Stored cross-site scripting in Custom Twitter Feeds plugin for WordPress versions ≤2.5.4 allows unauthenticated remote attackers to execute arbitrary JavaScript when malicious content enters cached tweet data. The vulnerability stems from the ctf_get_more_posts AJAX endpoint outputting cached tweet text through nl2br() without HTML escaping, accessible without authentication (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). Attack requires either posting malicious tweets that the target site caches via its feed configuration, or leveraging other vulnerabilities to poison the tweet cache. No active exploitation confirmed at time of analysis. Wordfence identified the flaw with patch available in changeset 3519584.
Information disclosure in F5 BIG-IP Configuration utility allows low-privileged authenticated attackers to access sensitive information through undisclosed pages, affecting the confidentiality of administrative data without requiring user interaction or privileged credentials beyond standard authentication.
Privilege escalation in F5 BIG-IP allows authenticated administrators to cross security boundaries and achieve elevated system access through a stack buffer overflow. The vulnerability affects all BIG-IP versions and requires high-privilege administrative credentials and direct network access to exploit. No public exploit code or active exploitation has been identified at time of analysis, but a vendor patch is available.
BIG-IP QKView utility fails to properly sanitize sensitive data in diagnostic files, allowing authenticated attackers to extract confidential information including credentials and system configuration details. The vulnerability affects both BIG-IP and BIG-IQ platforms and requires valid user credentials to exploit, limiting exposure to insider threats and compromised accounts within authorized access tiers.
Authenticated users of F5 BIG-IP iControl SOAP interface can access account information belonging to other users due to insufficient access controls. The vulnerability affects BIG-IP systems where iControl SOAP is accessible and requires valid authentication credentials to exploit, allowing attackers with legitimate access to enumerate or retrieve confidential account details beyond their authorization scope.
Incorrect permission assignment in F5 BIG-IP iControl REST and TMOS shell (tmsh) allows authenticated attackers to view sensitive information through an undisclosed command. The vulnerability affects BIG-IP systems and requires valid credentials but no user interaction to exploit, enabling confidentiality compromise of data restricted to higher-privilege accounts.
Incorrect permission assignment in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and iControl REST allows authenticated attackers to view network status of destination systems. Affected versions vary by product line; vendor has released patches. Authentication is required, limiting exposure to users with valid credentials, but the high confidentiality impact (CVSS 6.5) makes this a material information disclosure risk for organizations managing sensitive network infrastructure.
Authenticated attackers can exhaust MongoDB Server memory using malicious bitwise match expressions ($bitsAllSet, $bitsAnySet, $bitsAllClear, $bitsAnyClear), leading to out-of-memory denial of service. Affects MongoDB Server 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. Vendor-released patches are available across all affected major versions. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability in the wild, and no public exploit code has been identified at time of analysis.
Unsafe deserialization in LangSmith SDK's prompt pull methods allows remote attackers to execute server-side request forgery (SSRF) and redirect LLM traffic to attacker-controlled infrastructure when applications pull public prompts from LangSmith Hub. The SDK deserializes untrusted prompt manifests containing serialized LangChain objects with attacker-controlled constructor arguments, including malicious base_url configurations, custom headers, and secret references. Exploitation requires user interaction (developers must call pull_prompt with a malicious owner/name identifier), but no authentication is required to publish malicious prompts to the public Hub. Vendor-released patches in Python >= 0.8.0 and JS/TS >= 0.6.0 now block public prompt pulling by default, requiring explicit opt-in via dangerously_pull_public_prompt flag. EPSS data not available; no CISA KEV listing or public exploit identified at time of analysis.
Privilege escalation in Grafana OSS allows an authenticated Editor with write access to a dashboard they do not own to overwrite that dashboard and acquire admin permissions on it. The flaw, tracked as CVE-2026-33377 and disclosed by Grafana with patches across multiple maintained branches, has CVSS 7.1 reflecting high integrity impact via low-privileged network access. There is no public exploit identified at time of analysis, and EPSS sits at 0.03% (8th percentile), but the high integrity impact warrants prompt patching for multi-tenant Grafana deployments.
Privilege escalation in cPanel and WP Squared allows an authenticated team member account to elevate privileges to the team owner, granting full control over the hosting account. The flaw stems from improper authorization checks within the team-member privilege model and carries a CVSS 7.1 (high integrity impact). EPSS is very low (0.03%) and no public exploit has been identified at time of analysis, but a vendor patch is available.
Denial of service in F5 BIG-IP when Packet Velocity Acceleration (ePVA) is enabled allows local network attackers to exhaust ePVA and Traffic Management Microkernel (TMM) resources through crafted ethernet traffic, causing service degradation or unavailability. CVSS 6.5 (medium severity) reflects adjacent network access requirement and high availability impact. Patch availability confirmed via vendor advisory.
Authenticated users with GitRepository modification privileges in Nautobot can manipulate the current_head field via REST API to force local repository clones to check out arbitrary commits, causing repository state inconsistency or denial of service. The unintended write access stems from improper REST API serializer configuration (CWE-471: Modification of Assumed-Immutable Data). Vendor-released patches in versions 2.4.33 and 3.1.2 add field-level access controls and input validation to prevent manipulation of the internal current_head tracking field. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated API access.
Incorrect permission assignment in F5 BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST allows authenticated attackers to view sensitive adjacent network information due to improper access controls. The vulnerability affects multiple product lines and requires valid authentication to exploit, making it a privilege escalation concern for environments where lower-privileged users have access to management interfaces.
Authenticated subscribers can bypass authorization gates and forcibly join any ProfileGrid group - including closed, paid, or restricted groups - through a missing capability check in the pm_invite_user function. Affects all ProfileGrid plugin versions up to 5.9.8.4. The vulnerability enables low-privilege users to circumvent membership restrictions and payment requirements, potentially exposing premium content and private community spaces. EPSS data not provided; no CISA KEV listing identified, indicating no confirmed widespread exploitation at time of analysis. CVSS 7.1 reflects high integrity impact due to authorization bypass capabilities.