Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials without authentication. Affects Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition. Functional exploit code exists (CVSS temporal E:F) though no active exploitation confirmed at analysis time. CVSS 8.1 (High) driven by network vector, no authentication requirement, and dual confidentiality/integrity impact. Microsoft released patches via MSRC security update guide. Medium-high priority for organizations running affected Exchange versions with webmail or OWA exposed.
OAuth scope enforcement bypass in GitLab CE/EE allows an authenticated user holding a read_api-scoped OAuth token to perform unauthorized write operations - specifically creating issues and adding comments - in private projects. Affected are all GitLab Community and Enterprise Edition installations from version 16.0 up to the patched releases 18.9.7, 18.10.6, and 18.11.3. A publicly available proof-of-concept exists, and while EPSS probability is extremely low (0.01%, 1st percentile) with no CISA KEV listing, the integrity impact is rated High given the ability to inject content into private project issue trackers.
Open WebUI's GET /api/v1/retrieval/ endpoint discloses RAG pipeline configuration including embedding models, chunking parameters, and RAG templates to unauthenticated attackers with a single HTTP request. The vulnerability affects v0.9.2 and earlier, where this endpoint lacks authentication guards present on all adjacent endpoints, enabling reconnaissance for RAG poisoning attacks and infrastructure fingerprinting without requiring credentials, authentication tokens, or user interaction.
Reflected cross-site scripting in podinfo through 6.11.2 allows remote unauthenticated attackers to execute arbitrary JavaScript in the context of a victim's browser session by crafting HTML pages with auto-submitting forms that deliver script payloads to the /echo or /api/echo endpoints. The vulnerability exists because the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers, causing Go's content type detection to default to text/html. Publicly available exploit code confirms the vulnerability is exploitable, though CISA KEV status is not confirmed at the time of analysis.
Fleet trusts untrusted client-supplied IP address headers (X-Forwarded-For, X-Real-IP, True-Client-IP) when determining source IP for incoming requests, allowing both authenticated and unauthenticated attackers to spoof their apparent IP address and bypass per-IP rate limiting controls. This enables brute-force and password-spraying attacks against authentication endpoints to scale without triggering rate-limit protections, though the vulnerability does not itself enable authentication bypass, privilege escalation, data exposure, or remote code execution.
Hedera Guardian through version 3.5.1 allows unauthenticated attackers to retrieve sensitive user information via the GET /api/v1/demo/registered-users endpoint, which lacks proper authentication controls. Attackers can access this endpoint without credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users. The vulnerability affects confidentiality with a CVSS score of 5.3 and has been fixed in the upstream repository via GitHub PR #6076.
Fleet instances fail to validate the origin of client IP headers (True-Client-IP, X-Real-IP, X-Forwarded-For) before using them for API rate limiting, allowing unauthenticated attackers to bypass per-IP brute-force protections on sensitive endpoints such as login by rotating header values across requests. This vulnerability primarily affects Fleet deployments directly exposed to the internet without a reverse proxy that overwrites forwarded headers; instances behind properly configured proxies or WAFs have reduced exposure.
Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes of unwanted email and consume downstream email delivery resources. This vulnerability is fixed in 1.180.10.
Integer overflow in simdjson's string_builder::escape_and_append() function allows out-of-bounds memory reads in SIMD routines when processing very large input strings on 32-bit platforms, potentially resulting in information disclosure or memory corruption. The vulnerability affects all versions before 4.6.4 and has been patched by the vendor.
Vvveb before 1.0.8.3 allows unauthenticated remote attackers to enumerate sensitive files and directories through directory listing information disclosure. Multiple directories including admin, plugins, themes, and media folders lack proper index directives in .htaccess files, permitting attackers to view filenames, file sizes, modification timestamps, and unrendered admin templates that expose sensitive route maps. No active exploitation has been confirmed, but the vulnerability is trivial to exploit with network access and no authentication.
Path traversal in Pode PowerShell web framework versions 2.4.0 through 2.12.x allows high-privileged authenticated users to read arbitrary files from the server filesystem via crafted static route requests. An attacker with high privilege can request paths like http://localhost:8080/c:/Windows/System32/drivers/etc/hosts to retrieve sensitive file contents. The vulnerability is fixed in version 2.13.0.
Matrix Synapse homeserver versions prior to 1.152.1 allow authenticated local users to trigger CPU starvation that denies service to other users by exploiting unbounded lock timeout intervals in the WorkerLock implementation. Synapse deployments that do not trust all local users face service availability risk from malicious authenticated accounts. Vendor-released patch available in version 1.152.1 (GitHub commit 3f58bc50dfba5768ee43ce48c5e74c25ba0b078a confirms fix). No public exploit identified at time of analysis, though the attack mechanism is straightforward for any authenticated user.
Source code disclosure vulnerability in Schneider Electric EcoStruxure Machine Expert HVAC versions prior to 1.10.0 allows authorized users with local access to view protected source code stored in cleartext, resulting in loss of confidentiality and potential exposure of proprietary logic. The vulnerability requires local authenticated access and is rooted in improper protection of sensitive information at rest; no active exploitation or public exploit code has been identified.
Authorization bypass in DijiDemi v4.5.12.1 through v4.5.13.0 allows authenticated high-privilege users to escalate permissions through user-controlled cryptographic key manipulation. An attacker with high privileges can abuse the authorization mechanism by controlling session or authentication keys, bypassing intended access restrictions and potentially modifying data or executing unauthorized operations, though exploitation requires user interaction and high-privilege account access.
Path traversal in the Media Sync WordPress plugin (versions ≤1.4.9) enables authenticated attackers with Author-level access or above to read arbitrary files outside the intended uploads directory by injecting traversal sequences into the 'sub_dir' and 'media_items' parameters. The CVSS vector (C:H/I:N/A:N) confirms the impact is limited to confidentiality - file read only, with no write or deletion capability indicated. No public exploit has been identified at time of analysis, and CISA SSVC rates current exploitation as none with partial technical impact, consistent with the low EPSS probability of 0.45%.
GitLab CE and EE are vulnerable to authenticated denial of service through excessive memory consumption, affecting all installations from version 8.3 up to the patched releases. An authenticated user with minimal privileges can submit maliciously crafted input that bypasses proper validation, causing the server to allocate memory without adequate bounds until service degradation or outage occurs. EPSS is low at 0.06% (18th percentile), no active exploitation is confirmed (CISA KEV absent, SSVC exploitation status: none), and a vendor patch was released on May 13, 2026.
Unauthenticated attackers can invoke the GET `/api/v1/memories/ef` endpoint in Open WebUI versions ≤0.7.2 to trigger arbitrary embedding generation without authentication, enabling cost-based attacks against paid embedding providers (OpenAI, Azure) and denial-of-service via resource exhaustion. The endpoint executes `request.app.state.EMBEDDING_FUNCTION()` without any authentication check, allowing unlimited free API calls to downstream embedding services. Vendor-released patch available in v0.8.0 (February 2026) that removes the vulnerable endpoint entirely.
SQL Injection in the Unlimited Elements for Elementor WordPress plugin (versions up to and including 2.0.7) allows authenticated attackers holding at least Contributor-level access to extract sensitive database contents by injecting arbitrary SQL into the 'data[filter_search]' parameter of the get_cat_addons AJAX action. The vulnerability is the product of two chained weaknesses: the plugin's normalizeAjaxInputData() function actively undoes WordPress's built-in magic-quote protection via stripslashes(), and the deprecated wpdb->_escape() method then fails to safely handle the exposed input before it is concatenated directly into a LIKE clause. Reported by Wordfence and tracked as EUVD-2026-30214, no public exploit code has been identified at time of analysis and CISA KEV does not list this CVE, though the confidentiality impact is rated High, enabling full database read access for a successful attacker.
Timing-channel attack in PostgreSQL MD5 password authentication enables remote unauthenticated attackers to extract user credentials through statistical analysis of authentication response times, affecting versions prior to 18.4, 17.10, 16.14, 15.18, and 14.23. The vulnerability exploits variable-time comparison operations during MD5 password hash verification, but does not impact the default scram-sha-256 authentication method. Databases migrated from PostgreSQL 13 or earlier may retain MD5-hashed passwords and remain vulnerable despite running newer versions.
Open WebUI versions up to 0.8.8 expose admin-configured system prompts to authenticated regular (non-admin) users through the /api/models API endpoint, allowing information disclosure of sensitive model instructions and internal configuration details. The vulnerability requires valid user authentication but no administrative privileges, enabling any authenticated user to retrieve confidential system prompts via a simple HTTP GET request. This is confirmed actively exploited in production deployments with a publicly available proof-of-concept.
Open WebUI versions prior to 0.8.11 allow authenticated users to access notes belonging to other users via Indirect Object Reference (IDOR) in the /api/v1/notes/{note_id} endpoint, enabling unauthorized disclosure of potentially sensitive private data. The vulnerability is exploitable both when the notes feature is enabled in the UI and when disabled but re-enabled via /api/config endpoint manipulation, requiring only valid user authentication and UUID enumeration or guessing.
Authenticated admin users in pyLoad-ng can bypass the CVE-2026-33509 fix by setting the storage_folder to the Flask session directory (/tmp/pyLoad/flask), then downloading and reusing session files of other users via the /files/get/ endpoint to achieve account takeover. The original patch failed to block access to the session cache directory, leaving it accessible through the directory traversal protection bypass. Publicly available proof-of-concept code confirms the bypass is functional.
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Command injection in @apostrophecms/cli apos create command allows arbitrary command execution when a user supplies specially crafted input during the interactive password prompt. The vulnerability exists in lib/commands/create.js line 186, where user-supplied password input is passed directly into a shell exec() call without sanitization or escaping, enabling attackers to inject shell metacharacters (;, &&, $()) to execute arbitrary commands with the privileges of the user running the CLI. Exploitation requires user interaction (UI:R) and high privilege context (PR:H), but publicly available proof-of-concept demonstrates successful arbitrary code execution on Ubuntu systems with Node.js.
Open WebUI fails to authorize model update requests, allowing authenticated users to modify private models belonging to other users and alter their access controls. Tested on version 0.5.4, this broken access control vulnerability affects all versions up to 0.5.6 and is exploitable via a direct POST request to the /api/v1/models/model/update endpoint without requiring special privileges beyond basic authentication.
Open WebUI before version 0.9.0 allows authenticated users to bypass API key endpoint restrictions by submitting requests via the `x-api-key` header instead of the `Authorization` header, enabling full access to protected endpoints including message processing and potentially admin functionality. The vulnerability affects deployments where admins have configured API key restrictions to limit which endpoints specific keys can access. A proof-of-concept demonstrates that the same API key correctly rejected via `Authorization` header (403 Forbidden) is fully processed via `x-api-key` header (200 OK with LLM response), completely undermining the intended access control model. No active public exploitation is reported, but the vulnerability is straightforward to exploit and has been verified against Open WebUI v0.8.11.
Time-based blind SQL injection in the Taskbuilder - Project Management & Task Management Tool With Kanban Board WordPress plugin (all versions through 5.0.6) enables authenticated attackers with Subscriber-level access or above to exfiltrate arbitrary data from the underlying database via the 'project_search' parameter. The vulnerability stems from unsanitized user input being passed into an unprepared SQL query, exposing confidential database contents including user credentials, configuration data, and application records. No public exploit code has been identified at time of analysis, EPSS probability is very low at 0.03%, and CISA has not added this to the Known Exploited Vulnerabilities catalog.
Privilege escalation in Essential Addons for Elementor (all versions ≤ 6.5.13) allows authenticated WordPress users with Author-level access or above to create new accounts with elevated roles such as Editor by exploiting the plugin's `register_user` function, which applies an incomplete role denylist that blocks only 'administrator' while leaving other privileged roles unguarded. The network-accessible, low-complexity attack vector (AV:N/AC:L/PR:L) makes this realistic for any site with the plugin's registration widget exposed and populated with low-trust authors. No public exploit has been identified at time of analysis and CISA KEV status is absent, but the plugin's broad WordPress deployment increases aggregate exposure.
Denial-of-service in GitLab Enterprise Edition allows a crafted file upload to exhaust service availability through improper deserialization validation. The vulnerability spans an exceptionally wide range, affecting all GitLab EE instances from version 11.9 through the 18.11 line until patched releases. There is no public exploit identified at time of analysis and EPSS sits at 0.02% (4th percentile), indicating low observed exploitation pressure, though the breadth of the affected version range means unpatched installations represent a meaningful attack surface for availability disruption.
Infinite loop denial-of-service in OpenStack Ironic's image handling allows low-privileged authenticated attackers to exhaust conductor resources by supplying file:///dev/zero as an image URL, triggering unbounded checksum calculations that never terminate. All Ironic versions from 0 through 35.x prior to commit a3f6d73 are affected. No public exploit independently confirmed but SSVC data indicates proof-of-concept exists; EPSS sits at 0.01% (2nd percentile), consistent with low widespread exploitation likelihood despite the poc signal.
Cross-Site Request Forgery in GitLab CE/EE allows an unauthenticated attacker to create unauthorized Jira subscriptions within a targeted authenticated user's namespace by tricking the victim into clicking a specially crafted link. All GitLab installations from version 11.10 through the pre-patch 18.x releases are affected across both Community and Enterprise editions. No public exploit exists and this is not listed in CISA KEV; however, the broad version range spanning over seven years of releases and the prevalence of Jira integrations in enterprise GitLab deployments make patching a meaningful priority.
Improper authorization in GitLab CE/EE exposes confidential issue content to any authenticated user on public projects across three active release branches. The flaw (CWE-288) allows a low-privileged, authenticated user - including users with no project membership - to read issue content that project owners explicitly marked confidential and restricted. With patch versions released on May 13, 2026 and no public exploit or KEV listing identified at time of analysis, the immediate threat is bounded, though the confidentiality impact is rated High by CVSS given the potential for sensitive business or security-relevant issue data to be disclosed.
Remote authenticated actors with S3 write access can achieve code execution in Amazon SageMaker Triton inference containers by replacing model artifacts with malicious pickle payloads that are deserialized without integrity verification. Affected versions are SDK v2 before v2.257.2 and v3 before v3.8.0. The vulnerability requires high-privilege S3 access to the model artifact path but carries severe impact including arbitrary code execution within inference containers. No public exploit code or active exploitation has been identified at time of analysis.
Stored Cross-Site Scripting in Royal Elementor Addons and Templates plugin for WordPress up to version 1.7.1058 allows authenticated attackers with Contributor-level privileges to inject arbitrary JavaScript via the 'title_tag' parameter in multiple widgets, with execution occurring when any user accesses the affected page. The vulnerability stems from insufficient input sanitization and output escaping on user-controlled parameters.
Stored cross-site scripting in CC Child Pages WordPress plugin up to version 2.1.1 allows authenticated attackers with Contributor-level access and above to inject arbitrary JavaScript via the 'more' parameter, which executes in the browsers of users viewing the compromised pages. CVSS 6.4 reflects the authentication gate but cross-site scope (C:L/I:L/S:C). No public exploit code or active exploitation confirmed at time of analysis.
Stored Cross-Site Scripting in the Meta Field Block WordPress plugin (versions ≤1.5.2) allows authenticated contributors to inject persistent malicious scripts via the unsanitized 'tagName' block attribute. Any user who subsequently visits a page containing the injected block will execute the attacker's arbitrary JavaScript in their browser context. A vendor-released patch (1.5.3) is available; no public exploit has been identified and EPSS and SSVC signals both indicate low exploitation probability at this time.
Stored Cross-Site Scripting in the Bold Page Builder WordPress plugin (versions up to and including 5.6.8) allows authenticated attackers holding contributor-level access or higher to inject persistent malicious JavaScript via the 'text' attribute of the bt_bb_button shortcode. The script executes in the browser of any user who subsequently loads the compromised page, including administrators, enabling session hijacking or unauthorized action execution under victim identity. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, carries an EPSS score of 0.03% (8th percentile), and SSVC designates exploitation status as none.
Stored cross-site scripting in The Plus Addons for Elementor WordPress plugin (all versions through 6.4.11) allows authenticated contributors to persistently inject arbitrary JavaScript via the `menu_hover_click` parameter of the Navigation Menu Lite widget. The CVSS scope change (S:C) confirms the payload executes in visiting users' browser contexts rather than the attacker's, enabling session hijacking, credential harvesting, or admin account takeover against any user who loads an affected page. EPSS is very low at 0.03% (8th percentile) and SSVC confirms no known exploitation, but the low privilege bar - contributor access, which is routinely granted on multi-author WordPress sites - elevates practical risk above what the medium CVSS score alone suggests.
Stored Cross-Site Scripting in Envira Gallery Lite (WordPress plugin, versions ≤ 1.12.4) enables authenticated attackers with Author-level access to inject persistent arbitrary JavaScript into gallery pages via the REST API. The attack exploits a context mismatch: the `arrows` gallery parameter is omitted from `sanitize_config_values()` sanitization, and `gallery_init()` escapes it with `esc_attr()` — a function designed for HTML attribute contexts, not inline JavaScript — allowing JavaScript expression injection that executes in any visitor's browser. No public exploit or active exploitation has been identified; EPSS is 0.01% and CISA KEV status is absent, placing this firmly in the low-immediate-risk tier despite its persistent, cross-user impact.
Remote code execution in Archon 0.1.0 enables attackers to execute arbitrary commands and steal API keys when victims access a malicious HTML page. The attack exploits insufficient input validation (CWE-94) to control the Archon UI, run prompts on behalf of authenticated users, and exfiltrate all information displayed in the interface. With EPSS score of 0.04% (13th percentile) and no confirmed active exploitation, this represents a web-to-client attack requiring social engineering but offering significant post-exploitation capabilities once triggered.
Argument injection in dbt-mcp v1.15.1 through v1.17.0 allows MCP clients to inject arbitrary dbt command-line flags such as --profiles-dir, --project-dir, and --target via unsanitized node_selection and resource_type parameters, enabling attackers to redirect dbt's configuration and database operations to attacker-controlled locations. The vulnerability is exploitable via two independent vectors in the _run_dbt_command() function and has been verified by proof-of-concept code demonstrating arbitrary dbt profile injection. Vendor-released patch available in v1.17.1.
Cleartext transmission of sensitive information in KDDI's Android parental-control app 'あんしんフィルター for au' (Anshin Filter for au) exposes communications to interception and modification by man-in-the-middle attackers. Versions prior to 4.9_b0003 transmit data over unencrypted channels, enabling an attacker with a privileged network position to read sensitive user data or tamper with app communications. Disclosed by JPCERT/CC (JVN#24167657), no public exploit code exists and CISA has not listed this in KEV; EPSS of 0.01% (3rd percentile) and SSVC exploitation status of 'none' confirm negligible current threat activity.
Unauthenticated attackers with knowledge of the KVM key download endpoint URL can retrieve sensitive cryptographic keys without authentication, compromising confidentiality of encrypted communications and system secrets. This affects AMD KVM implementations and requires no special user interaction, though attackers must possess prior knowledge of the specific endpoint URL. No public exploit code or active exploitation has been identified at time of analysis.
pyzipper before version 0.4.0 fails to use AE-2 encryption format due to an operator precedence bug, causing CRC32 checksums to be stored unencrypted in ZIP headers. Attackers with access to encrypted archives can extract plaintext CRC32 values and conduct brute-force attacks on small or low-entropy files to recover their content without decrypting the AES encryption itself. Large or high-entropy files remain practically safe under current computational constraints, but the vulnerability represents a cryptographic bypass for files under approximately 20 bytes.
Reflected Cross-Site Scripting in the MapGeo - Interactive Geo Maps WordPress plugin (all versions through 1.6.27) allows unauthenticated remote attackers to inject arbitrary JavaScript via the unsanitized 'map' parameter of the display-map shortcode. Exploitation requires tricking an authenticated or anonymous site visitor into clicking a crafted URL, after which the injected script executes in the victim's browser within the plugin's page scope. No public exploit code or CISA KEV listing exists at time of analysis; EPSS probability is 0.06%, placing this in the 19th percentile of exploitation likelihood.
Reflected Cross-Site Scripting in the GLS Shipping for WooCommerce WordPress plugin (all versions through 1.4.0) allows unauthenticated remote attackers to inject arbitrary JavaScript via the unsanitized 'failed_orders' parameter, executing in victims' browsers when they interact with a crafted link. The CVSS vector (PR:N, S:C) confirms no authentication is needed by the attacker, though user interaction is required, and the Changed scope rating means successful exploitation can affect resources beyond the plugin's own context - such as session tokens or other page content. No active exploitation is identified at time of analysis; EPSS stands at 0.06% (17th percentile) and CISA SSVC assigns exploitation status of 'none', making this a theoretical rather than emergent threat.
Cross-site scripting (XSS) vulnerability in mistune's render_toc_ul() function allows attackers to inject arbitrary HTML and JavaScript into table-of-contents output by crafting malicious heading IDs. When heading identifiers are derived from user-supplied text (standard practice for readable slug anchors), an attacker can break out of the href attribute context with a payload like `x"><script>alert(document.cookie)</script><a href="`, causing the script block to execute in the rendered TOC. The vulnerability requires user interaction (UI:R) to view the poisoned TOC but affects all users of the generated page. Vendor-released patch available in mistune 3.2.1.
Cross-site scripting (XSS) vulnerability in Northern.tech CFEngine Enterprise before versions 3.21.8, 3.24.3, and 3.27.0 allows remote attackers to inject malicious scripts into web application responses. User interaction is required to trigger the vulnerability, limiting real-time automation of attacks but enabling account compromise, session hijacking, or credential theft against CFEngine administrators and users. No public exploit code or active exploitation has been identified at the time of analysis.
OS command injection in Fleet's software installer pipeline allows arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when a specially crafted software package is uninstalled. The vulnerability exists because package metadata fields are not sanitized before being incorporated into auto-generated uninstall scripts. An attacker with the ability to upload packages to Fleet can exploit this by embedding malicious commands in package metadata fields, resulting in code execution with elevated privileges when endpoints execute the uninstall operation. Patch version 4.81.1 available.