Skip to main content
CVE-2025-15546 MEDIUM POC PATCH This Month

Iptanus File Upload WordPress plugin before version 5.1.7 allows authenticated low-privilege users to overwrite other users' uploaded files by exploiting a Time-of-Check to Time-of-Use (TOCTOU) race condition in the plugin's file deduplication logic. The flaw is conditional on the `duplicatepolicy` setting being configured to 'maintain both,' and requires winning a precise timing race between the file existence check and the write operation. No active exploitation is confirmed by CISA KEV; however, a publicly available exploit exists via WPScan, and EPSS remains negligible at 0.01%, consistent with the high attack complexity required.

WordPress Race Condition File Upload Iptanus File Upload
NVD WPScan VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-54411 MEDIUM This Month

Timing side-channel in Linux-PAM's pam_userdb module through version 1.7.2 allows plaintext password recovery by any attacker capable of repeatedly submitting authentication attempts to a service backed by the vulnerable configuration. The module's use of length-prefixed strncmp() (or strncasecmp() with PAM_ICASE_ARG) on plaintext credentials leaks both password length and individual prefix bytes via measurable response-time differences, enabling iterative character-by-character reconstruction of the stored password. Proof-of-concept exploit methodology exists per CVSS 4.0 supplemental metadata (E:P); while no CISA KEV listing was found, the high confidentiality impact (VC:H) and credential-disclosure nature make this a meaningful risk for any deployment relying on pam_userdb in plaintext mode.

Information Disclosure Linux Pam Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-54421 MEDIUM PATCH This Month

Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Ironic Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-12190 MEDIUM This Month

Improper authorization in the custom URL scheme handler of Genspark AI Workspace App 2.8.4 on Android allows a local low-privileged attacker to invoke restricted application functionality via the ai.mainfunc.genspark component without proper access control. The flaw is classified under CWE-939, affecting inter-app communication on Android where the URL scheme handler fails to verify the caller's authorization. No patch is available as the vendor did not respond to responsible disclosure; no public exploit or CISA KEV confirmation exists at time of analysis.

Google Information Disclosure Ai Workspace App
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy