Remote denial of service in Gotenberg v8.10.0 through v8.32.0 allows unauthenticated attackers to crash the process by sending a single multipart request with multiple downloadFrom entries that trigger concurrent writes to unsynchronized Go maps. Because the default deployment enables downloadFrom and disables authentication, any internet-exposed instance can be terminated remotely without credentials, and publicly available exploit code exists in the upstream GitHub Security Advisory GHSA-vp73-vjw8-8f32. No public exploit identified in CISA KEV at time of analysis, but the PoC is fully reproducible and the fix is shipped in v8.33.0.
SSRF deny-list bypass in Gotenberg v8 (<= 8.32.0) allows unauthenticated remote attackers to reach internal cloud metadata services (e.g., AWS/GCP/Azure IMDS at 169.254.169.254) by serving a crafted DNS AAAA record containing IPv6 6to4, NAT64, or deprecated site-local prefixes that the IsPublicIP allow-list fails to recognize. Publicly available exploit code exists via the GitHub Security Advisory PoC, and the Chromium URL-convert route returns the upstream response as a PDF, yielding a full-read SSRF that can leak IAM credentials. No vendor-released patch identified at time of analysis (advisory lists no fixed version).
Token leakage in GitHub CLI versions through 2.92.0 causes authentication tokens to be transmitted to unintended hosts when users run gh attestation, gh release verify, or gh release verify-asset commands. The flawed host normalization collapses *.github.com subdomains to github.com, leaking github.com tokens to tuf-repo.github.com (a GitHub Pages domain), while GH_ENTERPRISE_TOKEN values leak to external hosts tuf-repo-cdn.sigstore.dev and tmaproduction.blob.core.windows.net. No public exploit identified at time of analysis, and the vendor (GitHub) reports no evidence that tokens were captured or misused.
Remote code execution in Falco Solutions PHPageBuilder v0.31.0 is possible through an unrestricted file upload flaw in the pagemanager/pagebuilder module, enabling unauthenticated remote attackers to upload arbitrary executable files (typically PHP webshells) and run code on the underlying web server. Publicly available exploit code exists in a dedicated GitHub repository, though EPSS scoring (0.06%, 18th percentile) and SSVC indicate no observed in-the-wild exploitation despite the attack being fully automatable.
Local privilege escalation in ASUS System Control Interface allows an authenticated low-privileged user to gain SYSTEM-level code execution by issuing a crafted RPC call that bypasses the component's validation logic. The flaw stems from incorrect permission assignment (CWE-732) on a critical resource exposed over RPC, and no public exploit identified at time of analysis. CVSS 4.0 scores it 7.3 with high attack complexity, indicating exploitation is non-trivial but yields full host compromise.
Local privilege escalation in ASUS Armoury Crate allows an authenticated low-privileged user to bypass driver validation and gain unauthorized read/write access to physical memory. The flaw stems from incorrect permission assignment (CWE-732) on a critical resource exposed by the application's kernel driver, enabling memory tampering that can be leveraged for full system compromise. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Authenticated remote code execution in Emlog Pro v2.6.9 stems from a path traversal flaw in the template upload feature that lets administrators write arbitrary PHP files outside the intended template directory. Attackers leverage crafted ZIP archives containing '../' sequences in member filenames to overwrite default template files or drop new PHP payloads inside the active template, yielding code execution under the web server account. No public exploit identified at time of analysis, but a vulnerability report repository on GitHub demonstrates the issue.
Stored cross-site scripting in the Link Whisper Free WordPress plugin (versions through 0.9.0) allows unauthenticated remote attackers to inject persistent JavaScript via the user_id parameter, which executes in the browser of any user who visits an affected page. The flaw stems from insufficient input sanitization and output escaping in the plugin's settings handler, and no public exploit identified at time of analysis. With a CVSS 7.2 score reflecting Scope:Changed impact, the bug is notable because exploitation requires no authentication despite affecting an administrative-adjacent plugin component.
Authorization bypass in BankPro E-Service Technology's Service Center application allows authenticated remote attackers to read other users' electronic commerce order details by tampering with an object identifier parameter in a query function. The CVSS 4.0 vector (AV:N/PR:L/VC:H) reflects a high-confidentiality impact over the network with low privileges and no user interaction, and there is no public exploit identified at time of analysis. The flaw is an Insecure Direct Object Reference (IDOR) reported by TWCERT, affecting financial/EC order data that is typically subject to privacy and PCI-DSS scrutiny.
Authenticated SQL injection in Mautic's API contact filtering allows API users to execute arbitrary SQL by abusing insufficient recursive sanitization of nested query parameters. The flaw (CWE-89) yields full read access to database contents and partial availability impact, but requires valid API credentials (PR:L). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authorization bypass in Mautic 7 API v2 endpoints allows authenticated low-privilege users to read or modify records owned by other users, undermining role-based ownership scopes such as viewown and editown. The flaw was reported by Mautic and disclosed via GHSA-2jrw-c95w-h43g; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Wallet balance forgery in WWBN AVideo 29.0 and earlier allows any authenticated user to credit their own wallet with arbitrary funds by abusing an unfinished AuthorizeNet payment handler. The plugin/AuthorizeNet/processPayment.json.php endpoint hardcodes payment success and calls YPTWallet::addBalance() using an attacker-supplied amount with no validation of the underlying Authorize.Net transaction. No public exploit has been identified at time of analysis, but the flaw is trivially reproducible from a logged-in account.
Reflected cross-site scripting in JetBrains TeamCity before version 2026.1.1 allows remote attackers to execute arbitrary JavaScript in a victim's browser session by tricking them into clicking a crafted URL targeting the keyword filter parameter. The flaw was reported by JetBrains and carries a CVSS 7.1 due to the high confidentiality impact possible against authenticated CI/CD users; no public exploit identified at time of analysis.
Remote code execution in JetBrains TeamCity versions prior to 2026.1 is achievable by authenticated users who can configure Perforce connection settings on a build project. The flaw, classified as CWE-88 (argument injection), allows attackers with project configuration privileges to inject arguments through Perforce VCS root parameters, leading to command execution on the TeamCity server. No public exploit identified at time of analysis, and the EPSS/KEV signals were not provided in the source intelligence.
Union-based SQL injection in eZ Publish Legacy's dfscleanup.php script allows a local authenticated attacker with sufficient privileges to extract sensitive data, including user credentials, from the underlying MySQL database. The flaw resides in the `_getFileList` function of the `eZDFSFileHandlerMySQLiBackend` class and is permanently unpatched because all branches of the project have reached end of life. No public exploit identified at time of analysis, though a detailed researcher write-up exists on GitHub.
Prototype-pollution gadget in Axios (npm) before 1.15.2 and 0.31.1 allows an attacker who has already polluted Object.prototype.transformResponse in the same JavaScript process to hijack response handling, exfiltrate request config (URL, headers, auth credentials), and tamper with returned data. The flaw lives in mergeConfig() and transformData(), which read config via prototype-chain lookups, so any helper library prototype pollution becomes a credential-theft and DoS primitive for every Axios request. No public exploit identified at time of analysis beyond the advisory's PoC, and the issue is not in CISA KEV.
Server-side request forgery in MoviePilot v2's image proxy endpoint (/api/v1/system/img-proxy) allows authenticated attackers holding a valid resource_token cookie to coerce the server into fetching arbitrary internal URLs. The flaw stems from SecurityUtils.is_safe_url performing domain-membership checks without blocking private, loopback, or link-local IPs, letting attackers enumerate co-hosted media services such as Jellyfin, Emby, and Plex and exfiltrate internal data. No public exploit identified at time of analysis, though the upstream patch and vendor-published advisory clearly document the attack path.
Arbitrary file write in PraisonAI <= 4.6.39 enables remote attackers to plant attacker-controlled files at arbitrary filesystem paths when a victim uses the Python API to crawl attacker-hosted web content. The flaw stems from write_file.py skipping path validation whenever workspace=None, which is the default state in production, and is triggered indirectly via hidden HTML metadata that PraisonAI agents interpret as legitimate instructions. No public exploit identified at time of analysis beyond the detailed PoC included in the GitHub Security Advisory (GHSA-hvhp-v2gc-268q).
Unauthenticated arbitrary file read in PraisonAI's MCP server (pip/PraisonAI <= 4.6.39) allows remote callers to retrieve any file readable by the host user via the praisonai.workflow.show, praisonai.workflow.validate, and praisonai.deploy.validate tool handlers. The flaw is an incomplete fix for CVE-2026-44336: a hardening helper was applied to the rules.* tools but not to these adjacent workflow/deploy handlers, and the dispatcher still forwards unvalidated kwargs to handlers. Publicly available exploit code exists (working proof-of-concept in the advisory); no public exploit identified at time of analysis as a packaged exploit, but the advisory itself ships a runnable PoC.
Remote code execution in the ouroboros-ai Python package (versions prior to 0.39.0) allows attackers to execute arbitrary code on a developer's machine when the victim clones a malicious repository and runs any Ouroboros command from that directory. The CLI loads a project-local `.env` file and previously honored execution-affecting variables such as `OUROBOROS_CLI_PATH` and `OPENCODE_CLI_PATH`, letting an attacker redirect adapter execution to a script shipped in the repo. No public exploit identified at time of analysis, but the PR diff illustrates the exact technique and the attack requires only standard developer workflow actions.
Server-side request forgery in CC-Tweaked (a Minecraft mod providing in-game programmable computers via Lua) allows any player able to run Lua code to bypass the mod's HTTP private-network filter by addressing internal IPv4 services through NAT64 well-known prefix addresses (64:ff9b::/96). On cloud-hosted Minecraft servers using IPv6-only subnets with NAT64 routing (the default outbound-IPv4 path on AWS and GCP), this exposes other VPC instances, internal databases, and cloud metadata/management APIs. Publicly available exploit code exists via the GitHub Security Advisory PoC; no public exploit identified at time of analysis as being used in the wild and the issue is not listed in CISA KEV.
Multiple input-validation and outbound-channel hardening defects in AgenticMail (npm @agenticmail/api ≤ 0.9.31 and @agenticmail/core ≤ 0.9.9) allow tenants to bypass storage ownership checks via raw SQL, reach cross-agent metadata, and cause the MailSender to transmit credentials over channels lacking certificate verification or with attacker-controlled SMTP headers. Tagged as information disclosure, the issue class is CWE-20 (improper input validation); no public exploit code has been identified at time of analysis and the vendor explicitly withheld the security patch branch from public release per their SECURITY.md, so weaponization risk is currently limited despite confirmed code-level fixes. Real-world impact is highest for multi-tenant AgenticMail deployments handling agent-owned mailboxes and outbound relay secrets.