HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authenticated administrator access on the Danelec MacGregor Voyage Data Recorder (VDR) G4E web interface permits direct editing of sensitive authentication files, including the ability to overwrite the root password. The CVSS vector (AV:A/AC:L/PR:H/UI:N) confirms exploitation requires both adjacent network positioning and existing high-privilege credentials, meaning this is not a remotely exploitable unauthenticated attack path. Reported by ICS-CERT under advisory ICSA-26-148-01 as a maritime OT device concern, no public exploit code and no CISA KEV listing have been identified at time of analysis.
Backup download functionality in the Danelec MacGregor Voyage Data Recorder G4E exposes account credentials and password hashes to any authenticated low-privileged user. An attacker with a valid low-privilege account operating on the same adjacent network segment - typically the onboard vessel LAN - can retrieve a device backup file containing credential material, enabling offline password cracking and potential privilege escalation. No public exploit identified at time of analysis, but the maritime OT context and CISA ICS advisory issuance (ICSA-26-148-01) underscore relevance to vessel operational security.
Weak password storage in the Danelec MacGregor VDR G4E exposes credentials to offline brute-force attack: the hashing algorithm in use both caps maximum password length and provides insufficient computational cost, meaning recovered hashes can be cracked with modest effort. An adjacent-network attacker holding low-privilege access who obtains the stored hashes can recover plaintext credentials and authenticate with elevated privileges to this safety-critical maritime recording system. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV, but the vulnerability affects all known versions of the G4E and is confirmed by CISA ICS advisory ICSA-26-148-01.
Schema metadata disclosure in Parse Server's GraphQL endpoint allows unauthenticated callers to iteratively reconstruct the full application schema - including class names, field names, argument names, mutation names, and input-object fields - by exploiting 'Did you mean ...?' suggestions embedded in GraphQL validation-error messages. This affects all deployments with the GraphQL API mounted, bypasses the existing IntrospectionControlPlugin (the default schema-hiding control), and directly defeats the security goals of prior advisories GHSA-48q3-prgv-gm4w and GHSA-q5q9-2rhp-33qw. No public exploit or CISA KEV listing has been identified at time of analysis; however, the unauthenticated, low-effort nature of the enumeration technique and the reconnaissance value of schema intelligence make this a meaningful risk for deployments that rely on schema opacity as a defense layer.
Host process data leakage in vm2 (npm/vm2 <= 3.11.3) allows untrusted JavaScript executing inside a NodeVM sandbox to read sensitive host-process state - including HTTP Authorization headers, session tokens, and AsyncLocalStorage request context - by requiring process-wide observability builtins that were incorrectly absent from the DANGEROUS_BUILTINS denylist. The affected modules (diagnostics_channel, async_hooks, perf_hooks) are Node.js process-wide singletons, not sandbox-local constructs, so granting sandbox access to them exposes all host process data flowing through those channels. A publicly available exploit code exists confirming extraction of Bearer tokens and x-session-token headers from live host HTTP requests; this is not confirmed actively exploited (not in CISA KEV).
Webhook signature verification is silently skipped in Symfony's Twilio Notifier bridge across symfony/symfony 6.4.x through 8.0.x and symfony/twilio-notifier, even when a signing secret is explicitly configured. TwilioRequestParser::doParse() accepts a secret parameter but contains no code that reads or uses it, meaning every inbound POST to the webhook endpoint is accepted unconditionally regardless of whether the X-Twilio-Signature HMAC header is present or valid. An attacker who can reach the endpoint URL can inject arbitrary forged Twilio status callbacks - fake delivered, failed, or undelivered events - to corrupt delivery metrics or trigger downstream automation. No public exploit code identified at time of analysis; vendor-released patches are available in 6.4.40, 7.4.12, and 8.0.12.
Server-side request forgery in Shibby Tomato 1.28 allows unauthenticated remote attackers to force the router to issue arbitrary HTTP requests via a crafted UPnP SUBSCRIBE callback URL processed by the miniupnpd daemon's send() function. The affected firmware is end-of-life with no vendor patch forthcoming; the project has been superseded by FreshTomato. No public exploit code or CISA KEV listing has been identified at time of analysis, but the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms the attack is remotely exploitable without authentication or special conditions on reachable devices.
Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file names under arbitrary filesystem paths on the host. The vulnerability stems from CWE-36 (Absolute Path Traversal) and is exploitable over the network without any credentials or user interaction, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). Confidentiality impact is limited to file name disclosure rather than full file content retrieval, per the VC:L scoring. No public exploit code or CISA KEV listing has been identified at time of analysis.
Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundaries and download arbitrary system files. The vulnerability stems from insufficient path normalization in a file download or retrieval function, enabling exfiltration of sensitive system content without modifying or disrupting the target. No public exploit code has been identified at time of analysis, and the requirement for high privileges (PR:H per CVSS 4.0) materially limits the attacker pool.
Timeout enforcement in BoxLite sandbox service fails to kill processes because the implementation sends the catchable SIGALRM signal (signal 14) instead of the uncatchable SIGKILL signal (signal 9) in guest/src/service/exec/timeout.rs. All BoxLite versions up to and including 0.8.2 (pip/boxlite) are affected. A low-privileged attacker who can submit workloads to the BoxLite API can register a SIGALRM handler or set it to SIG_IGN with a single call, surviving past any configured execution timeout and exhausting VM resources to degrade availability for all BoxLite users. Publicly available exploit code exists in GitHub advisory GHSA-xjhv-pp2r-6f82; no patch has been released as of time of analysis.
Server-side request forgery in Red Hat OpenShift Container Platform 4's Router component allows authenticated users with EndpointSlice write permissions to coerce the router into proxying requests to cloud provider instance metadata endpoints (e.g., 169.254.169.254), exposing instance credentials and sensitive metadata. The flaw bypasses prior IP-address-based validation by abusing FQDN-backed EndpointSlices that resolve to metadata services. No public exploit identified at time of analysis, and the issue is not present on CISA KEV.
Improper access control in JetBrains YouTrack before 2026.1.13570 permits any authenticated low-privileged user to enumerate restricted issues and articles through the Planning Canvas feature, exposing confidential project data they are not authorized to view. Rooted in CWE-639 (Authorization Bypass Through User-Controlled Key), the flaw allows user-controlled identifiers to bypass access restrictions without proper authorization checks. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis.
Credential exposure in JetBrains TeamCity before version 2026.1 allows authenticated remote attackers to retrieve sensitive secrets via JVM thread name inspection. The root cause (CWE-522 - Insufficiently Protected Credentials) is TeamCity embedding credential values directly into thread names, which surfaces in thread dumps, monitoring interfaces, and diagnostic tooling accessible to low-privileged users. No public exploit code has been identified and this vulnerability is absent from the CISA KEV catalog, but the high confidentiality impact (CVSS C:H) makes it a significant credential theft vector in enterprise CI/CD environments where TeamCity routinely holds access tokens to source repositories, cloud infrastructure, and deployment targets.
Insufficient username validation in the SAML plugin of JetBrains TeamCity before 2026.1 allows unauthenticated remote attackers to bypass authentication controls and gain unauthorized access to CI/CD resources. The flaw (CWE-863, Incorrect Authorization) permits manipulation of the username field within SAML assertions, potentially enabling impersonation of legitimate users and unauthorized read/write access to build configurations and pipeline data. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.
Improper access control in JetBrains YouTrack before version 2026.1.13570 permits any low-privileged authenticated user to modify service accounts, an administrative operation that should be restricted to privileged roles. Rooted in CWE-862 (Missing Authorization), the flaw is exploitable over the network with low complexity, requiring no user interaction - meaning any valid account holder on an exposed instance can tamper with service account configurations. No public exploit or CISA KEV listing has been identified at time of analysis, but the integrity impact is rated high given the sensitivity of service account access in YouTrack deployments.
{workspace_id}/issues/{issue_id}/activity endpoint validates workspace membership but passes issue_id directly to an unscoped database query, returning actor identities, action types, and before/after field values from the details JSON blob for any issue UUID reachable by the attacker. No public exploit has been identified at time of analysis, but the vulnerability is source-inspection-verified via the GHSA-27p4-pjqv-whgj advisory.
Permanent inventory field deletion in Admidio (composer/admidio/admidio <= 5.0.9) is reachable by any authenticated low-privilege user due to a missing authorization gate in the `field_delete` mode of `modules/inventory.php`. Deleting a field cascades to all stored item data (`adm_inventory_item_data`) and field options (`adm_inventory_field_options`) for that field with no in-product undo path - recovery requires a database restore. This is an incomplete fix: commit d37ca6b (2026-04-12) added `isAdministratorInventory()` to the sibling `item_delete` handler but left `field_delete` and at least five other state-changing handlers ungated. A working proof-of-concept is published in the GitHub advisory; no public exploit frameworks or CISA KEV listing have been identified at time of analysis.
Cross-folder file rename and description tampering in Admidio's document management module allows any authenticated uploader to modify files in folders they cannot write to. The vulnerability affects Admidio <= 5.0.9 (composer package admidio/admidio): a low-privilege user holding upload rights on a single folder can rename files and overwrite descriptions in any other folder they can view, breaking integrity for all readers of those folders. Publicly available exploit code exists per the GitHub Security Advisory; no KEV listing at time of analysis.
Broken access control in Admidio's `modules/categories.php` allows any authenticated module-administrator to permanently delete, reorder, or rename category records belonging to modules they do not administer. An Announcements administrator, for example, can destroy Role categories, Event calendars, or Profile-field categories by supplying a foreign category UUID while passing their own authorized module type as the `type` GET parameter, bypassing a per-record authorization check that is permanently dead code. A detailed working proof-of-concept is publicly available, demonstrated on a fresh Admidio install; no public exploit identified at time of analysis as CISA KEV-confirmed active exploitation, but the CVSS 6.5 (PR:L, I:H) reflects real data-destruction risk in any Admidio deployment that delegates module-admin rights to non-superadmin users.
Cross-folder unauthorized file deletion in Admidio v5.0.9 allows any authenticated member with upload rights on a single folder to permanently destroy files stored in folders where they hold only view access. The vulnerability stems from a broken authorization boundary in modules/documents-files.php: the top-level upload-right check trusts an attacker-supplied folder_uuid URL parameter rather than the target file's actual parent folder, while the file_delete handler performs only a view-right check. This is confirmed as an incomplete fix of GHSA-rmpj-3x5m-9m5f (previously addressed in v5.0.7 but reintroduced by v5.0.9). A fully functional public proof-of-concept with step-by-step curl commands has been confirmed against a Docker deployment of v5.0.9; no public exploit identified at time of analysis as a weaponized tool, but the PoC lowers exploitation barrier significantly.
Memory exhaustion in python-zeroconf's DNSCache component allows any unauthenticated host on the same Layer-2 segment to OOM-kill or severely degrade processes that consume mDNS/DNS-SD services (CVSS 6.5, AV:A/PR:N). The DNSCache._async_add method imposed no upper bound on cache entries, permitting a local-link attacker to multicast valid mDNS responses with unique names that accumulate across all four internal data structures faster than the 10-second cleanup interval can purge them. A second distinct variant exploits TTL re-advertisement to bloat the internal _expire_heap independently of the cache entry counter, providing a second unbounded growth path that bypasses any entry-count monitoring. No public exploit is identified at time of analysis; a vendor-released patch is available as of zeroconf 0.149.6 or 0.149.7 (minor version discrepancy between sources - see confidence notes).
Memory exhaustion in python-zeroconf's exception deduplication logic allows any unauthenticated LAN-adjacent host to permanently pin approximately 9 KB of heap memory per unique malformed mDNS packet, enabling denial of service against zeroconf-dependent applications. The flaw affects all versions of the pip package `zeroconf` prior to 0.149.6; the unbounded `_seen_logs` dict in `QuietLogger` and `DNSIncoming._log_exception_debug` retained full Python traceback objects - and thus raw inbound packet buffers - keyed by attacker-influenced exception strings derived from ephemeral source ports, byte offsets, and pointer links. No public exploit or CISA KEV listing exists at time of analysis, but the attack is mechanistically straightforward and particularly severe on memory-constrained deployments such as Home Assistant on Raspberry Pi-class hardware, where sustained flood traffic can OOM-kill the process and disable HomeKit, Chromecast/Matter, and AirPlay discovery.
Uncontrolled recursion in python-zeroconf's mDNS DNS name decoder (versions < 0.149.5) allows any unauthenticated host on the local link to crash or degrade the mDNS listener with a single ~3 kB packet. The `_decode_labels_at_offset` method recurses once per DNS compression pointer (RFC 1035 §4.1.4) with no cap on unique forward-pointer chain depth; a packet carrying ~1500 chained pointers overflows CPython's default call stack, and because `RecursionError` was omitted from `DECODE_EXCEPTIONS`, the exception escaped `DNSIncoming.__init__` rather than being handled gracefully. Replaying at a few hertz produces sustained CPU burn, log flooding, and degradation of all mDNS-dependent services (HomeKit, Chromecast/Matter, AirPlay, network printers); no public exploit identified at time of analysis, but the attack is trivially constructible from the published advisory and test fixture in PR #1719.
Privilege escalation in shopperlabs/shopper prior to 2.8.0 allows any authenticated admin panel user - regardless of assigned role - to mutate pricing, inventory, SEO metadata, shipping dimensions, and attached media for any product by exploiting missing authorization on Livewire sub-form component store() methods. Because the product ID was accepted as an unlocked public Livewire property, attackers could additionally target arbitrary products by tampering with the wire payload from the client side, not just products they otherwise interact with. No active exploitation confirmed (not in CISA KEV), and no standalone POC code has been published, though the remediation PR diff is publicly available.
Missing authorization enforcement in the Shopper headless e-commerce admin panel (all versions prior to 2.8.0) allows any authenticated low-privilege panel user to disable payment methods, alter the default currency, or disable carriers - actions that should be restricted by per-action permissions. The business impact is severe: a malicious or compromised low-privilege account can cause a complete denial of checkout and undermine pricing integrity across the store. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
SQL Injection in Bolt CMS through version 3.7.0 exposes sensitive database contents to any authenticated low-privilege user via the unsanitized 'order' parameter on content listing pages. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms network-exploitable, low-complexity access requiring only a low-privileged account, with full confidentiality impact but no integrity or availability impact - placing this squarely in the data-exfiltration threat category. No public exploit confirmed at time of analysis, and no vendor-released patch has been identified from available data.
Blind SSRF in Nezha Dashboard (v0.20.0-v2.0.9) allows any low-privileged authenticated user to force the dashboard process to issue arbitrary HTTP requests to loopback and internal network addresses by configuring a malicious DDNS webhook profile. The attacker fully controls the request method, URL, headers, and body, enabling probing or manipulation of internal services that trust the dashboard host's network position. A publicly available proof-of-concept confirms full pipeline exploitation against a loopback listener; no public exploit identified at time of analysis in CISA KEV.
Server-Side Request Forgery in Mautic's Focus component enables authenticated low-privileged users to coerce the hosting server into issuing arbitrary outbound HTTP requests to internal or external destinations. The CVSS scope change (S:C) confirms the vulnerability crosses the application boundary, making internal network reconnaissance viable from a standard marketing platform user account. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis, but the authenticated-yet-low-privilege requirement and changed scope make this a meaningful lateral movement enabler in enterprise Mautic deployments.
Stored Cross-Site Scripting in The Plus Addons for Elementor WordPress plugin (versions up to and including 6.4.15) allows authenticated contributor-level attackers to persistently inject malicious scripts via the carousel_direction parameter of the Carousel Anything widget. The root cause is an unquoted HTML attribute context in the render() function where esc_attr() is applied but insufficient - attribute injection is still possible by appending space-separated event handlers to the bare dir= attribute. Injected payloads persist in the database and execute in any visiting user's browser, including administrators, enabling session hijacking or privilege escalation; no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Stored Cross-Site Scripting in the Simple Divi Shortcode WordPress plugin (versions up to and including 1.2) allows authenticated attackers with contributor-level access to permanently embed arbitrary JavaScript into WordPress pages via the unsanitized 'id' parameter of the [showmodule] shortcode. The injected payload executes in the browser of any user who subsequently visits the affected page, enabling session hijacking, credential theft, or malicious redirects within the victim's authenticated session context. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Stored Cross-Site Scripting in the Automotive Car Dealership Business WordPress Theme (all versions through 13.4.1) enables authenticated contributors to permanently embed arbitrary JavaScript via the 'project_details' custom field in Portfolio Items. Because the CVSS scope is Changed (S:C), injected scripts execute in the victim's browser context - not just the WordPress admin panel - enabling session hijacking, credential harvesting, or drive-by malware delivery against site visitors. No public exploit code has been identified at time of analysis, though contributor-level access is routinely available in multi-author dealership or agency WordPress deployments, making the authentication barrier practically low.
Stored cross-site scripting in the StatCounter - Free Real Time Visitor Stats WordPress plugin (versions up to and including 2.1.1) allows authenticated users with Author-level access or higher to inject arbitrary JavaScript into post pages by setting a crafted WordPress profile nickname. The unescaped nickname is embedded directly into a JavaScript string context within a <script> block rendered on every post page via the wp_head hook, causing the payload to execute in the browser of any visitor - including unauthenticated users - who loads a post authored by the attacker. No public exploit has been identified at time of analysis, but the low attack complexity (AC:L) and broad exposure surface (every post page on affected sites) make this a practical risk wherever sites permit untrusted Author-level accounts.
{ middleware })` auth checks. Affected are Nuxt 3.11.0-3.21.5 and Nuxt 4.0.0-alpha.1-4.4.5 when `experimental.componentIslands` is enabled and pages rely solely on route middleware for authorization - a pattern common in Nuxt 4 where componentIslands is on by default. A working proof-of-concept using a single curl command is published in the vendor advisory; no public exploit identified at time of analysis beyond the POC, and no CISA KEV listing exists. Vendor-released patches are available as nuxt@3.21.6 and nuxt@4.4.6.
Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import/**/("child_process") parses correctly by the JS engine but evades the regex entirely. Because the safeRequire Proxy only intercepts require() and not native ES import(), the attacker gains direct access to child_process and execSync as uid=100(sandbox). No public exploit identified at time of analysis, but the bypass technique is fully documented in the vendor advisory and is trivially reproducible by any authenticated user.
Cross-tenant data exposure in Extreme Platform ONE's IAM Gateway API-key authentication path allows an authenticated API-key holder to intermittently receive response data belonging to a different tenant under high-concurrency conditions. Affected endpoints include both ExtremeCloud IQ (XIQ/XAPI) and Extreme Platform ONE Common Services API paths; XIQ-native tokens and standard OAuth/Bearer JWT authentication are explicitly confirmed unaffected. No public exploit identified at time of analysis, and no CISA KEV listing exists, but the Changed scope (S:C) in the CVSS vector confirms that successful exploitation crosses tenant isolation boundaries, elevating the real-world severity beyond the 6.3 base score for multi-tenant deployments.
Pull-secret credential exposure in Red Hat Advanced Cluster Management (ACM) and Multicluster Engine (MCE) assisted-service leaks the full contents of a referenced pull-secret - including username, password, email, and base64-encoded auth token - into the publicly-readable `InfraEnv.status.conditions[].message` field when pull-secret validation fails. A low-privileged namespace principal holding the stock Kubernetes `view` ClusterRole, which is explicitly denied direct `get`/`list` on Secret objects, can recover the entire `.dockerconfigjson` credential payload by reading InfraEnv status. This constitutes a confirmed RBAC bypass (CWE-201) demonstrated via a reproduced proof-of-concept; no active exploitation via CISA KEV has been recorded at time of analysis.
Stored XSS in JetBrains PyCharm's Jupyter notebook Markdown cell renderer allows a remote, unauthenticated attacker to execute arbitrary JavaScript in the context of a victim's PyCharm session by delivering a crafted notebook file. All PyCharm versions prior to 2025.3.4 are affected. The vulnerability carries no KEV listing and no public exploit has been identified at time of analysis, though the low attack complexity and lack of required privileges make opportunistic abuse via shared or repository-hosted notebooks plausible.
Reflected cross-site scripting on the TeamCity repository download page allows a remote unauthenticated attacker to inject and execute arbitrary JavaScript in a victim's browser by tricking them into clicking a crafted URL. The Changed scope (S:C) in the CVSS vector indicates the payload can escape the vulnerable component and affect the victim's broader browser session, enabling session token theft, credential harvesting, or malicious redirects against TeamCity users. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Stored or reflected Cross-Site Scripting in SourceCodester Doctor Appointment System 1.0 allows unauthenticated remote attackers to inject malicious JavaScript through the user registration form in register.php. When a privileged user such as an administrator views the submitted registration data, the script executes in their browser context, enabling session hijacking, credential theft, or unauthorized actions on their behalf. A public disclosure write-up is available on GitHub; no vendor patch has been identified at this time.
Intermediate-symlink traversal in Sparkle's binary delta apply pipeline allows a holder of a compromised EdDSA signing key to achieve arbitrary file write at the privilege level of the AppInstaller process - root for system-domain installs. The flaw exists in SUBinaryDeltaApply.m, which only inspects the immediate parent directory for symlink status rather than all intermediate path components; a .delta archive item can first plant a symlink (e.g., pointing to /Library/LaunchDaemons) and a second item can then write through it via fopen(), which follows kernel-resolved symlinks unconditionally. A fully functional proof-of-concept demonstrating LaunchDaemon persistence installation is detailed in GHSA-hg88-v3cw-3qrh, though it requires a valid EdDSA signature, meaning public exploit utility is gated on signing key possession. No vendor-released patch has been identified at time of analysis.
SSRF policy bypass in OpenClaw before 2026.4.29 enables authenticated low-privileged attackers to circumvent private-network SSRF protections via browser debug and export routes. The flaw (CWE-863, Incorrect Authorization) allows an attacker who already holds valid credentials to reuse previously blocked browser tabs, causing the application to export or inspect content from protected internal resources that the SSRF policy was intended to restrict. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis, though the high confidentiality impact on the vulnerable component (VC:H in CVSS 4.0) warrants prompt patching for internet-exposed instances.
Discount over-redemption via race condition in Shopper (shopperlabs/shopper prior to v2.8.0) allows concurrent unauthenticated checkout requests to bypass a coupon's global usage_limit, resulting in committed orders carrying unauthorized discounts the merchant never intended to grant. The CreateOrderFromCartAction::execute method created the Order database row before atomically reserving the discount slot, opening a classic TOCTOU window that becomes reliably exploitable under the high-concurrency traffic of flash sales or Black Friday events. A compounding bug rendered usage_limit_per_user entirely non-functional in all pre-2.8.0 versions - the underlying counter was never incremented anywhere in the codebase - meaning per-user caps provided zero protection regardless of a customer's redemption history. No public exploit identified at time of analysis; this CVE is not listed in CISA KEV.
Memory unsafety in unbounded-spsc 0.2.0 (Rust crate) allows a local attacker with low privileges to cause out-of-bounds reads, allocator corruption, and process crashes by winning a TOCTOU race between Sender::send and Receiver::drop. The root defect is a pointer-as-value transmute in the DISCONNECTED arm of Sender::send (src/lib.rs:384-401): the code transmutes an 8-byte raw pointer (*mut Producer<T>) directly into Consumer<T>, meaning the fake Consumer's internal Arc::ptr points at the Sender struct itself rather than the real ArcInner<Buffer<T>>. No public exploit identified at time of analysis, but a proof-of-concept reproducing SIGSEGV is included in the advisory and reproduces approximately 3 out of 10 trials under heavy contention in release mode.
Local SSRF in PraisonAI's direct-prompt CLI allows an attacker who can influence prompt text to cause the operator's machine to fetch loopback and private-network HTTP resources, injecting the response body into the LLM prompt context. Affected packages are pip/praisonai <= 4.6.39 and pip/praisonaiagents <= 1.6.39; patches are available in 4.6.40 and 1.6.40 respectively. Publicly available exploit code exists (confirmed working PoC in the GHSA advisory), no public exploit identified at time of analysis as confirmed actively exploited (CISA KEV listing absent), and the CVSS 5.5 score reflects a meaningful confidentiality impact (C:H) constrained by a local attack vector.
SSRF protection bypass in PraisonAI's spider_tools component (praisonaiagents <= 1.6.39, PraisonAI <= 4.6.39) allows an attacker who can influence URLs submitted to scrape_page(), crawl(), or extract_text() to reach loopback-only HTTP services by supplying alternate loopback address encodings such as octal IPv4, hex, decimal integer, or trailing-dot hostname forms. The _validate_url() function performs only exact-string blocklist checks against 'localhost' and '127.0.0.1', without DNS resolution, IP normalization, or post-connect address validation, causing the bypass. Publicly available exploit code (PoC) has been confirmed functional; no active exploitation via CISA KEV has been identified at time of analysis.
Stored cross-site scripting in WWBN AVideo 29.0 and earlier allows an authenticated low-privilege user with category creation or editing rights to persist malicious JavaScript in category descriptions, which executes in any victim's browser upon viewing the Gallery or affected category page. The scope-changed CVSS vector (S:C) reflects that the injected payload crosses from the attacker's session into other users' browser contexts, enabling session hijacking or unauthorized actions on victims' behalf. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the low-complexity, network-accessible attack path warrants prompt access control review on affected deployments.
Stored XSS in Mautic 7's project selector component allows an authenticated low-privileged user to inject malicious script payloads via unsanitized project names rendered through AJAX into DOM option fields. When an administrative user subsequently opens an entity editor containing the affected project selector, the payload executes in the admin's browser session with a changed scope (S:C per CVSS), enabling session hijacking, unauthorized state manipulation, or organizational data exfiltration within the dashboard. No public exploit code has been identified at time of analysis, and no CISA KEV listing is present, though the stored, persistent nature of the payload and low attack complexity make this a credible privilege-escalation pivot for internal threat actors.