A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
Cross-origin source code exposure in webpack-dev-server up to 5.2.3 allows attackers controlling a malicious website to steal bundled application source code when a developer runs the dev server over non-trustworthy HTTP origins. The vulnerability exploits the omission of Sec-Fetch-Mode and Sec-Fetch-Site headers on non-HTTPS connections, enabling script injection and cross-origin code exfiltration. Chromium-based browsers Chrome 142+ are exempt due to local network access restrictions. CVSS 5.3 (AC:H due to user requirement to visit attacker site; High confidentiality impact). Fix: upgrade to webpack-dev-server 5.2.4 or later.
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
Authenticated remote attackers can read arbitrary files from the operating system filesystem with root privileges on affected RUGGEDCOM ROX devices due to improper input validation in the JSON-RPC web server interface. All versions of ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 below V2.17.1 are affected. No public exploit code has been identified at time of analysis.
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
## Resolution SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is being hosted over a network, as suggested by a console warning message and an officially published security checklist for administrators. Documentation: - https://docs.sillytavern.app/administration/config-yaml/#private-address-whitelisting - https://docs.sillytavern.app/administration/#security-checklist ## Note on future SSRF findings Since the request filter applies to the entire application, no SSRF vulnerabilities against individual endpoints will be accepted, unless it has been proven that a properly configured and enabled filter can be bypassed in an undocumented way. Only advisories disclosed before the 1.18.0 release will be posted if their concern is SSRF. ## Overview - Vulnerability Type: SSRF - Affected Location: `src/middleware/corsProxy.js:31` - Trigger Scenario: SSRF in optional CORS proxy ## Root Cause `corsProxyMiddleware` forwards `req.params.url` directly into `fetch(url, ...)`. It only blocks circular requests to its own host and does not enforce destination allowlist or private/loopback restrictions, enabling SSRF. ## Source-to-Sink Chain 1. Source (user-controlled input) - Entry point: `GET /proxy/:url(*)` 2. Data flow - Code analysis shows concrete propagation into this sink: - vulnerability title: `SSRF in optional CORS proxy` - sink location reached by attacker-controlled input: `src/middleware/corsProxy.js:31` - The same sink behavior is confirmed by controlled execution observations. 3. Sink (dangerous operation) - Sink location: `src/middleware/corsProxy.js:31` - Vulnerable behavior: SSRF in optional CORS proxy ## Exploitation Preconditions 1. The attacker can control or influence a URL/endpoint parameter. 2. The server can access internal or sensitive network targets. 3. Outbound request validation or redirect controls are insufficient. ## Risk This issue can be used to pivot network access and reach unintended internal resources. ## Impact An attacker may access internal network services or metadata endpoints and exfiltrate sensitive responses. ## Remediation 1. Enforce strict destination allowlist for proxy targets. 2. Block loopback, link-local, RFC1918, and metadata address ranges. 3. Apply the same destination validation to redirects.
## Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. ## Overview - Vulnerability Type: XSS - Affected Location: `src/middleware/corsProxy.js:40` - Trigger Scenario: reflected XSS in CORS proxy error response ## Root Cause When `fetch(url)` throws, the code sends: `res.status(500).send('Error occurred while trying to proxy to: ' + url + ' ' + error)`. The `url` value is attacker-controlled (`req.params.url`) and is not HTML-escaped before rendering. ## Source-to-Sink Chain 1. Source (user-controlled input) - Entry point: `GET /proxy/:url(*)` 2. Data flow - Code analysis shows concrete propagation into this sink: - vulnerability title: `Reflected XSS in CORS proxy error response` - sink location reached by attacker-controlled input: `src/middleware/corsProxy.js:40` - The same sink behavior is confirmed by controlled execution observations. 3. Sink (dangerous operation) - Sink location: `src/middleware/corsProxy.js:40` - Vulnerable behavior: reflected XSS in CORS proxy error response ## Exploitation Preconditions 1. The attacker can inject controllable content into a rendered response. 2. The vulnerable rendering context does not apply strict output encoding/sanitization. 3. A victim user opens the affected page or response. ## Risk This issue enables script execution in the victim context and can compromise session or data integrity. ## Impact An attacker may run arbitrary JavaScript in the victim context, steal tokens, and manipulate user-visible behavior. ## Remediation 1. Never concatenate raw user input into HTML error responses. 2. If URL echo is required, HTML-escape it or force plain-text output. 3. Re-enable/strengthen CSP to reduce reflected injection impact.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Man-in-the-middle attackers positioned between OX Dovecot Pro and clients can forge SCRAM TLS channel binding via specially crafted base64 exchanges, allowing eavesdropping on encrypted communications. The attack requires network-level access and knowledge of channel binding mechanics but yields complete confidentiality compromise. No public exploit code is known, and patched versions are available from Open-Xchange.
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
Double free vulnerability in Windows Rich Text Edit component allows local authenticated attackers to escalate privileges on Windows 10 and Windows 11 systems through a specially crafted interaction. The flaw requires local access with standard user privileges and user interaction, but enables full system compromise including code execution and privilege elevation. Microsoft has released a vendor patch to address this issue.
OS command injection in Fortinet FortiAP and FortiAP-W2 access points allows authenticated administrators to execute arbitrary code or commands via specially crafted CLI commands. Affected versions span FortiAP 6.4 through 7.6.2 and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and does not require user interaction, making it exploitable by rogue administrators or accounts with compromised credentials. No public exploit code or active exploitation has been identified at time of analysis.
OS command injection in Fortinet FortiAP, FortiAP-U, and FortiAP-W2 allows authenticated privileged attackers to execute arbitrary code via maliciously crafted CLI requests. Affected versions span FortiAP 6.4 through 7.6.2, FortiAP-U 6.2 through 7.0.5, and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and local CLI interaction, limiting exposure to trusted insider threats or compromised management interfaces. CVSS 6.1 reflects the high impact (code execution with full system privileges) constrained by authentication and local access requirements.
Privilege escalation in Axis OS via path traversal in ACAP configuration files allows high-privileged local attackers to achieve code execution with elevated permissions. The vulnerability requires the device to be configured for unsigned ACAP application installation and the attacker to socially engineer a user into installing a malicious ACAP application. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but exploitation is constrained by high-privilege requirement and user interaction. No public exploit code or active exploitation has been identified at time of analysis.
Axis OS allows privilege escalation via improper input validation during ACAP application installation when unsigned applications are permitted, enabling authenticated attackers with high privileges to gain elevated system access. The vulnerability requires explicit administrative configuration allowing unsigned ACAP installations and victim interaction to install a malicious application. No public exploit code or active exploitation has been confirmed at time of analysis.
Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.
OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Null pointer dereference in Windows Storport Miniport Driver allows remote attackers to trigger denial of service over a network with user interaction. The vulnerability affects Windows Server 2025 and exists in the storage port driver architecture, requiring the attacker to send a specially crafted network request that causes the driver to dereference a null pointer, resulting in service interruption or system instability. No public exploit code or active exploitation has been confirmed.
mem0 1.0.0 server exposes an unauthenticated memory deletion API endpoint (DELETE /memories) that allows remote attackers to delete arbitrary user memory records by specifying user identifiers in query parameters, resulting in unauthorized data loss and denial of service. No authentication or authorization validation is performed before processing deletion requests, enabling any network-accessible attacker to target any user's data without credentials.
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role) to execute arbitrary SQL and read data from any table in the database, including data belonging to other organizations. This vulnerability is fixed in 1.20.1.
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Time-based blind SQL injection in the Eight Day Week Print Workflow WordPress plugin (versions up to 1.2.6) via the 'title' parameter in the pp-get-articles AJAX action allows authenticated attackers with Subscriber-level access to extract sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage, enabling attackers to append arbitrary SQL queries to extract confidential data with high confidentiality impact.
OpenClaude MCP's OAuth callback handler in Node.js can be shut down via CSRF attack by sending a request with any `error` query parameter, bypassing state validation entirely without knowledge of the CSRF token. The vulnerability allows unauthenticated remote attackers to terminate a user's active authentication session and force server shutdown due to a logic flaw where the `error` parameter check precedes and disables the state validation check. Vendor-released patch version 0.5.1 available.
Brute-force password attacks against the web management interface of Zyxel WRE6505 v2 firmware V1.00(ABDV.3)C0 succeed due to improper rate-limiting on authentication attempts, allowing adjacent LAN attackers to bypass authentication and gain administrative access without requiring valid credentials. The vulnerability affects a legacy wireless range extender model marked as end-of-life by Zyxel, with CVSS 6.5 reflecting high confidentiality impact but local network scope.
Credential leakage in LWP::UserAgent before 6.83 (Perl) exposes Authorization and Proxy-Authorization headers to attacker-controlled redirect targets across cross-origin 3xx redirects. The library's redirect handler stripped only Host and Cookie on follow-up requests, leaving credential headers intact even when the redirect crossed a scheme, host, or port boundary. Authenticated Perl HTTP clients - including server-side applications, crawlers, API integrators, and automation tooling - are affected whenever caller-supplied credentials are passed to a UserAgent instance that can be redirected. No public exploit has been independently confirmed beyond the proof-of-concept submitted with the vulnerability report, and CISA KEV does not list this CVE; however, the exploitation pattern is straightforward and mirrors a well-documented class of credential-leakage flaws in HTTP client libraries.
Remote authenticated attackers can exploit an exposed dangerous method on the Core Server of Ivanti Endpoint Manager versions before 2024 SU6 to leak access credentials. The vulnerability requires valid authentication credentials to exploit and does not allow code execution or system modification, but compromises confidentiality by exposing sensitive authentication material that could facilitate lateral movement or account takeover.
Stored cross-site scripting in Shortcodely WordPress plugin versions up to 1.0.1 allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'widget_area' parameter, with scripts executing whenever users access affected pages. The vulnerability stems from insufficient input sanitization and output escaping, affecting all installations with vulnerable plugin versions active. CVSS 6.4 reflects the cross-site scope and information disclosure potential, though exploitation requires authenticated contributor-level access.
Stored Cross-Site Scripting in BJ Lazy Load plugin for WordPress versions up to 1.0.9 allows authenticated attackers with Contributor-level access to inject arbitrary web scripts via regex-based HTML attribute manipulation in the `filter_images()` function. The vulnerability exploits improper handling of HTML attribute boundaries during `src` attribute replacement, enabling attackers to promote malicious content from class attribute values into executable DOM attributes. When victims access injected pages, the injected scripts execute in their browsers with the privileges of the compromised site.