has no public exploit identified at time of analysis, though SSVC indicates the issue is automatable. EPSS scoring (0.02%, 5th percentile) suggests very low near-term exploitation probability despite the network-reachable attack vector.
Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-bounds memory reads when parsing specially crafted base60 (sexagesimal) YAML values. The vulnerability affects both integer and floating-point base60 handlers in perl_syck.h, where processing leftmost colon-separated segments causes a pointer to decrement past allocated buffer boundaries. EPSS exploitation probability is minimal (0.01%, 3rd percentile) with no active exploitation or public weaponized exploit identified. Vendor-released patch available in version 1.38, confirmed by CPANSec and upstream commit.
Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.
Remote code execution in Claris FileMaker Cloud allows authenticated administrators to execute arbitrary operating system commands via command injection in the External ODBC Data Source connection test feature. The vulnerability requires Admin Console privileges (PR:H) but no user interaction, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis. EPSS score of 0.23% (46th percentile) indicates low observed exploitation probability despite the RCE capability. Fixed in FileMaker Cloud version 2.22.0.5.
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches are not affected by this vulnerability.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Authenticated administrators with Admin Console access to FileMaker Cloud can execute arbitrary operating system commands on the underlying host by bypassing front-end restrictions on OS Script schedule types. This vulnerability affects all FileMaker Cloud versions prior to 2.22.0.5 and requires high-privilege administrative credentials to exploit. Despite the network attack vector and total technical impact (full system compromise), the low EPSS score (0.13%, 32nd percentile) and SSVC assessment indicating no observed exploitation suggest this is not being actively exploited in the wild, likely due to the high privilege requirement limiting the attacker pool to malicious insiders or compromised admin accounts.
A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Note: Access Points running AOS-8 Instant software are not affected by this vulnerability.
A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.
Stored XSS in LifePress WordPress plugin allows unauthenticated remote attackers to inject malicious scripts that execute in administrator contexts when viewing the plugin's settings page. The vulnerability affects all versions through 2.2.2 and stems from a publicly-accessible AJAX endpoint (lp_update_mds) that lacks both nonce verification and capability checks, combined with improper input sanitization of the 'n' parameter. The CVSS score of 7.2 reflects network-based exploitation requiring no authentication or user interaction, with changed scope enabling cross-context attacks. EPSS and KEV data not available; exploitation probability depends on attacker knowledge of the specific AJAX action endpoint.
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
SQL injection in FortiMail 7.2.0-7.2.8, 7.4.0-7.4.5, and 7.6.0-7.6.3 allows authenticated privileged administrators to execute arbitrary code or commands via crafted HTTP/HTTPS requests. The vulnerability requires high-privilege authentication (administrator role) and affects all recent major versions, with exploitation confirmed possible through network-accessible admin interfaces.
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1.
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory.
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system.
Predictable Technical Service credentials derived from CRC16-based algorithm and device serial number enable authentication bypass in Siemens blueplanet solar inverters and hybrid systems. Remote adjacent network attackers without authentication can calculate valid service credentials from publicly-observable serial numbers, gaining unauthorized administrative access to compromise device integrity and availability. Affects 23 blueplanet product families including TL3, NX3, NH3, and gridsafe variants across industrial solar installations. Patches released for GEN2 models (V6.1.4.9) and gridsafe variants (V3.91), but legacy TL3/NX3/NH3 first-generation models remain unpatched with no vendor-provided fix versions.
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher query. This vulnerability is fixed in 1.2.3.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
The MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.
CSRF vulnerability in Backdrop CMS Salesforce module versions prior to 1.x-1.0.1 allows network attackers to hijack OAuth authorization flows. By exploiting the missing random state parameter in the OAuth implementation, attackers can trick authenticated users into authorizing malicious Salesforce integrations, leading to high confidentiality and integrity impact on integrated Salesforce data. CVSS 7.1 (High) reflects network vector with high attack complexity requiring user interaction. No CISA KEV listing or public exploit identified at time of analysis, with EPSS data unavailable for comprehensive risk scoring.
Server-Side Request Forgery (SSRF) in Pandora FMS versions 777-800 enables authenticated attackers to escalate privileges through the API Checker extension. Attackers with low-privilege network access can force the server to make arbitrary requests, potentially accessing internal resources and escalating to higher confidentiality impact (CVSS VC:H). EPSS data not available; no confirmed active exploitation (not in CISA KEV). Vendor has acknowledged the issue per PandoraFMS security advisory, indicating patch development is likely underway.
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
Cross-Site Request Forgery in Pandora FMS versions 777 through 800 enables attackers to execute unauthorized administrative actions through victim interaction with malicious web pages. The network-accessible attack requires no authentication but depends on user interaction (CVSS AV:N/PR:N/UI:P), allowing high integrity impact (VI:H) with limited confidentiality exposure (VC:L). No active exploitation confirmed (CISA KEV not listed), EPSS data not available for assessment. Vendor Pandora FMS has acknowledged the vulnerability with public disclosure.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.