Stored Cross-Site Scripting in Scratchblocks for WP plugin for WordPress allows authenticated contributors and above to inject arbitrary JavaScript through the 'element' attribute of the 'scratchblocks' shortcode due to insufficient input sanitization and output escaping. The vulnerability affects all versions up to 1.0.1 and enables malicious scripts to execute in the browsers of all users viewing affected pages, with cross-site scope impact.
Stored Cross-Site Scripting in Credits Shortcode WordPress plugin up to version 1.2 allows authenticated contributors and above to inject arbitrary JavaScript via the 'link' attribute of the credits shortcode, which executes when other users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied shortcode attributes. CVSS 6.4 reflects moderate risk with network vector and limited scope impact, though real-world risk depends on site contributor population and user awareness.
Stored Cross-Site Scripting in Voyage Plus WordPress plugin versions up to 1.0.6 allows authenticated contributors and above to inject malicious scripts via the 'class' attribute of the 'post-content' shortcode due to insufficient input sanitization and output escaping. Injected scripts execute in the browsers of all users viewing affected pages, enabling credential theft, session hijacking, or malware distribution. No public exploit code or active KEV listing identified at time of analysis, but the vulnerability requires only contributor-level access and no user interaction, making it practical for insider threats or compromised contributor accounts.
Stored Cross-Site Scripting in Next Date WordPress plugin (all versions up to 1.0) allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'default' shortcode attribute due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, potentially compromising site visitors and administrators. No public exploit code or active exploitation has been identified at time of analysis.
SP Blog Designer plugin for WordPress versions up to 1.0.0 allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via the 'design' attribute of the wpsbd_post_carousel shortcode, resulting in stored cross-site scripting (XSS) that executes for all users viewing affected pages. The vulnerability stems from insufficient input sanitization and output escaping in shortcode handling. No public exploit code or active exploitation has been confirmed at time of analysis.
Stored cross-site scripting in Quick Table plugin for WordPress allows authenticated contributors and above to inject malicious scripts via the 'style' attribute of the 'qtbl' shortcode, which execute when any user views the affected page. The vulnerability affects all versions up to 1.0.0 due to insufficient input sanitization and output escaping. No public exploit code or active exploitation has been identified at time of analysis.
Stored cross-site scripting in the Bootstrap Shortcode plugin for WordPress allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into pages via the `box` shortcode, executing malicious scripts whenever users view affected pages. The vulnerability exists in all versions up to 1.0 due to insufficient input sanitization and output escaping. No public exploit code or active exploitation has been identified at this time.
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Missing authorization checks in SAP S/4HANA Condition Maintenance allow authenticated attackers to view and modify condition table records they should not have access to, compromising data confidentiality and integrity while potentially denying legitimate users access to those same records. The vulnerability requires valid user credentials but affects all versions of the affected module, with CVSS 6.3 reflecting its multi-faceted impact across three security dimensions.
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Reflected Cross-Site Scripting (XSS) in WP Google Maps Integration plugin for WordPress versions up to 1.2 allows unauthenticated attackers to inject arbitrary web scripts via the `page` parameter due to insufficient input sanitization and output escaping. Exploitation requires tricking an administrator into clicking a malicious link, but successful attacks can hijack admin sessions, modify site content, or steal credentials with medium attack complexity and limited immediate confidentiality and integrity impact.
Reflected Cross-Site Scripting in AzonPost WordPress plugin versions up to 1.3 allows unauthenticated attackers to inject arbitrary JavaScript via the `editpos_hidden` parameter, executing in the browsers of administrators who click malicious links. The vulnerability stems from insufficient input sanitization and output escaping, requiring user interaction but affecting all versions of the plugin without requiring authentication or special configuration.
Reflected Cross-Site Scripting in Pricing Tables for WP plugin allows unauthenticated attackers to inject arbitrary JavaScript via the 'page' parameter. The vulnerability affects all versions up to 1.1.0 due to insufficient input sanitization and output escaping. Exploitation requires social engineering (e.g., tricking an administrator into clicking a malicious link), but no public exploit code or active exploitation has been identified at time of analysis.
SAP Business Server Pages TAF_APPLAUNCHER contains a cross-site scripting vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to attacker-controlled sites, potentially exposing or altering sensitive information. The vulnerability requires user interaction (clicking the link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been publicly confirmed at time of analysis.
Cross-Site Request Forgery (CSRF) in Tm - WordPress Redirection plugin for WordPress versions up to 1.2 allows unauthenticated attackers to update plugin settings and inject malicious web scripts by tricking a site administrator into clicking a malicious link. The vulnerability stems from missing or incorrect nonce validation on sensitive functions, enabling attackers to forge requests that execute administrative actions without the admin's explicit consent. CVSS score is 6.1 with network attack vector and low complexity, though exploitation requires user interaction (tricking administrator). No public exploit code or active exploitation has been identified at the time of analysis.
Stack overflow in Zephyr RTOS network stack allows local attackers to trigger a denial of service by issuing an ICMP ping to the device's own IPv4 address via the `net ping` shell command, causing recursive re-entry of the input path on the same work-queue stack and exhausting stack memory. The vulnerability requires local access and user interaction to execute the shell command, affecting systems with Zephyr network functionality enabled.
Command injection in Axis OS ACAP configuration file processing allows privilege escalation when unsigned ACAP applications are enabled and a user installs a malicious application. The vulnerability requires high-privileged user interaction and local access but bypasses normal code signing protections to achieve code execution with elevated privileges.
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.
SQL injection in KACO Meteor server affecting all versions of blueplanet inverter product line allows authorized attackers on the local network to elevate privileges and modify system data. The vulnerability requires high-privilege credentials and abnormal configuration access (AC:H), limiting exploitation to insider threats or attackers who have already compromised administrative access. CVSS 6.0 with integrity and availability impact reflects significant risk within trusted network environments.
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper export of Android application components in Fortinet FortiToken Android 5.2, 6.1, and 6.2 allows local authenticated attackers to gain unauthorized access to sensitive information via exposed application components that lack proper access control. The vulnerability has a CVSS score of 5.0 with local attack vector and requires low privileges, enabling information disclosure without user interaction. No public exploit code has been identified, and the vulnerability is not listed in active exploitation databases at the time of analysis.
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper input validation in an Axis OS configuration file allows authenticated SSH users to execute code and potentially escalate privileges. The vulnerability requires valid SSH credentials but affects all Axis OS versions, making it a significant risk for organizations running Axis network devices with SSH access exposed or shared credentials.
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
Missing authorization in Broadstreet Ads WordPress plugin through version 1.52.2 allows authenticated users to bypass access controls and modify data, resulting in integrity and availability impact. The vulnerability stems from incorrectly configured access control security levels that fail to properly validate user permissions before executing sensitive operations. Exploitation requires valid user authentication but no special configuration or interaction.
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled.
Stored cross-site scripting (XSS) in FluentCMS 1.2.3 File Management module allows authenticated administrators to upload SVG files with embedded malicious JavaScript that executes when any user-including unauthenticated visitors-accesses the image URL directly. The vulnerability has public proof-of-concept code available via GitHub pull request, and CISA SSVC framework confirms exploitability is feasible but requires user interaction and is not automatable. CVSS 5.4 reflects the attack complexity introduced by authentication requirement and user interaction, but the cross-origin scope and ability to affect multiple users elevates real-world risk.
SQL injection in Fortinet FortiNDR 7.0 through 7.6.2 allows authenticated attackers to execute unauthorized code or commands via crafted HTTP requests. The vulnerability affects multiple versions across the 7.x branch and has an EPSS exploitation probability indicator (E:P in CVSS), suggesting feasible attack conditions despite moderate CVSS score (5.1). Patch availability and active exploitation status require confirmation from vendor advisory.
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.