Privilege escalation in LiquidFiles before 4.2.12 allows an authenticated Admin of a secondary (non-default) domain to elevate to full Sysadmin access by manipulating group settings within their managed secondary domain group. This broken access control flaw (CWE-285) collapses the authorization boundary between domain-scoped Admin and system-wide Sysadmin roles, granting an attacker complete platform control. No public exploitation has been confirmed in CISA KEV, but a public proof-of-concept is available from Project Black (PRJBLK), meaningfully elevating real-world risk above what the 5.9 CVSS score alone suggests.
Unauthenticated PGP decryption exposure in AVideo through version 25.0 allows any remote attacker to submit private key material, ciphertext, and passphrases to the publicly accessible decryptMessage.json.php endpoint and receive plaintext in the server response - no credentials, session, or token required. The dual impact is confidentiality loss (private key material processed in server memory may be captured in application or web server logs) and availability degradation via unconstrained CPU consumption from repeated cryptographic operations. A publicly available proof-of-concept exists per the GHSA advisory; no vendor patch has been released as of this analysis.
Unsafe pickle deserialization in picklescan before 1.0.1 allows unauthenticated remote attackers to create arbitrary zero-byte files on the server by crafting malicious pickle payloads that instantiate Python's standard-library logging.FileHandler class. This technique bypasses RCE-focused blocklists because it abuses legitimate standard library functionality rather than commonly blocked modules, making it a notable blocklist-evasion primitive. A publicly available proof-of-concept exploit exists; no public exploit identified at time of analysis for active KEV-confirmed exploitation, but the PoC demonstrates concrete filesystem impact including lock-file-based denial of service.
Cross-tenant information disclosure in Capgo (cap-go/capgo) before version 12.128.2 exposes per-organization usage telemetry to any caller holding the publicly distributed Supabase API key. Three PostgREST RPC functions - get_app_metrics, get_global_metrics, and get_total_metrics - are granted to the Supabase anon role without enforcing org membership or permission checks, allowing queries against arbitrary org_id values to return MAU, bandwidth, installs, and app IDs belonging to other tenants. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; a vendor-released patch exists at version 12.128.2.
Capgo's password policy configuration in versions before 12.128.2 can be exploited by an authenticated organization administrator to trigger an organization-wide account lockout by setting an arbitrarily large minimum password length - such as billions of characters - with no server-side upper-bound enforcement. Once the malicious policy is enabled, every organization member including other administrators is prevented from setting a compliant password, permanently blocking access to the organization and constituting an application-level denial of service. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in the insider-threat and compromised-admin-credential risk category.
Unauthenticated access to Capgo's /replication HTTP endpoint exposes internal PostgreSQL replication telemetry to any remote attacker, affecting all versions prior to 12.128.2. Attackers can retrieve replication slot names, WAL LSN positions (confirmed_flush_lsn, restart_lsn), and database error messages without supplying any credentials, enabling database infrastructure reconnaissance. No public exploit code or CISA KEV listing exists at time of analysis, but the zero-complexity unauthenticated attack vector makes opportunistic scanning against internet-exposed Capgo deployments trivially feasible.
Unauthenticated PII exposure in Flowise's forgot-password API endpoint allows remote attackers to harvest user objects containing IDs, full names, email addresses, account status, and timestamps by submitting any known or guessed email address. All Flowise releases prior to 3.0.13 are affected via the POST /api/v1/account/forgot-password endpoint, which returns a sanitized but data-rich user object instead of a generic acknowledgment. No public exploit has been identified at time of analysis per CISA KEV, though the GHSA advisory (GHSA-jc5m-wrp2-qq38) includes a working curl-based proof-of-concept demonstrating the full response.
Capgo before version 12.128.2 exposes user physical location by retaining EXIF GPS metadata in uploaded images without sanitization. Unauthenticated remote attackers can download images hosted on affected Capgo instances and extract embedded latitude/longitude coordinates, revealing where users were physically located at the time of photo capture. No public exploit is identified at time of analysis, and a vendor patch is available in version 12.128.2.
Cross-tenant metrics poisoning in Capgo before 12.128.2 allows unauthenticated remote attackers to insert arbitrary rows into the version_meta table for any tenant's app_id by invoking the PostgREST RPC endpoint using only the public anonymous key. The root cause is a missing authorization check inside a SECURITY DEFINER PostgreSQL function, which executes with elevated definer privileges while accepting caller-supplied app_id values without ownership validation. Although no public exploit code or CISA KEV listing exists at time of analysis, the attack requires no credentials beyond the public anon key - typically embedded in distributed client applications - making the practical barrier to exploitation extremely low despite the moderate CVSS 4.0 score of 6.9.
Unauthorized file operations in the Simple File List WordPress plugin (versions through 6.3.7) allow authenticated contributors to delete, move, create folders, and download arbitrary server files by exploiting a missing authorization check on the 'frontmanage' shortcode attribute. The attack is non-trivial but fully described: an attacker creates a draft post embedding the 'eeSFL' shortcode, loads the WordPress post preview endpoint to harvest a valid nonce, then submits file operation requests to ee-list-ops-bar-process.php that bypass the intended privilege checks. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; a patch changeset (3579098) exists in the plugin repository, though the released fixed version is not independently confirmed.
Host header injection in Apache NiFi 0.0.1 through 2.9.0 enables network-accessible clients to supply arbitrary values via X-ProxyHost and X-Forwarded-Host HTTP headers, causing the application to construct attacker-controlled qualified URLs used in HTTP redirects and data references. Although NiFi introduced an allowlist-based Host header control (nifi.web.proxy.host) in version 1.6.0, that validation was never extended to the alternative proxy and forwarded headers, leaving a persistent gap across roughly a decade of releases. No public exploit code has been identified at time of analysis and CVE-2026-54665 is not listed in CISA KEV; practical risk centers on open-redirect abuse, link manipulation, and potential bypass of same-origin assumptions rather than direct code execution.
Full-read SSRF in AVideo through version 27.0 allows authenticated administrators to make the server fetch arbitrary URLs via the statsURL parameter in plugin/Live/test.php, including cloud metadata endpoints and internal network services. The endpoint bypasses the codebase's own isSSRFSafeURL() guard - used in seven other endpoints - and returns full response bodies in the HTML output, enabling retrieval of IAM credentials from cloud metadata services such as 169.254.169.254, internal service data, and network configuration details. No public exploit code has been formally labeled as proof-of-concept, but the GHSA advisory discloses the complete vulnerable code path with all three sink functions (file_get_contents, curl_exec, wget), making exploitation trivial for any party who has read the advisory.
Mass assignment in Flowise's PUT /api/v1/user endpoint (all versions before 3.1.2) allows an authenticated user to overwrite their own account's password hash by supplying a crafted `credential` field in the request body, entirely bypassing the intended old-password verification, hashing enforcement, and session-invalidation workflow. An attacker who first obtains a temporary session - via XSS, token theft, or session hijacking - can exploit this to establish permanent account persistence even after the legitimate session expires, with no knowledge of the current password required. No public exploit has been identified at time of analysis, and a vendor-released patch is available in version 3.1.2.
Stored XSS in Apache Atlas's Create Entity page allows any authenticated user to inject persistent malicious JavaScript that executes in other users' browsers. All deployments running Apache Atlas 2.4.0 and earlier are affected. An attacker with a valid account can store a crafted payload that triggers against higher-privileged users - such as administrators - who later view the poisoned entity, enabling session hijacking or credential theft. No public exploit or CISA KEV listing has been identified at time of analysis.
Regular expression denial of service in vLLM versions 0.6.3 through 0.8.x exposes three distinct attack surfaces - the LoRA utility module, the phi4mini tool parser, and the OpenAI-compatible chat endpoint - to catastrophic regex backtracking, causing severe CPU exhaustion and service-wide denial of service. Authenticated API consumers can submit crafted inputs with deeply nested or repeated structures (e.g., `((((a|)+)+)+)`) to trigger unbounded processing in Python's backtracking NFA regex engine. No public exploit identified at time of analysis, though the GHSA advisory discloses the exact vulnerable patterns and example malicious inputs, substantially lowering the reproduction barrier for anyone with API access.
Stored cross-site scripting in AVideo's TopMenu plugin through version 26.0 allows payload execution for every site visitor due to unescaped rendering of icon classes, URLs, and text labels across multiple PHP templates. Critically, the saving endpoint (`menuItemSave.json.php`) lacks CSRF token validation despite checking for admin status, enabling a full CSRF-to-stored-XSS chain: an attacker with no account can inject the malicious menu item by luring an authenticated admin to an attacker-controlled page. Publicly available exploit code exists (GHSA-gmpc-fxg2-vcmq); no vendor-released patch has been identified at time of analysis.
Tenant isolation is broken in Capgo's statistics API before version 12.128.2, allowing authenticated holders of app-limited API keys to enumerate app IDs belonging to other tenants across the platform. The GET /statistics/app/:app_id endpoint returns distinct error codes depending on whether a target app exists (500 PGRST116) or is entirely nonexistent (401), creating an oracle that maps real app IDs outside the caller's authorized scope. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 5.3 reflects the authenticated requirement and limited confidentiality impact.
Broken cursor pagination in Capgo's /private/devices endpoint on the Cloudflare/workerd runtime path allows authenticated attackers with app.read_devices permission to trigger infinite duplicate-page loops, making later dataset rows permanently unreachable for affected sessions. All Capgo versions before 12.128.12 are vulnerable, and the impact is operational: device-management workflows repeatedly process the same duplicate records while failing to advance through the full dataset. No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 5.3 (Medium) reflects limited, availability-only impact scoped to the vulnerable system.
Webhook management endpoints in Capgo before 12.128.2 expose an authorization policy bypass that allows holders of non-expiring API keys to circumvent the organization-level require_apikey_expiration policy. The checkWebhookPermission function omits the required call to apikeyHasOrgRightWithPolicy, leaving webhook operations - listing, creating, and deleting - accessible to legacy non-expiring keys even when the organization has explicitly mandated key expiration. No public exploit has been identified at time of analysis, and exploitation requires prior possession of a valid non-expiring API key, targeting organizations that believed their key-expiration policy was uniformly enforced.
Server-side request forgery in Capgo's webhook URL validation exposes internal infrastructure to organization admins who can direct the backend to issue HTTP requests against loopback and private addresses (localhost, 127.0.0.1). All Capgo versions prior to 12.128.2 are affected per the GitHub Security Advisory GHSA-48hc-53hv-6x3f. The vulnerability is particularly dangerous in cloud-hosted deployments where the backend server can reach instance metadata services (e.g., AWS IMDS), and error responses are disclosed directly to the triggering user, enabling iterative internal network reconnaissance. No public exploit identified at time of analysis and no CISA KEV listing, but the authenticated-admin attack path lowers the effective barrier in multi-tenant SaaS environments.
SQL injection via improperly escaped MySQL table names in Apache NiFi's CaptureChangeMySQL Processor (versions 1.2.0 through 2.9.0) allows an attacker with MySQL CREATE TABLE access in a monitored database to inject arbitrary SQL commands executed under NiFi's MySQL service credentials. A partial mitigation introduced in 1.8.0 added manual quoted boundaries that narrowed - but did not eliminate - the injection surface; the root flaw persisted for years until full remediation in 2.10.0. No public exploit identified at time of analysis and not listed in CISA KEV; the issue was discovered by Roberto Suggi Liverani of the NATO Cyber Security Centre (NCSC) and disclosed in April 2026.
Cross-site scripting in Flowise before 3.0.8 allows unauthenticated network attackers to inject malicious JavaScript into the chat interface via iframe javascript: URI payloads, or indirectly via custom agent functions that fetch and render unsanitized external HTTP responses. When a victim browses the affected chat or agent output in their browser, the injected script executes in their session, enabling cookie theft and session hijacking. A working proof-of-concept payload is publicly documented in GitHub Security Advisory GHSA-4fr9-3x69-36wv; no active exploitation is confirmed in CISA KEV at time of analysis.
Open redirect in Capgo's confirm-signup endpoint (all versions before 12.128.2) enables unauthenticated remote attackers to craft account confirmation links that silently redirect victims to arbitrary attacker-controlled websites. The unvalidated `confirmation_url` parameter in the confirm-signup flow accepts any external URL without domain allowlisting or sanitization, making legitimate Capgo-sending domains a trusted launchpad for phishing and credential harvesting. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the social engineering amplification risk is significant given the trusted-email-domain context.
Authentication logic bypass in Capgo before 12.128.2 permits a team or organization security settings manager to enforce mandatory two-factor authentication across all team members without having 2FA active on their own account. The platform never validates the initiator's own 2FA enrollment state before committing the policy change, creating an asymmetric enforcement condition where the policy creator is effectively exempt from the mandate they impose. No public exploit code has been identified and Capgo is not listed in the CISA Known Exploited Vulnerabilities catalog; the CVSS 4.0 score of 5.1 (PR:H) reflects that exploitation is constrained to already-privileged insiders.
Open redirect in Capgo's Stripe billing endpoints (stripe_portal and stripe_checkout) allows authenticated attackers to manipulate the callbackUrl, successUrl, and cancelUrl parameters to silently redirect users to attacker-controlled phishing domains after billing interactions. All Capgo releases before 12.128.2 are affected per vendor advisory GHSA-grc7-98pf-h8hq. Exploitation requires a valid Capgo account (CVSS PR:L) and victim interaction (UI:A), and no public exploit or CISA KEV listing exists at time of analysis; however, the Stripe payment context lends phishing lures unusual credibility, elevating realistic social-engineering risk above what the medium CVSS score alone implies.
Authentication bypass in cap-go/capacitor-native-biometric allows an attacker with physical device access to circumvent biometric authentication by hooking the onAuthenticationSucceeded() callback via dynamic instrumentation. The root cause is that AuthActivity.java's implementation of BiometricPrompt.AuthenticationCallback never retrieves or validates the CryptoObject from the AuthenticationResult, making the entire cryptographic binding between biometric gesture and protected key material moot. All npm package versions below the patched release are affected. A proof-of-concept video is publicly available per the GHSA advisory, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.