The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.
Server-side request forgery in Dozzle (amir20/dozzle) versions through 8.14.12 allows remote unauthenticated attackers to coerce the Dozzle host into issuing arbitrary HTTP POST requests and reflects up to 1MB of the response body back. The flaw lives in POST /api/notifications/test-webhook, which is exposed without authentication in the documented default Docker quickstart deploy (DOZZLE_AUTH_PROVIDER unset). No public exploit identified at time of analysis, but a detailed proof-of-concept accompanies the GHSA advisory.
Cross-tenant document disclosure in Dify 1.14.1 and prior allows any authenticated user to read up to 3,000 characters of arbitrary uploaded files across all tenants and workspaces by submitting the file's UUID to the /console/api/files/{file_id}/preview endpoint. The flaw is amplified on Dify Cloud, where free self-registration makes account creation trivial, and publicly available exploit code exists via the Huntr disclosure. No CISA KEV listing has been recorded at time of analysis, but the combination of low-friction account access and a documented PoC raises practical exposure considerably.
Denial of service in ImageMagick's MIFF (Magick Image File Format) decoder allows remote unauthenticated attackers to trigger an infinite loop and exhaust CPU resources by submitting a crafted MIFF file. The flaw affects Magick.NET bindings prior to version 14.13.1 across multiple platform builds (Q16, HDRI, OpenMP variants for x64/arm64/x86) and is tracked under GHSA-7gg8-qqx7-92g5. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.
Stack buffer overflow in the Edimax BR-6428NS router (firmware 1.10) allows remote authenticated attackers to corrupt memory by sending an overlong pptpUserName parameter to the /goform/formPPTPSetup endpoint. Publicly available exploit code exists per VulDB disclosure, and no public exploit identified at time of analysis in CISA KEV. The vendor was reportedly contacted prior to disclosure but did not respond, leaving the device line without a confirmed fix.
Stack buffer overflow in the Edimax BR-6428NS router firmware version 1.10 allows authenticated remote attackers to corrupt memory by sending a crafted POST request to the formL2TPSetup handler with an oversized L2TPUserName parameter. Publicly available exploit code exists via a third-party Notion writeup, and the vendor was contacted but did not respond, leaving devices exposed without a coordinated fix. No CISA KEV listing or EPSS data is available to confirm active mass exploitation, but the combination of a public PoC and unresponsive vendor elevates real-world risk for any internet-exposed device.
The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Arbitrary file deletion in DumbAssets through 1.0.11 lets unauthenticated remote attackers destroy any file the Node.js process can write to by submitting `../` sequences in the `filesToDelete` array of the `POST /api/delete-file` endpoint. Because authentication on the application is optional and disabled by default, exposed instances can be rendered completely non-functional by deleting critical files such as `server.js` or `package.json`. No public exploit identified at time of analysis, and the CVE is not currently on the CISA KEV list.
Arbitrary directory deletion in CloakBrowser's cloakserve CDP multiplexer (pip package cloakbrowser <= 0.3.27) allows unauthenticated network attackers to delete directories accessible to the service user by supplying path traversal sequences in the fingerprint query parameter. The service binds to 0.0.0.0 by default, dramatically widening exposure, and no public exploit identified at time of analysis though the vulnerability is trivially reproducible from the published advisory.
Remote code execution in Microsoft Edge (Chromium-based) versions prior to 148.0.3967.70 allows attackers to execute arbitrary code on victim systems when a user is lured to a malicious webpage. The vulnerability stems from improper input validation (CWE-20) and carries a CVSS 3.1 score of 8.8 with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Privilege escalation in self-hosted Budibase (@budibase/worker < 3.38.1) allows any authenticated builder-level user to create a global admin account via the POST /api/global/users/onboard endpoint when SMTP is not configured, with the generated password returned directly in the HTTP response. The flaw stems from the onboard route being gated by builderOrAdmin middleware while exposing the same user-creation power as the admin-only invite endpoints, and no public exploit is identified at time of analysis although the GHSA advisory includes a complete, working proof-of-concept curl chain.
Stored cross-site scripting (XSS) in DernekWeb through version 30122025 enables attackers to inject persistent malicious scripts that execute when victims view affected pages. The vulnerability requires no authentication to exploit but does require user interaction (viewing the compromised page). With a high CVSS score of 8.8 reflecting potential for high impact across confidentiality, integrity and availability, this represents a serious risk for organizations using this Turkish association management software.
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces.
Remote unauthenticated denial-of-service in the iskorotkov/avro Go Avro decoder (and the archived upstream hamba/avro/v2) allows a malicious producer to pin a CPU core indefinitely by declaring an Avro array or map block with an attacker-controlled element count up to math.MaxInt64. The array/map decoders in codec_skip.go and reader_generic.go iterate the declared count without checking the Reader's accumulated error state, so a truncated payload triggers ~9.2×10^18 no-op iterations. No public exploit identified at time of analysis beyond the advisory's documented proof-of-concept payload; CVSS 4.0 scores this 8.7 (high) reflecting network reachability with high availability impact.
Denial-of-service in the iskorotkov/avro Go Avro decoder (a maintained fork of the archived hamba/avro) lets unauthenticated remote attackers crash or hang consumers by submitting crafted Avro streams that trigger integer narrowing, signed-integer overflow in cumulative block sizes, or unchecked-negative make() calls. All versions prior to v2.33.0 are affected; the upstream github.com/hamba/avro/v2 (all versions through v2.31.0) is also vulnerable and will not receive a fix because the module is archived. No public exploit identified at time of analysis, though the advisory itself documents concrete PoC input shapes and includes a regression test (TestDecoder_ArrayMultiBlockExceedsMaxInt) that demonstrates the cumulative-overflow path on amd64.
Stored cross-site scripting in the CI4MS (CodeIgniter 4 CMS/ERP) Pages module versions <= 0.31.8.0 allows authenticated content authors holding the pages.create or pages.update permission to persist arbitrary JavaScript that executes in every visitor's browser when the public Pages renderer outputs the field unescaped. Publicly available exploit code exists in the GitHub Security Advisory (GHSA-gqr2-7hcg-rchf), and because vulnerable pages can be promoted to the site home page, a single injection escalates from a low-privileged author to full administrator session takeover when an admin browses the front-end.
Mattermost versions up to 11.5.1 expose sensitive credentials in plaintext within support packets due to insufficient sanitization of configuration fields. System administrators or anyone with access to support packets can obtain database passwords, API keys, and other sensitive credentials by downloading support packets from the System Console. The vulnerability affects multiple version branches (10.11.x, 11.4.x, 11.5.x) and poses significant risk for credential theft and lateral movement.
Remote code execution in FreePBX versions below 16.0.71 and 17.0.6 allows authenticated low-privileged users with backup access to execute arbitrary PHP code by uploading a malicious tar archive containing a crafted manifest file. The backup module passes attacker-controlled data directly to PHP's unserialize() without class restrictions, enabling PHP object injection that runs as the asterisk or www-data web server user. No public exploit identified at time of analysis, though the upstream fix commits are public on GitHub, making patch-diff exploitation feasible.
SQL injection in SOGo 5.12.7 (Alinto's open-source groupware/webmail platform) allows authenticated users to exfiltrate arbitrary database contents by injecting subqueries through the uid parameter of the addUserInAcls endpoint, then reading the staged data back via the /acls API. The flaw, reported by VulnCheck (with credit to dninh of SACOMBANK), is fixed in 5.12.8; no public exploit identified at time of analysis and the CVE is not on CISA KEV.
Prototype pollution in the @tmlmobilidade/utils npm package allows remote unauthenticated attackers to inject properties into Object.prototype via the setValueAtPath() helper, leading to integrity compromise and partial availability impact in any downstream application that passes user-influenced paths into the function. The flaw is rated CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) and is fixed in version 20260509.0340.15; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Prototype pollution in the npm package parse-nested-form-data version 1.0.0 and earlier allows unauthenticated remote clients to mutate Object.prototype of the running Node.js process by submitting a FormData field whose name contains __proto__ in bracket or dot notation. The flaw resides in handlePathPart in src/index.ts, which walks nested path segments without filtering reserved keys, so a single crafted field name pollutes the prototype chain of every plain object in the process. No public exploit identified at time of analysis, but a working proof-of-concept is published in the GHSA advisory itself.
Prototype pollution in the npm package form-data-objectizer (<= 1.0.0) lets unauthenticated remote attackers mutate Object.prototype by submitting a single HTTP form field whose name uses bracket notation such as __proto__[polluted] or constructor[prototype][polluted]. The defect lives in treatInitial/treatSecond inside index.cjs, where an 'in' check walks the prototype chain and lets the parser write to inherited properties. CVSS is 8.2 (High) with Integrity:High; publicly available exploit code exists (working PoC published in the GHSA advisory), but there is no public exploit identified as being used in attacks and no CISA KEV listing.
Unauthenticated broadcast hijack in TinyIce versions 0.8.95 through 2.4.1 allows any network attacker reaching the HTTP port to inject arbitrary audio/video streams onto any mount via the WebRTC source-ingest endpoint. The POST /webrtc/source-offer handler omitted the source-password check that all other ingest paths (Icecast SOURCE/PUT, RTMP, SRT) enforce, letting attackers replace legitimate broadcasts with their own content. Publicly available exploit code exists in the form of a one-line curl probe published in the GHSA advisory, though no public exploit identified for sustained hijack at time of analysis.
Unauthenticated reflected XSS in Arcane Backend's logo endpoint enables full admin account takeover. The vulnerability allows attackers to inject JavaScript into an SVG image response by manipulating the color parameter, which executes in the application's origin when visited by authenticated users. Fixed in version 1.19.0.
Remote code execution in Caddy web server (versions 2.7.0 through 2.10.2) is possible when the FastCGI reverse proxy's splitPos() function mishandles non-ASCII bytes in request paths, causing non-PHP files to be routed to a FastCGI upstream like PHP-FPM as if they were scripts. Where an attacker can place file content (uploads, user-content stores, package mirrors), a single crafted URL containing Unicode lookalikes for '.php' or a non-ASCII byte after a dot yields unauthenticated RCE. Publicly available exploit code exists (detailed PoC in the GHSA advisory) and the issue inherits two bugs from FrankenPHP's adapted code; no public exploitation has been reported and EPSS data was not provided.
Cross-tenant credential fallback in n8n-mcp versions 2.51.1 and earlier allows an authenticated MCP tenant on a shared multi-tenant HTTP deployment to operate against the operator's own n8n instance instead of their assigned tenant. When ENABLE_MULTI_TENANT=true and a request omitted (or partially supplied) the x-n8n-url and x-n8n-key headers, n8n-mcp silently fell back to the process-level N8N_API_URL/N8N_API_KEY credentials, granting tenants unintended access to read/write workflows, executions, data-tables, and credential metadata. Patched in 2.51.2; no public exploit identified at time of analysis but the underlying logic is straightforward and the upstream fix commit is publicly visible.
Local privilege escalation to arbitrary code execution in MLflow versions prior to 3.11.0 stems from insecure temporary directory permissions (0o777 and 0o770) created by NFS and model-download helpers. Any local user sharing the filesystem - particularly on Databricks where NFS is enabled by default - can overwrite cloudpickle-serialized model artifacts and gain code execution when another user's process deserializes them via cloudpickle.load(). No public exploit is identified at time of analysis, and the issue is a continuation of CVE-2025-10279 which was only partially fixed.
Code injection vulnerability in the Command-Line Client of P4 Server (Helix Core) prior to version 2025.2 Patch 2 allows remote attackers to execute arbitrary code. The vulnerability requires user interaction but no authentication, with a CVSS 7.7 score indicating high impact across confidentiality, integrity, and availability. Perforce has released a patch in version 2025.2 Patch 2.
Information disclosure in Mattermost Calls plugin versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 exposes TURN server credentials through support packets. Administrators with support packet access can extract plaintext credentials from exported plugin configurations, potentially compromising the WebRTC infrastructure used for voice/video calls. The vulnerability requires high privileges (admin) but affects confidentiality across trust boundaries (CVSS Scope:Changed).
Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.
Regular expression denial-of-service (ReDoS) in HAPI FHIR's FHIRPathEngine allows remote unauthenticated attackers to exhaust CPU resources by submitting FHIR resources containing crafted FHIRPath expressions that invoke matches(), matchesFull(), or replaceMatches() with catastrophically backtracking regex patterns. Affected versions are org.hl7.fhir.* Maven artifacts at or below 6.9.6, with publicly available exploit code exists via the GitHub Security Advisory PoC (pattern (a+)+$ against a long string). CVSS 7.5 reflects high availability impact with no confidentiality or integrity loss; no public exploit identified in the wild and no CISA KEV listing.
Remote denial-of-service in OpenTelemetry eBPF Instrumentation (go.opentelemetry.io/obi) versions v0.1.0 through v0.8.0 allows unauthenticated attackers to crash the telemetry agent by sending malformed MongoDB wire protocol messages. The MongoDB TCP parser contains three uncaught panic conditions (two slice-bounds errors in parseOpMessage/parseSections, and an unchecked BSON type assertion in parseFirstField) that terminate telemetry collection for the affected process or node. Publicly available exploit code exists in the form of self-contained Go test reproductions published in the GHSA advisory.
Denial of service in OpenTelemetry eBPF Instrumentation (OBI) versions prior to 0.9.0 allows remote attackers to crash the telemetry agent by sending a malformed Postgres BIND frame with an empty or unterminated portal name payload to any monitored service. The defect lives in OBI's passive Postgres protocol parser, where missing NUL-terminator validation causes a Go slice-bounds panic, halting telemetry collection on the affected node. Publicly available exploit code exists in the GHSA-pgvv-q3wf-mm9m advisory, though the issue is not listed in CISA KEV and EPSS data was not provided.
Remote denial-of-service in OpenTelemetry eBPF Instrumentation (OBI) versions 0.7.0 through 0.8.x allows unauthenticated attackers to crash the privileged instrumentation process by sending a crafted memcached storage command with an oversized `<bytes>` field. The integer overflow in the memcached text protocol parser produces a negative payload length that triggers a Go runtime panic in LargeBufferReader.Peek, halting telemetry collection until OBI is restarted. Publicly available exploit code exists in the GHSA-43g7-cwr8-q3jh advisory, but there is no public exploit identified beyond the PoC and the vulnerability is not listed in CISA KEV.
Arbitrary file disclosure in HSC MailInspector v5.3.3-7 allows unauthenticated remote attackers to read sensitive files from the host via a path traversal flaw in the exposed /vendor/phpunit/phpunit.php endpoint. The CVSS 7.5 rating reflects high confidentiality impact with no required privileges or user interaction, though EPSS remains very low at 0.05% (15th percentile) and there is no public exploit identified at time of analysis. The exposure of a PHPUnit development artifact in a production path mirrors a long-standing class of PHP supply-chain misconfigurations.
Unauthenticated path traversal in HSC MailInspector 5.3.3-7 allows remote attackers to read arbitrary files from the underlying operating system by manipulating the 'text' parameter of the /tap/dw.php endpoint. Public exploit details are disclosed on GitHub (sql3t0/cve-disclosures), though EPSS probability remains low (0.05%) and the issue is not currently listed in CISA KEV. The flaw enables disclosure of sensitive system files such as configuration files, credentials, and mail-related data without prior authentication.
Heap-based buffer over-write in ImageMagick's IPL decoder (exposed through Magick.NET bindings) can be triggered when the library reads a multi-image stream whose frames have differing dimensions, leading to memory corruption and process crash. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H) signals an availability-only impact reachable without authentication, and no public exploit identified at time of analysis. Risk is amplified by how widely ImageMagick is embedded in image-processing pipelines that accept untrusted user uploads.
{1..10000000}` allocates roughly 505 MB and burns ~800 ms even when `max=10`, defeating the intended DoS protection. No public exploit identified at time of analysis and EPSS is very low (0.03%), but a vendor-released patch (5.0.6) and a GitHub Security Advisory (GHSA-jxxr-4gwj-5jf2) are available.
Local file disclosure in NiceGUI versions <= 3.11.1 allows remote unauthenticated attackers to read arbitrary files accessible to the server process when applications pass user-controlled content to ui.restructured_text(). The flaw stems from Docutils being invoked without disabling file-insertion directives (include, csv-table :file:, raw :file:), enabling exfiltration of secrets, credentials, and source code. No public exploit identified at time of analysis, but the vendor advisory provides full directive-level proof patterns.
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection. Since the surrounding connection teardown logic is not guaranteed to execute, each such invalid CONNECT attempt leaves the underlying socket open. Repeated attempts cause server-side resource exhaustion due to accumulating file descriptors and memory usage, potentially resulting in denial of service.
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components
Sensitive cookie disclosure in async-http-client (AHC) Java library allows remote attackers to harvest session cookies, CSRF tokens, and API keys by inducing an HTTP redirect across an origin or scheme-downgrade boundary. The Redirect30xInterceptor correctly strips Authorization and Proxy-Authorization headers when crossing security boundaries but fails to strip the Cookie header, leaking it to the redirect target. A proof-of-concept is published in the GHSA advisory; no public exploit identified at time of analysis in the wild and the issue is not in CISA KEV.
Remote code execution in Offline Hospital Management System 5.3.0 stems from an insecure Electron renderer configuration where Node.js integration is enabled while context isolation is disabled, allowing JavaScript in the renderer to invoke Node.js APIs and run arbitrary OS commands. The flaw carries a CVSS 7.3 with network attack vector and no privileges required, though EPSS is low at 0.06% and no public exploit identified at time of analysis beyond a Medium write-up describing the technique.
Local privilege code execution in jarrodwatts/claude-hud through version 0.0.12 on Windows allows authenticated local users to run arbitrary executables by setting the COMSPEC environment variable before the tool's version check, where execFile() launches whatever binary COMSPEC points to with cmd.exe-style arguments. The flaw is tracked as CWE-427 (Uncontrolled Search Path Element) and was reported by VulnCheck; no public exploit identified at time of analysis, but the upstream commit 234d9aa makes the fix mechanics straightforward to reverse-engineer.
Metric injection in the Perl module Net::Statsd::Lite through version 0.10.0 allows remote attackers to inject arbitrary StatsD metrics by smuggling control characters (CRLF) into metric names or values that the library forwards without sanitization. The flaw was disclosed on the oss-security mailing list on 2026-05-18 by maintainer Robert Rothenberg, and no public exploit identified at time of analysis; EPSS is very low (0.03%, 8th percentile), reflecting limited mass-exploitation interest in a niche telemetry library.
Server-Side Request Forgery in the Spring AI Community mcp-security framework (org.springaicommunity:mcp-client-security versions before 0.1.9) allows remote attackers to coerce the MCP client into issuing HTTP requests to attacker-chosen URLs, including internal network targets. The flaw resides in the OAuth2 Dynamic Client Registration (DCR) flow, which fetches metadata and authorization-server URLs without validating them against SSRF protections required by the MCP security specification. No public exploit identified at time of analysis, but a vendor-confirmed patch is available in version 0.1.9.
Symlink-based race condition in Docker Engine's `docker cp` implementation allows a malicious container with at least one volume mount to redirect a bind mount to an arbitrary host filesystem path, enabling host file overwrite or temporary denial of service. The flaw affects Moby/Docker through 28.5.2 and is fixed only in the Moby v2 line (2.0.0-beta.14); no public exploit identified at time of analysis. Exploitation requires an operator-initiated `docker cp` or archive API call against the malicious container, which constrains real-world abuse to environments where untrusted containers receive file copies.