Insecure deserialization in Significant-Gravitas AutoGPT platform versions 0.6.34 through 0.6.51 lets an attacker who can poison entries in the shared Redis cache achieve arbitrary command execution inside the backend container. The backend's read path invokes pickle.loads on cache bytes with no HMAC, signature, or schema gate, so any attacker-controlled value reaching that key becomes code on retrieval. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the vendor shipped a fix in autogpt-platform-beta-v0.6.52.
Stored cross-site scripting in Budibase self-hosted deployments (versions before 3.38.2) allows any authenticated user with Builder role - or any BASIC/POWER user with table WRITE permission - to upload SVG, HTML, or JavaScript files containing active content via the /api/attachments/process and /api/attachments/:tableId/upload endpoints. The files are stored in the configured object store (MinIO/S3) with their executable MIME types and served via signed URLs, so any end user viewing an attachment triggers script execution in their browser session. Publicly available exploit code exists (detailed PoC in the GHSA advisory); no public exploit identified in active campaigns at time of analysis.
Denial of service in Red Hat build of Keycloak allows remote unauthenticated attackers to exhaust CPU and worker threads by submitting specially crafted XML payloads to the SAML endpoint. The flaw renders the identity provider unavailable, disrupting authentication for all downstream applications relying on it. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sensitive token disclosure in Composer (PHP dependency manager) versions prior to 1.10.28, 2.2.28, and 2.9.8 causes GitHub Actions GITHUB_TOKEN values to be written verbatim to stderr/CI logs whenever the token contains characters outside Composer's hardcoded validation regex. The new GitHub Actions token format (ghs_<id>_<base64url-JWT>) includes hyphens, which fail Composer's `^[.A-Za-z0-9_]+$` check and trigger an UnexpectedValueException that interpolates the raw token into its message. No public exploit identified at time of analysis, but the leak triggers automatically without unusual configuration on any pipeline using common actions like shivammathur/setup-php that auto-register GITHUB_TOKEN into Composer's auth.json.
Unauthenticated disk-exhaustion denial of service in @libp2p/kad-dht (versions before 16.2.6) allows any remote peer to fill the datastore of a DHT server-mode node by streaming PUT_VALUE messages with crafted keys that bypass record validation. Affected deployments include IPFS nodes (kubo, Helia), libp2p bootstrap nodes, and any application exposing a public DHT endpoint with clientMode disabled. Publicly available exploit code exists as a mocha PoC checked in alongside the package test suite; no public exploit identified as actively used at time of analysis.
Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust server disk space by repeatedly invoking the download_agent_file endpoint, which creates temporary files that are never cleaned up. Once disk capacity is consumed, the backend database and dependent services fail with 'No space left on device' errors, taking the entire platform offline for all users. No public exploit identified at time of analysis, but the trivial nature of the attack (simple repeated HTTP requests) makes it readily reproducible.
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
Denial of service in SQLFluff parser (pip/sqlfluff) versions prior to 4.2.0 allows remote unauthenticated attackers to exhaust CPU and memory resources by submitting an excessively long or malicious SQL query for linting. The flaw affects any application that exposes the SQLFluff parser to untrusted input. No public exploit identified at time of analysis, but the issue was responsibly reported by Imperva Threat Research.
Denial of service in SQLFluff (Python SQL linter/parser) below version 4.1.0 allows remote attackers to exhaust server resources by submitting SQL queries with deliberately excessive nesting, triggering uncontrolled recursion in the parser. The flaw (CWE-674) affects any application that accepts untrusted SQL input for linting and carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H); no public exploit identified at time of analysis and EPSS data was not provided.
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.
Session fixation in Keycloak's login-actions endpoints allows remote attackers to hijack authenticated sessions and take over accounts, including highly privileged administrative ones. Exploitation requires the victim to click an attacker-crafted link, after which an existing SSO session causes transparent authentication into the attacker-controlled flow. No public exploit identified at time of analysis, but Red Hat has confirmed the flaw in Red Hat Build of Keycloak.
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151.
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Information disclosure in Mozilla Firefox's WebGPU graphics component allows remote attackers to access sensitive in-memory data from browser sessions via crafted web content rendered through the WebGPU API. The flaw affects Firefox versions prior to 151 and has been addressed by Mozilla in advisories MFSA2026-46 and MFSA2026-50. There is no public exploit identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low likelihood of near-term mass exploitation.
Information disclosure in Mozilla Firefox versions prior to 151 affects the IP Protection component, allowing remote unauthenticated attackers to obtain sensitive information over the network without user interaction. The flaw carries a CVSS score of 7.5 driven entirely by confidentiality impact (C:H/I:N/A:N), and while no public exploit is identified at time of analysis, the very low EPSS score of 0.02% (4th percentile) suggests minimal active exploitation interest. Mozilla addressed the issue in Firefox 151 via security advisories MFSA2026-46 and MFSA2026-50.
Information disclosure in Mozilla Firefox prior to version 151 allows remote attackers to leak sensitive data through a flaw in the DOM: Security component, exploitable without authentication or user interaction. The CVSS 7.5 rating reflects high confidentiality impact via network vector, though EPSS scoring at 0.02% (4th percentile) indicates very low predicted exploitation probability and no public exploit identified at time of analysis.
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Denial of service in Square Wire protobuf library (com.squareup.wire:wire-runtime before 6.3.0) allows remote unauthenticated attackers to crash any service that decodes untrusted protobuf payloads by sending a 10-byte crafted message. The flaw stems from missing negative-length validation in skipGroup(), causing an unchecked ArrayIndexOutOfBoundsException to escape Wire's documented IOException boundary. No public exploit identified at time of analysis, though the GitHub advisory includes a full reproduction payload and Java PoC code.
Arbitrary file read and deletion in the Kirki - Freeform Page Builder plugin for WordPress (versions through 6.0.6) allows unauthenticated remote attackers to read and delete files within the WordPress uploads base directory by abusing the 'downloadZIP' function. The flaw stems from insufficient path validation and a missing capability check, and was reported by Wordfence; no public exploit identified at time of analysis.
Heap buffer overflow in Kitty terminal versions 0.46.2 and below allows any process able to write to the terminal's standard input to crash the application and potentially achieve remote code execution. The flaw lives in load_image_data() and is triggered by a single APC graphics protocol command declaring PNG format (f=100) with a payload exceeding twice the initial buffer capacity, giving the attacker control over both overflow length and content. No public exploit identified at time of analysis, but the vulnerability has been fixed upstream in version 0.47.0.
Unauthenticated remote denial-of-service in Mailpit versions prior to 1.30.0 allows network-reachable attackers to exhaust memory and disk by submitting arbitrarily large messages through the SMTP listener on port 1025 or the HTTP /api/v1/send endpoint on port 8025. The Server.MaxSize field exists but is never populated in production code, and the JSON decoder lacks http.MaxBytesReader, so a single connection delivering a 100 MiB DATA payload inflates RSS roughly tenfold (≈25 MiB → ≈1 GiB), and concurrent connections drive the process to OOM-kill. Publicly available exploit code exists (working SMTP and HTTP PoCs are included in the GHSA advisory), though no CISA KEV listing or EPSS score was supplied with this input.
Information disclosure in Algernon web server versions 1.17.6 and earlier allows unauthenticated remote attackers to retrieve full server-side source code, including embedded secrets, by triggering runtime errors in Lua, Pongo2, Amber, or HTML template handlers. When Algernon is started with a single file path (e.g. `algernon page.po2`), single-file mode unconditionally forces debug mode on, activating the PrettyError renderer which returns absolute file paths and complete file contents in HTTP 200 responses. Crucially, the `--prod` hardening flag does not block this behavior for non-`.lua` extensions, and publicly available exploit code exists in the GHSA advisory.
Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
SQL injection in the Contest Gallery WordPress plugin (versions through 28.1.6) allows unauthenticated remote attackers to extract sensitive database contents by abusing the 'form_input' parameter handled by the 'post_cg_gallery_form_upload' AJAX action. The endpoint is gated only by a public nonce that is exposed in the page source of any public gallery page, effectively offering no protection against external attackers. No public exploit identified at time of analysis, but the issue was disclosed by Wordfence and affects a publicly reachable PHP endpoint.
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and Supplemental Restoration System (SRS) related ECUs.
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.
Stored XSS in Argo CD allows developer-role users to inject javascript: URIs via link.argocd.argoproj.io/* annotations, which render unvalidated in the Application Summary tab's URLs section. When an admin clicks the disguised link, arbitrary JavaScript executes in the ArgoCD same-origin context with the victim's session, enabling API exfiltration and developer-to-admin privilege escalation. No public exploit identified at time of analysis beyond the detailed vendor PoC, and the issue is not currently listed in CISA KEV.
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
Authorization bypass in Innoshop 0.6.0 allows authenticated frontend users to directly invoke backend administrative interfaces, enabling privileged operations outside their intended scope. The CVSS 7.3 score reflects low-impact gains across confidentiality, integrity, and availability achievable without prior authentication to the admin panel. No public exploit identified at time of analysis, and EPSS estimates exploitation probability at just 0.02% (5th percentile), indicating minimal observed attacker interest so far.
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Local privilege escalation in OPPO's O+ Connect application stems from missing caller identity validation on a named pipe interface (CWE-266), allowing a low-privileged local user with user interaction to escalate to higher privileges with high availability impact and scope change. The CVSS 3.1 score is 7.3 and the issue was reported by OPPO itself; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Local privilege escalation in Mullvad VPN for macOS versions 2026.1 and earlier allows a user in the admin group to gain root code execution during installation or upgrade. The installer's preinstall script executes binaries from /Applications/Mullvad VPN.app without verifying the bundle's integrity, enabling an admin-group attacker to pre-stage a malicious app bundle that runs as root. No public exploit identified at time of analysis, and the flaw is only triggerable when an installer is run, not on already-installed systems.
An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.
Remote code execution in the TYPO3 Crawler extension occurs when the X-T3Crawler-Meta response header from a crawled URL is passed unchecked to PHP's unserialize(), enabling arbitrary PHP object injection. Exploitation requires a high-privileged administrator to configure a crawler-enabled page and a Scheduler task pointing at an attacker-controlled endpoint, so while impact is full RCE on the TYPO3 host, it is gated by an unusual combination of admin access, user interaction, and externally reachable malicious URLs. No public exploit identified at time of analysis and no CISA KEV listing.
Denial of service in Sparx Systems Pro Cloud Server 6.1 (build 167) and earlier allows authenticated remote attackers to crash the service by submitting a specially crafted SQL query that the server fails to parse safely. The flaw, reported by CERT-PL, results in unexpected termination of the Pro Cloud Server process, and no public exploit identified at time of analysis. The vendor did not respond to disclosure, so the full vulnerable version range remains unconfirmed.
Server-Side Request Forgery in HAXcms (versions <= 25.0.0 of @haxtheweb/haxcms-nodejs, with PoC against v11.0.6) allows authenticated low-privileged users to coerce the server into fetching arbitrary URLs or local file paths via the createSite endpoint's build.files parameter, with responses written to a web-accessible directory. This produces arbitrary file read, internal network reconnaissance, and cloud metadata credential theft. Publicly available exploit code exists in the GHSA advisory, though no CISA KEV listing is present.
Heap buffer overflow in libheif versions 1.21.2 and below allows remote attackers to corrupt memory via a maliciously crafted HEIF file containing a mask image (mski) box. The flaw resides in MaskImageCodec::decode_mask_image(), where an attacker-controlled iloc extent length is memcpy'd into an undersized pixel buffer with no upper-bound validation, yielding heap corruption when a user opens the file. No public exploit identified at time of analysis, but the vulnerability is straightforward to trigger because the vulnerable branch is reachable under default library security limits.
Heap buffer over-read in libheif versions 1.21.2 and prior allows remote attackers to crash applications or potentially leak adjacent heap memory by supplying a crafted HEIF/AVIF file with an overlay image (iovl) whose alpha channel bit depth differs from its color channels. The flaw in HeifPixelImage::overlay() uses the color channel stride to index into the alpha plane, reading up to 3,123 bytes beyond the alpha buffer for a 100×50 image with 10-bit color and 8-bit alpha. No public exploit identified at time of analysis, and the issue is fixed in version 1.22.0.
Implicit flow bypass in Red Hat Build of Keycloak allows a low-privileged authenticated user who already knows another user's credentials and a client ID to obtain OIDC access tokens from clients where the implicit flow was explicitly disabled. Beyond the unauthorized token issuance, the resulting tokens can be written to server logs, proxy logs, and HTTP Referer headers, broadening the disclosure surface. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Information disclosure in FileBrowser Quantum (gtsteffaniak/filebrowser) allows unauthenticated users to view sensitive share information including source paths through the anonymous user account. The flaw stems from default user settings being applied to the anonymous user, exposing source and path data that should remain restricted. No public exploit identified at time of analysis, but a patched version (v1.4.1) has been released by the upstream maintainer.