GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers who can supply a malicious PKCS12 file processed via info() or info_as_hash() to corrupt heap memory and potentially achieve remote code execution. The flaw stems from an integer overflow when an OCTET STRING or BIT STRING attribute on a SAFEBAG is >= 1 GiB in size, causing an undersized allocation followed by an OOB write. No public exploit identified at time of analysis, but the upstream patch and oss-security disclosure are public.
Silent password truncation in the Perl module Crypt::OpenSSL::PKCS12 versions up to and including 1.94 causes any password bytes at or after the first embedded NULL byte to be dropped without warning. The flaw stems from password parameters being declared as char* in PKCS12.xs, routing through Perl's default typemap to SvPV_nolen and discarding the Perl-known length before C strlen() truncates the buffer. The result is severe entropy loss for binary, KDF-derived, or HMAC-derived passwords used to protect PKCS12 keystores, with no public exploit identified at time of analysis.