Segmentation violation in GPAC MP4Box before version 26.02.0 crashes the application when processing crafted MP4 files, enabling denial of service against any user or pipeline invoking the tool on attacker-supplied input. The root cause is a null pointer dereference (CWE-476) in gf_isom_apple_set_tag_ex within isom_write.c, where custom iTunes-style tag pointers are dereferenced without prior null validation. A publicly available proof-of-concept exploit exists, though no public exploit identified at time of analysis correlates to confirmed active exploitation - the local attack vector (AV:L/UI:R) limits exposure primarily to media processing workflows that ingest untrusted MP4 files.
NULL pointer dereference in MP4Box's AC4 audio parser crashes the process when parsing a maliciously crafted AC4 file, enabling a local Denial of Service. Affected versions are all GPAC/MP4Box releases prior to 26.02.0, with the root cause in gf_ac4_pres_b_4_back_channels_present() and related AC4 presentation parsing routines in av_parsers.c. A publicly available proof-of-concept exists, though no public exploit confirmed active exploitation is in CISA KEV at time of analysis.
NULL pointer dereference in GPAC MP4Box's AC4 audio DSI parser crashes the application when processing a crafted AC4 file, resulting in denial of service. All GPAC MP4Box versions before 26.02.0 are affected; the CVSS vector (AV:L/UI:R) confirms exploitation requires a victim to locally open a malicious file. A publicly available proof-of-concept exploit exists at a referenced GitHub repository, though no public exploit identified at time of analysis has been confirmed as actively exploited in the wild (not listed in CISA KEV).
Unauthenticated remote information disclosure in SourceCodester Pharmacy Sales and Inventory System 1.0 allows network-based attackers to bypass access controls and read sensitive sales statement data via the sell_statement function in application/controllers/ShowForm.php. The CVSS vector confirms PR:N (no authentication required) with low access complexity, and a proof-of-concept exploit has been publicly disclosed via GitHub. No KEV listing at time of analysis, but the combination of unauthenticated network access and available exploit code elevates practical risk beyond the moderate CVSS 5.3 score alone.
File and directory information exposure in SourceCodester Pet Grooming Management Software 1.0 allows remote unauthenticated attackers to enumerate internal file and directory structures via the /admin/ endpoint. The root cause is CWE-538 (Deployment of Code to Unauthorized Actors / File and Directory Information Exposure), and a proof-of-concept exploit has been publicly released on GitHub. While not listed in CISA KEV and carrying only low confidentiality impact, the absence of any authentication requirement and the public POC lower the bar for exploitation significantly.
SQL injection in itsourcecode Online House Rental System 1.0 allows remote unauthenticated attackers to manipulate the 'ID' parameter of /manage_payment.php to execute arbitrary database queries. Publicly available exploit code exists, increasing the likelihood of opportunistic attacks against exposed deployments. The flaw was reported by VulDB and impacts a PHP-based rental management application commonly deployed by small operators and educational projects.
SQL injection in itsourcecode Online House Rental System 1.0 allows remote unauthenticated attackers to manipulate the 'ID' parameter of /manage_tenant.php to inject arbitrary SQL queries against the backend database. Publicly available exploit code exists (disclosed via GitHub issue tracker and indexed by VulDB), making opportunistic exploitation feasible against any internet-exposed instance. The vulnerability impacts a PHP-based property management application typically deployed by small landlords or as a learning/demonstration project.
SQL injection in itsourcecode Online House Rental System 1.0 allows remote unauthenticated attackers to manipulate the Username parameter of the /ajax.php?action=login endpoint to inject arbitrary SQL. Publicly available exploit code exists (VulDB-referenced PoC on GitHub), increasing the practical risk despite the application's limited deployment footprint. No CISA KEV listing is present, so this represents publicly available exploit code without confirmed active exploitation.
SQL injection in itsourcecode Online Blood Bank Management System 1.0 allows remote unauthenticated attackers to manipulate the 'hospital' parameter in /admin/campsdetails.php to inject arbitrary SQL queries. Publicly available exploit code exists, increasing the practical risk despite the application being a relatively niche PHP-based healthcare management product. No CISA KEV listing or EPSS score is provided in the source intelligence, so widespread automated exploitation is not confirmed.
SQL injection in itsourcecode Online Blood Bank Management System 1.0 allows remote unauthenticated attackers to manipulate the 'ID' parameter on /admin/viewrequest.php to inject arbitrary SQL into backend database queries. Publicly available exploit code exists per VulDB, raising the practical risk despite the moderate CVSS 7.3 score. No CISA KEV listing or EPSS data was provided, so widespread automated exploitation cannot be confirmed at this time.
Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.
Blind SQL injection in the WP Directory Kit WordPress plugin (versions up to and including 1.5.1) allows remote unauthenticated attackers to inject crafted SQL fragments into backend queries, enabling extraction of database contents and limited tampering with site availability. The CVSS 9.3 score reflects network-reachable exploitation with no privileges or user interaction and a scope change into the WordPress database context; no public exploit identified at time of analysis, though Patchstack has cataloged the flaw.
Remote code execution in AMD's AI Tensor Engine for ROCm (AITER) through version 0.1.14 allows unauthenticated network attackers to run arbitrary code on every inference worker in a distributed cluster by sending a malicious pickle payload to the ZMQ SUB socket consumed by MessageQueue.recv() in shm_broadcast.py. The vulnerability stems from unauthenticated, unvalidated pickle deserialization with no HMAC or format checks; no public exploit identified at time of analysis, but VulnCheck has published an advisory and AMD has merged an upstream fix.
Unauthenticated SQL injection in OTRS and the legacy ((OTRS)) Community Edition database layer enables authentication bypass when the backing MySQL/MariaDB instance runs with the NO_BACKSLASH_ESCAPES SQL mode. The flaw carries a CVSS of 9.1 with network-reachable, no-privileges-required exploitation against confidentiality and integrity, but no public exploit identified at time of analysis and the issue is gated by a specific non-default database configuration.
Identity spoofing in IBM WebSphere Application Server 9.0 and 8.5 allows remote unauthenticated attackers to impersonate legitimate users or services, leading to high-impact compromise of integrity and availability of hosted applications. The CVSS 9.1 score reflects network-reachable exploitation with low complexity and no privileges required, while no public exploit identified at time of analysis. The flaw is tracked under CWE-290 (Authentication Bypass by Spoofing) and has a vendor-released patch referenced via IBM support.
Broken access control in Tomdever's wpForo Forum WordPress plugin (versions up to and including 3.0.6) allows remote unauthenticated attackers to invoke restricted functionality due to missing authorization checks, leading to high integrity and availability impact on affected forums. The CVSS 9.1 score reflects network-reachable exploitation with no privileges or user interaction required, and no public exploit identified at time of analysis. Patchstack disclosed the issue and tracks it as a broken access control flaw against the plugin.
Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 arises from unsafe deserialization of untrusted data processed by JAX-WS endpoints that use WS-Security. Unauthenticated remote attackers who can reach a SOAP/JAX-WS endpoint may craft malicious serialized payloads to execute arbitrary code in the WebSphere server context. No public exploit identified at time of analysis, but the high CVSS (9.0) and scope-changed impact mean any exposed JAX-WS service is a meaningful target.
Privilege escalation to administrative access in Ivanti Neurons for ITSM (both cloud and on-premises deployments) allows a remote authenticated attacker to bypass access controls and obtain admin-level permissions. The flaw carries a CVSS 8.8 rating with low attack complexity, and Ivanti has published a security advisory; no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Remote code execution in IBM i Access Client Solutions (ACS) versions 1.1.5.0 through 1.1.9.12 allows authenticated attackers to execute arbitrary code on systems where ACS is configured to listen for requests from IBM i Navigator. The flaw, rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, requires low privileges and no user interaction, making it a serious threat in enterprise IBM i environments. There is no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.
Unauthenticated information disclosure in SOPlanning version 1.55 and below allows remote attackers to download backup archives and configuration files directly from backup endpoints without any authentication, exposing the user database with password hashes and sensitive configuration data. The CVSS 4.0 score of 8.8 reflects high confidentiality impact over the network with no privileges or user interaction required, and no public exploit identified at time of analysis. Disclosure was coordinated through CERT.PL, indicating a vetted advisory rather than opportunistic discovery.
Remote code execution in Apache ActiveMQ Broker, ActiveMQ All, and ActiveMQ (versions before 5.19.7 and 6.0.0 before 6.2.6) allows authenticated attackers to bypass the CVE-2026-34197 fix using non-parenthesized discovery wrappers such as `masterslave:vm://...` and `static:vm://...`, which incorrectly pass validation and trigger the VM transport's brokerConfig parameter to load a remote Spring XML application context. The flaw abuses the Jolokia JMX-HTTP bridge at /api/jolokia/ to invoke BrokerService.addNetworkConnector/addConnector MBean operations, resulting in arbitrary code execution on the broker JVM. EPSS is low at 0.06% (19th percentile) and no public exploit identified at time of analysis, but the patch bypass nature and prior in-the-wild interest in ActiveMQ RCE chains warrant urgent patching.
Improper certificate hostname validation in the Apache Directory LDAP API client allows network-positioned attackers to impersonate LDAP servers and intercept authenticated directory traffic. The flaw was disclosed via the oss-security mailing list on 2026-06-01 and is tracked under CWE-297; no public exploit identified at time of analysis. With a CVSS 4.0 score of 8.8 and high confidentiality/integrity impact, the issue is significant for applications that rely on this library to connect to LDAP/LDAPS endpoints.
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer overflow that crosses a security boundary (scope changed) and compromises confidentiality, integrity, and availability of the device. The flaw is reported directly by Qualcomm in the June 2026 security bulletin and carries a CVSS 3.1 base score of 8.8 with no public exploit identified at time of analysis. Strongbox is the hardware-backed keystore used to protect cryptographic material, so successful exploitation undermines a core trust component of Snapdragon-based mobile platforms.
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox trusted execution component, where a missing bounds check enables memory corruption from a low-privileged context. A successful exploit crosses a trust boundary (CVSS scope=Changed) and yields high impact to confidentiality, integrity, and availability on the affected device. No public exploit identified at time of analysis, and EPSS data was not provided alongside this advisory.
Privilege escalation in Apache ActiveMQ versions before 5.19.7 and 6.0.0 through 6.2.5 allows authenticated low-privilege web-login users to invoke administrative Jolokia operations such as addQueue and removeQueue due to overly permissive default authorization settings. The CVSS 8.8 score reflects high impact on confidentiality, integrity, and availability, though EPSS exploitation probability sits at just 0.01% and no public exploit identified at time of analysis. The flaw effectively collapses the broker's privilege boundary between normal web users and administrators.
Stored cross-site scripting in Dassault Systèmes DELMIA Service Process Engineer (Process Experience Studio component) across releases 3DEXPERIENCE R2024x through R2026x allows an authenticated low-privilege attacker to inject persistent script payloads that execute in another user's browser session. With a CVSS 3.1 base of 8.7 driven by scope change and high confidentiality/integrity impact, successful exploitation can compromise the victim's 3DEXPERIENCE session data and authority across trust boundaries. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
SQL injection in SOPlanning 1.55 and earlier allows authenticated low-privileged users to inject arbitrary SQL commands across multiple endpoints and parameters, potentially leading to full database compromise. The flaw was reported by CERT Polska and carries a CVSS 4.0 score of 8.7, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Credential exposure in Kamsoft KS-SOMED medical software allowed remote unauthenticated attackers to authenticate to the FTP server hosting application update packages by extracting hard-coded credentials from the KSPLUPDFTP.exe and ANEKSKLIENT.EXE modules. While the vendor states the exposed credentials ultimately had only read-only access, the original threat model included an attacker uploading a malicious update file that would propagate to client machines as a legitimate update. No public exploit identified at time of analysis.
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of service in OpenAirInterface5G 2.4.0 (nr-softmodem) allows unauthenticated remote attackers to crash an entire 5G base station by triggering a divide-by-zero in the E2SM-KPM RAN Function's PRB utilization calculation. By flooding E42 subscription requests through the FlexRIC iApp on port 36422/SCTP, an attacker forces consecutive identical PRB aggregate samples that produce a zero divisor, raising SIGFPE and interrupting service for all connected UEs. No public exploit identified at time of analysis, and EPSS probability is very low at 0.03%, but the unauthenticated network vector and total cell outage make this a high-impact availability flaw.
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows authenticated attackers to abuse unsafe Java deserialization in the SAML Web Single Sign-On component to run arbitrary code via a crafted HTTP request combined with a gadget chain. The flaw carries a CVSS 8.5 with scope change, and while no public exploit has been identified at time of analysis, deserialization gadget chains for WebSphere are historically well-researched. IBM has released a patch via support advisory node/7274733.
Local privilege escalation in Fujitsu ServerView Agents for Windows V11.60.04 and earlier enables an authenticated low-privileged user to chain privileges and obtain SYSTEM-level access on the host. The flaw was reported by JPCERT/CC and is documented in JVN advisory JVN67883085 and FSAS Technologies advisory 0529; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in Fujitsu ServerView Agents for Windows version 11.60.04 and earlier allows an authenticated low-privileged user on the host to obtain SYSTEM-level privileges through incorrect permission assignment on a critical resource. The flaw is reported by JPCERT/CC under JVN#67883085 with a CVSS 4.0 score of 8.5; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cross-workspace Insecure Direct Object Reference in praisonai-platform versions prior to 0.1.4 allows any authenticated workspace member to read, modify, or delete issues belonging to other tenants by supplying a known issue UUID against their own workspace path. The issue CRUD endpoints validate workspace membership but never verify that the targeted issue actually belongs to that workspace, breaking multi-tenant isolation. No public exploit identified at time of analysis, but the vulnerability is source-verified end-to-end with an upstream fix released as version 0.1.4.
Resource exhaustion and stale-state accumulation in FlexRIC v2.0.0 allows unauthenticated remote attackers to bind multiple xApp identifiers to a single SCTP connection via repeated E42_SETUP_REQUEST messages, where only the first xapp_id is cleaned up on disconnect. The remaining orphaned registrations and their subscriptions persist in the iApp, enabling progressive memory/state corruption that maps to the CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) high-availability impact. No public exploit identified at time of analysis and EPSS is very low (0.05%, 17th percentile), but the unauthenticated network reachability of the E2 termination makes this a meaningful availability risk for O-RAN testbeds running this build.
Cross-site scripting via sanitizer bypass affects DOMPurify 3.4.4, the widely used npm HTML sanitization library maintained by cure53. The flaw stems from `<selectedcontent>` being permitted by default, allowing attackers to leverage browser re-cloning behavior so that an XSS payload is reinjected into a subtree DOMPurify has already walked. No public exploit identified at time of analysis in the form of in-the-wild attacks, but a fully working PoC is published in the GHSA advisory and active exploitation status is not listed in CISA KEV.
Reflected cross-site scripting in Kiteworks Secure Data Forms (versions prior to 9.3.0) allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser after the victim is lured into clicking a crafted link. The CVSS 8.2 score is elevated by a changed scope (S:C) and high confidentiality impact, reflecting potential session theft or pivoting against the Kiteworks Private Data Network; no public exploit identified at time of analysis and not present in CISA KEV.
Reflected cross-site scripting in Kiteworks Secure Data Forms prior to version 9.3.0 allows external attackers to execute arbitrary JavaScript in a victim's browser session by tricking them into clicking a crafted link. The flaw carries a CVSS 8.2 due to scope change (S:C) and high confidentiality impact, but exploitation requires user interaction. At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitrary SQL queries against the backend database via a stored injection vector. Although a 20-byte length limit is imposed on the injected payload, carefully crafted input can break out of this restriction, enabling data extraction and modification. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cleartext session cookie exposure in CodexBar (a macOS menu bar AI provider client) prior to 0.32.0 allows network-positioned attackers to intercept imported browser session cookies for Amp and Ollama providers. The client failed to enforce HTTPS before reattaching imported cookies when a provider-controlled redirect pointed to a cleartext HTTP endpoint inside the same provider domain, leaking authentication material in plaintext. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a specific partition and load a customized (unsigned or tampered) bootloader, breaking the device's chain of trust. The flaw, reported by Qualcomm itself in its June 2026 security bulletin, carries a CVSS of 8.2 with scope change due to its impact on trusted firmware boundaries, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.
Hardcoded credentials in Apache Solr 9.4.0 through 9.10.1 and 10.0.0 allow remote attackers to obtain full administrative access to clusters that bootstrapped Basic Authentication via the bin/solr auth enable tool. The setup script silently installs template accounts (superadmin, admin, search, index) with publicly known default passwords alongside the user-specified account, and no public exploit identified at time of analysis though the credentials are documented and trivially reusable.
Authenticated remote code execution in Apache ActiveMQ Classic (versions before 5.19.7 and 6.0.0 through 6.2.5) is achievable via the Jolokia JMX-HTTP bridge exposed at /api/jolokia/ on the web console. An authenticated attacker can invoke BrokerService.addNetworkConnector with a crafted masterslave:// discovery URI that loads a Spring XML application context, instantiating attacker-controlled singleton beans (e.g., Runtime.exec()) on the broker JVM. No public exploit identified at time of analysis and EPSS is low (0.06%), but the vendor-released patches and CVSS 8.1 score reflect a significant risk to message brokers exposing the web console.
Privilege escalation in Cloud Foundry smb-volume-release (prior to v3.60.0) and CF Deployment (prior to v56.0.0) lets a low-privileged CF space developer smuggle arbitrary CIFS mount options past the mount-option allowlist, gaining kernel-level mount control on shared Diego cells. The flaw maps to CWE-88 (argument injection) and carries CVSS 8.1 with low-privilege network exploitation; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's principal URL to gain full read/write access to that user's calendar in versions 32.0.0 to before 32.0.9 and 33.0.0 to before 33.0.3. The flaw was reported via HackerOne (report 3545964) and patched in PR 59962 by introducing dedicated ProxyRead/ProxyWrite ACL-aware classes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicious ID4me authority to impersonate arbitrary users due to missing JWT signature verification in the ID4me login flow. The flaw stems from a literal 'TODO: VALIATE SIGNATURE!' code comment that left ID tokens accepted without cryptographic validation, enabling identity spoofing once a victim is redirected through the attacker-controlled authority. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
{id} request. The DELETE endpoint enforces only member-level authorization instead of owner-level, and the destructive action is silent, immediate, and without recovery path. No public exploit identified at time of analysis, but source-level analysis confirms the gap and a vendor patch is available.
Cross-workspace Insecure Direct Object Reference in praisonai-platform versions prior to 0.1.4 allows any authenticated workspace member to read and inject comments on issues belonging to any other tenant in a multi-tenant deployment. The comment endpoints validate workspace membership but never verify that the URL-supplied issue_id actually belongs to that workspace, breaking tenant isolation. No public exploit identified at time of analysis, but source-code-level analysis confirms the gap end-to-end.