Arbitrary file write in BBOT's postman_download module enables a remote attacker to write files outside the intended output directory on a victim's system by controlling a Postman workspace name containing path traversal sequences. When a user runs the postman_download module, BBOT fetches workspace names from the Postman API and constructs local filesystem paths without sanitization, allowing pathlib to resolve paths into arbitrary locations on the victim's host. No public exploit has been identified at time of analysis, though the attack primitive is straightforward given the publicly committed fix details and low attack complexity.
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.
Heap memory address leakage in vLLM's Anthropic API router and speech-to-text WebSocket paths exposes the same ASLR-bypass primitive previously fixed in CVE-2026-22778. Five exception-handling sites across `vllm/entrypoints/anthropic/api_router.py`, `vllm/entrypoints/anthropic/serving.py`, and `vllm/entrypoints/speech_to_text/realtime/connection.py` echo raw `str(e)` output - including PIL BytesIO object repr strings containing heap addresses - directly to unauthenticated callers. A proof-of-concept is referenced in the advisory, and when chained with the parent CVE's libopenjp2 heap overflow, this leak reduces ASLR entropy from approximately 4 billion candidates to 8, enabling RCE; no public exploit identified at time of analysis for this CVE in isolation.
Path traversal in BBOT's unarchive internal module enables a malicious archive hosted by attacker-controlled infrastructure to write files outside the intended extraction directory when BBOT runs on systems with GNU tar < 1.34. This vulnerability is a residual gap from CVE-2025-10284, which resolved git-specific RCE vectors but left the underlying archive extraction path validation entirely unimplemented, relying instead on inconsistent external tool behavior across platforms. No public exploit has been identified at time of analysis; the CVSS vector (AC:H/UI:R) constrains real-world risk to BBOT operators actively scanning attacker-controlled targets on affected OS distributions, but the high integrity impact (I:H) and zero privilege requirement (PR:N) are significant for red-team and CI/CD BBOT deployments running on legacy base images.
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
The web management interface of the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) is susceptible to resource exhaustion via a Slow Loris attack, making the administrative interface unavailable to legitimate operators. An unauthenticated network attacker can trigger this condition without any prior registration or credentials, as the embedded web server imposes no connection-hold limits or timeouts per CWE-770. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available through the Teldat support portal.
Unauthenticated information disclosure in the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) exposes version and privilege data via a PHP-based upgrade query endpoint accessible over the network without any login or registration. An attacker sends a crafted HTTP request to /upgrade/query.php?cmd=p+3&3Bversion and receives sensitive system metadata in the response, violating CWE-201 by returning information that should be restricted. No active exploitation has been confirmed (not in CISA KEV), and the direct impact is limited to confidentiality, but the exposed data can enable targeted follow-on attacks against this HD-PLC networking device.
Temperature parameter validation in vLLM (pip/vllm ≤ 0.23.0) can be bypassed by supplying NaN or positive Infinity as the temperature value, because Python's IEEE 754 float comparison operators silently return False for these inputs, allowing the values to propagate unchecked into GPU CUDA sampling kernels. The invalid inputs trigger undefined behavior or fatal CUDA errors that crash the inference worker process, dropping all in-flight requests and degrading service for every concurrent user sharing that worker. No public exploit has been identified at time of analysis, though the trigger condition is fully disclosed in the published GHSA-7h4p-rffg-7823 advisory and is trivially reproducible from that description alone.
Server-Side Request Forgery in NocoDB (npm/nocodb <= 0.301.3) allowed unauthenticated remote attackers to coerce the NocoDB server process into issuing arbitrary outbound HTTP requests, including to RFC 1918 internal services, cloud metadata endpoints, and loopback addresses. The attack exploited two compounding weaknesses: the spreadsheet-import endpoint `axiosRequestMake` required no authentication, and its file-extension allowlist regex was evaluated against the full URL string rather than the pathname alone, making bypass trivial by appending `?.csv` to any URL's query string. No public exploit has been identified at time of analysis, though the bypass technique is explicitly described in the GitHub Security Lab advisory GHSA-hmcr-rmjq-47qr and is trivially reproducible.
Default hardcoded admin credentials in vantage6 expose servers running versions prior to 5.0.0 to unauthorized administrative access by any network-accessible attacker who attempts the well-known username 'root' and password 'root'. The vantage6 server initializes with this superuser account on first deployment, and administrators who fail to change or delete it leave a predictable, trivially exploitable entry point. While not confirmed actively exploited (no CISA KEV listing), the predictability of the credential pair and the sensitivity of vantage6's federated privacy-preserving analytics data make this a meaningful operational risk for unpatched deployments.
Improper access control in vantage6 nodes prior to version 5.0.0 allows malicious algorithm containers to read input and output files belonging to other algorithms running on the same node. This directly undermines the core privacy guarantee of the platform - a federated learning infrastructure explicitly designed for privacy-preserving analysis - by exposing sensitive intermediate data to adversarially crafted algorithms. No public exploit has been identified at time of analysis, and a patch is available in version 5.0.0.
Improper access control in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 exposes the Student Self-Registration Endpoint (/index.php) to unauthenticated remote exploitation. The CWE-284 root cause, combined with the 'Authentication Bypass' tag, indicates that the self-registration flow fails to enforce intended access boundaries, potentially allowing unauthenticated users to access, manipulate, or enumerate data beyond their authorized scope. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.
Stored cross-site scripting in Plane CE 1.3.1 allows an authenticated low-privileged project member to inject arbitrary HTML and JavaScript via the `description_html` field through the API v1 intake endpoint, with payloads persisting in the database and executing in the browsers of any user who views the affected intake item. The CVSS 4.0 vector rates confidentiality impact on the vulnerable system as High (VC:H), reflecting the realistic threat of session token exfiltration from higher-privileged users such as project administrators. No active exploitation has been confirmed and no public exploit code has been identified at time of analysis.
Cross-site request forgery in SimplCommerce's NewsItemApiController allows remote attackers to coerce an authenticated administrator's browser into creating or modifying news items via the `/api/news-items` endpoint, due to a disabled anti-forgery filter prior to commit 6233d73e. The CVSS 4.0 score of 8.3 reflects high integrity impact extending to subsequent systems (the admin's session), and no public exploit identified at time of analysis, though Checkmarx has published reference material describing the issue.
Anti-tampering bypass in Netskope Client for Windows (all versions prior to R138) allows a local administrator to send crafted IOCTL requests directly to the NSClient kernel driver, completely neutralizing the product's self-protection mechanisms. The flaw arises from CWE-782 - an IOCTL interface exposed by the driver without sufficient access controls - meaning a privileged insider can issue arbitrary control operations the driver was not designed to accept from untrusted callers. No public exploit has been identified at time of analysis, and exploitation is constrained to actors who already hold administrative privileges on the endpoint, limiting the realistic threat to insider scenarios or post-compromise lateral movement by an attacker who has already achieved admin-level access.
Tamper Protection bypass in Netskope Client for Windows allows a malicious local administrator to disable or subvert the endpoint security agent by directly manipulating the Windows service object and associated registry keys, which are protected by overly permissive Discretionary Access Control Lists. All Netskope Client versions below R138 on Windows are affected. No public exploit code exists and this vulnerability is not listed in CISA KEV, but the gap is operationally significant in environments where insider threat, post-compromise lateral movement, or separation of duties between IT admins and security tooling are concerns.
Insecure default file permissions (mode 0o644) in Hermes Agent before v0.16.0 expose two sensitive data files - response_store.db and webhook_subscriptions.json - to any local user on the host system, enabling direct extraction of conversation history, tool payloads, prompts, and per-route HMAC webhook secrets. Any locally authenticated user on the same host can read these files without elevated privileges. HMAC secret exposure is particularly severe because it enables forging authenticated webhook requests, extending impact beyond passive information disclosure into potential privilege escalation - consistent with the 'Privilege Escalation' tag in the intelligence record. No public exploit has been identified at time of analysis, and this is not currently listed in CISA KEV.
Account pre-hijacking in the centralized droneaware.io cloud platform allowed unauthenticated attackers to register an account using a victim's email address with an attacker-controlled password prior to the victim completing account activation. Once the legitimate owner activated their account - either via an email verification link or by authenticating through Google SSO - the attacker-set password remained fully valid, granting silent and persistent account takeover with no notification to the victim. The vulnerability was remediated server-side by the vendor on 2025-05-20; no public exploit or CISA KEV listing has been identified, and no user action is required.
Privilege escalation in JetFormBuilder WordPress plugin versions 3.6.1 and earlier allows authenticated subscribers to elevate their role to a higher-privileged level within the WordPress instance. The root cause is incorrect privilege assignment (CWE-266) in the plugin's form processing logic, enabling the lowest authenticated WordPress user role to gain unauthorized administrative or elevated access. No public exploit code or confirmed active exploitation has been identified at time of analysis; CVSS reflects high confidentiality and integrity impact if the high-complexity exploitation conditions are satisfied.
PHP Object Injection in the Counter Box WordPress plugin (all versions through 2.0.13) allows authenticated administrators to deserialize attacker-controlled input via the plugin's import functionality, with deserialization triggered automatically on the post-import redirect and again when any imported item is opened for editing. The vulnerability carries no standalone impact - exploitation is entirely contingent on a Property-Oriented Programming (POP) chain being present in a separately installed plugin or theme, at which point an attacker could achieve arbitrary file deletion, sensitive data retrieval, or remote code execution. No public exploit is identified at time of analysis, and the CVSS AC:H and PR:H ratings reflect both the administrative access requirement and the environmental dependency on co-installed POP chain software.
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Private RAG knowledge-base content belonging to any user can be fully exfiltrated by any authenticated low-privilege account in Open WebUI v0.9.5 deployments running Milvus with multitenancy enabled. This is a second-order bypass of the previously released fix for CVE-2026-44560 (GHSA-h36f-rqpx-j5wx): the prior patch introduced collection-level ACL checks, but the ACL's permissive handling of unknown collection names combined with unsanitized string interpolation into Milvus filter expressions creates an injection path that renders the ACL ineffective. A public proof-of-concept in the form of a ready-to-run curl command exists; no CISA KEV listing was identified at time of analysis.
Cross-tenant confidentiality breach in Daytona's notification WebSocket gateway (versions 0.101.0 through 0.184.0) allows any JWT-authenticated user to passively receive realtime event data belonging to a different organization by supplying an arbitrary organization UUID during the WebSocket handshake. The gateway's JWT authentication flow accepted the client-supplied organizationId and joined the corresponding notification room without verifying organizational membership, exposing sandbox, snapshot, volume, and runner events across tenant boundaries. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, but the attack is mechanically trivial for any authenticated user who can obtain a target organization's UUID.
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory exhaustion via audio decompression bomb in vLLM's `/v1/audio/transcriptions` endpoint allows a remote attacker to crash or severely degrade the inference server by uploading a crafted OPUS file that passes the 25MB compressed-size check but decodes to ~14.9GB of float32 PCM in memory. Affected are vLLM installations through v0.23.0 with speech-to-text (ASR) functionality enabled. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, the attack methodology is fully detailed in GitHub Security Advisory GHSA-6pr9-rp53-2pmc, making independent reproduction trivial. The official CVSS PR:L rating conflicts with the advisory's explicit claim of unauthenticated exploitation - security teams should audit whether their deployment enforces authentication on the audio endpoint.
Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.
Cross-user file disclosure in Open WebUI (pip package open-webui, versions ≤ 0.9.5) allows any authenticated user to read the content of files uploaded by other users by supplying a victim's file UUID as the image_url.url value in POST /api/chat/completions. The server's image-conversion middleware resolves the UUID against the global file table with no ownership check, base64-encodes the file, and injects it into the LLM prompt, from which the attacker reads the content via a transcription instruction. No KEV listing confirms active exploitation, but a complete step-by-step reproduction proof-of-concept is embedded in the public GitHub Security Advisory (GHSA-wch8-mhj5-9frg), materially increasing exploitation likelihood; the vendor-released fix is version 0.9.6.
Dell PowerFlex Manager's improper access control (CWE-284) permits a remote, low-privileged attacker to cause a denial of service condition against the management platform. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-reachable with minimal complexity once credentials are obtained, and is limited in scope to availability degradation (A:L). No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication bypass in FluxBuilder's MStore API WordPress plugin (versions through 4.18.4) allows unauthenticated remote attackers to exploit the password recovery flow as an alternate authentication channel, circumventing normal credential verification. Confirmed by Patchstack under CWE-288, the flaw enables unauthorized manipulation of user account state with low integrity and availability impact. No public exploit code or CISA KEV listing has been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivially exploitable conditions from the network without any authentication.
Unauthenticated arbitrary file deletion in the WorkScout-Core WordPress plugin (versions <= 1.7.11) allows any remote attacker to delete files on the underlying server without credentials. The flaw stems from a path traversal weakness (CWE-22) in a file-handling endpoint that fails to sanitize user-supplied input before constructing filesystem paths. Exploitation requires no authentication, no user interaction, and no special configuration, meaning every publicly reachable WordPress installation running this plugin version is exposed; no public exploit or CISA KEV listing has been identified at time of analysis.
Unauthenticated broken access control in the WooCommerce Anti-Fraud WordPress plugin by OPMC (versions ≤ 7.2.6) allows remote unauthenticated attackers to perform unauthorized actions against the anti-fraud layer of WooCommerce stores. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no credentials or user interaction are required, and CWE-862 (Missing Authorization) identifies the root cause as absent capability or permission checks on one or more plugin endpoints. With integrity (I:L) and availability (A:L) impacts, attackers could potentially interfere with or circumvent fraud detection logic, enabling fraudulent orders to pass undetected or disrupting store operations. No public exploit code has been identified and CISA KEV listing is absent at time of analysis.
Broken authentication in WooCommerce Dropshipping plugin versions 5.2.4 and earlier allows unauthenticated remote attackers to bypass authentication controls via an alternate path or channel (CWE-288), yielding partial confidentiality and integrity impact on affected WordPress e-commerce installations. Reported by Patchstack, the flaw is confirmed at CVSS 6.5 Medium with a fully network-accessible, zero-complexity attack path requiring no privileges or user interaction. No public exploit code or CISA KEV listing exists at time of analysis, moderating real-world urgency despite the low exploitation barrier.
Broken access control in WPBakery Page Builder (versions ≤ 8.7.2) allows subscriber-level authenticated WordPress users to invoke privileged functionality without proper authorization checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) confirms this is network-exploitable with low complexity and high integrity impact, meaning authenticated low-privilege users can perform content or administrative actions restricted to higher roles such as editor or administrator. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV, but WPBakery Page Builder's broad WordPress deployment footprint makes this a real remediation priority for sites with open user registration.
Arbitrary file download via path traversal in the Client Portal (Pro) WordPress plugin versions 5.6.2 and earlier exposes sensitive server-side files to authenticated low-privilege users. The CWE-22 flaw allows any registered portal user to craft a file request that escapes the intended directory boundary and retrieve arbitrary files accessible to the web server process - including wp-config.php containing database credentials. No public exploit or CISA KEV listing exists at time of analysis, but the high confidentiality impact combined with low attack complexity makes this a meaningful data exposure risk on affected WordPress installations.
Unauthenticated deserialization of untrusted data in the Slimstat Analytics WordPress plugin (versions prior to 5.4.0) allows remote attackers to exploit PHP object injection without authentication. The CVSS vector indicates high attack complexity (AC:H) and scope change (S:C), meaning successful exploitation can affect components beyond the plugin itself - potentially the broader WordPress environment or server. No public exploit identified at time of analysis, and the fix version is confirmed as 5.4.0 per Patchstack reporting.
Insecure Direct Object Reference in Open WebUI's prompt version-history API (versions ≤ 0.9.5) allows authenticated users to read or delete other users' private prompt history entries. Three endpoints authorize the URL-supplied `prompt_id` but pass caller-controlled `history_id` values to model-layer functions without verifying the history row belongs to the authorized prompt - a binding enforced correctly in a fourth endpoint but absent in these three. A functional proof-of-concept is included in the GitHub Security Advisory; no public KEV listing exists but exploitation steps are fully documented.
Stored Cross-Site Scripting in the Permalink Manager Lite WordPress plugin (all versions through 2.5.3.3) allows authenticated contributors to inject persistent JavaScript into the admin URI Editor interface via crafted post titles. The payload executes in the browser of any administrator who subsequently visits the Permalink Manager page, enabling session hijacking or unauthorized admin-level actions. No active exploitation is confirmed in CISA KEV, and no public exploit code has been identified at time of analysis; vendor-released patch 2.5.3.4 is available.
Stored XSS in the myCred WordPress plugin (versions up to and including 3.1) allows authenticated attackers holding contributor-level access or above to inject persistent JavaScript payloads via the unsanitized 'wrap' shortcode attribute in the leaderboard shortcode handler. When any user - including administrators - visits a page containing the injected shortcode, the payload executes in their browser, enabling session hijacking or privilege escalation. No public exploit or CISA KEV listing has been identified at time of analysis; fix is available in version 3.1.1 as confirmed by WordPress plugin trac changeset 3572451.
Heap buffer over-read in NGINX Plus and NGINX Open Source's ngx_http_charset_module exposes limited worker process memory or triggers a worker restart when remote unauthenticated attackers send crafted requests against a non-default charset conversion configuration. Exploitation requires both a specific dual-directive configuration (source_charset utf-8 alongside a differing charset directive such as koi8-r in the same location block) and content-dependent conditions outside the attacker's direct control, reflected in the CVSS AC:H rating. No public exploit code exists and this CVE does not appear in the CISA KEV catalog; the vendor F5 has published advisory K000161585 with patched version guidance.
Local file inclusion in CakePHP's View::_getElementFileName() allows remote attackers to include arbitrary PHP files from the server filesystem when applications render view elements using user-controlled data. Affected versions span multiple major release lines across 4.x and 5.x branches, with patched releases now available from the vendor. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; however, the developer-pattern dependency — user input passed unsanitized into element names — limits but does not eliminate real-world risk.
Authenticated remote OS command injection in Cisco Crosswork Network Controller's web-based management interface allows a threat actor holding valid template user credentials with write permissions to execute arbitrary commands on the underlying operating system. The flaw resides in the configuration template engine, which fails to adequately validate attacker-supplied input before processing it, enabling CWE-74 injection. Impact is bounded to filesystem areas where the template user holds write access, reducing blast radius compared to full OS compromise; however, on a network automation controller, even scoped command execution can expose sensitive network configurations and automation workflows. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Refresh token persistence in NocoDB (npm/nocodb ≤ 0.301.3) allows an attacker who has captured a victim's refresh token to retain persistent account access even after the victim completes a 'Forgot Password' recovery flow. The `passwordForgot` code path omitted the `UserRefreshToken.deleteAllUserToken(user.id)` call present in both `passwordChange` and `passwordReset`, leaving the attacker's stolen refresh cookie valid and exchangeable for new JWTs indefinitely. No public exploit has been identified at time of analysis, and no vendor-released patch version is confirmed in the available advisory data.
Incorrect authorization in Open WebUI versions 0.9.5 and earlier allows any authenticated non-admin user to route LLM inference requests to arbitrary configured Ollama backends - including internally restricted, higher-privilege, or admin-disabled instances - by supplying a raw integer `url_idx` path parameter on eight indexed proxy routes. The flaw bypasses backend-level access isolation entirely: model authorization is checked, but backend authorization is silently skipped when `url_idx` is caller-supplied, and disabled backends remain reachable because their disabled state is never re-evaluated at request time. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the attack requires only a valid user account and knowledge of the URL pattern, making it a low-barrier insider threat in any multi-backend deployment.
Stored XSS in SimplCommerce's news module allows an authenticated administrator to persist arbitrary JavaScript via the ShortContent and FullContent fields of NewsItemApiController, which are stored without HTML sanitization and rendered unencoded through Razor's @Html.Raw() method. Any site visitor who subsequently loads an affected news page will execute the injected script in their browser, enabling session hijacking, credential theft, or malicious redirects. No public exploit code or CISA KEV listing exists at time of analysis; an upstream fix is available at commit 6142d3b5 per Checkmarx's disclosure.
Identity spoofing via missing authentication in RTI Connext Professional's Security Plugins component enables a low-privileged network attacker to impersonate legitimate DDS participants, achieving high integrity and availability impact against affected deployments. Versions spanning five major release lines - 5.3.x through 7.6.x - are affected, with the fix landing at 7.7.0 for the 7.4 branch. No public exploit code or CISA KEV listing has been identified at time of analysis, but the high integrity and availability impacts on a middleware widely used in defense, aerospace, and industrial control systems elevate practical risk above what the moderate CVSS score alone suggests.
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
Host Header Injection in Dell PowerFlex Rack RCM 3.7 enables unauthenticated remote attackers to trigger open redirects by supplying a forged HTTP Host header, potentially redirecting victim users to attacker-controlled sites for phishing or credential harvesting. The CVSS 4.3 Medium score reflects the requirement for user interaction (UI:R) and limited confidentiality impact, with no integrity or availability consequence. No public exploit code has been identified at time of analysis, and the vulnerability has no CISA KEV listing.