Path traversal in motionEye v0.43.1 allows any authenticated user - including those with normal (non-admin) privileges - to read arbitrary files from the server filesystem via the picture and movie preview API endpoints. The root cause is inconsistent input validation: `get_media_preview()` and `del_media_content()` in `mediafiles.py` omit the `..` sequence check that `get_media_content()` correctly implements, and the Tornado web framework passes percent-encoded slashes (`%2F`) through unmodified to `os.path.join()`. A fully functional public proof-of-concept demonstrating retrieval of `/etc/passwd` is published in the GitHub security advisory; no public exploit identified at time of analysis for CISA KEV, but the low exploitation complexity and pre-computable default-credential signature make exposed instances an immediate practical target.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Unauthenticated arbitrary file upload in Filament (Laravel component framework) versions 3.0.0 through 3.3.51, 4.x through 4.11.4, and 5.x through 5.6.4 allows remote attackers without any credentials to write files to the application's temporary storage. Filament indiscriminately applies Livewire's WithFileUploads trait to every Livewire component embedding a schema - including the panel login form, which has no legitimate file upload need - exposing the upload endpoint publicly. The practical impact is storage exhaustion or inflated cloud storage costs; no public exploit has been identified at time of analysis.
Improper token validation in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data allows a privileged user to exceed their authorized scope, performing operations and accessing sensitive information beyond their granted permissions. Affected versions span 4.8 through 5.3, covering both the standard and warehouse variants of the product. No public exploit identified at time of analysis, and no active exploitation confirmed via CISA KEV, though the high integrity impact (I:H) signals meaningful risk for multi-tenant or regulated deployments.
Denial of service in Zephyr RTOS Bluetooth Classic SDP parser allows adjacent Bluetooth attackers to crash devices via a malformed 3-byte SDP attribute that triggers a reachable kernel assertion. The flaw resides in bt_sdp_parse_attribute() in subsys/bluetooth/host/classic/sdp.c, where the parser pulls a value-type byte without first verifying buffer length, causing a kernel panic in assert-enabled builds and an out-of-bounds read with undefined behavior when assertions are disabled. No public exploit identified at time of analysis, though the GHSA advisory describes the trigger conditions in enough detail to reproduce.
Cache poisoning in python-zeroconf before 0.149.16 allows any unauthenticated adjacent-network attacker to inject attacker-controlled DNS records into the local mDNS cache by multicasting a single crafted UDP packet on port 5353. The parser in `_read_character_string` and `_read_string` advanced its offset by a caller-declared length without validating it against the actual packet buffer size; Python's silent slice truncation meant over-advertised records were accepted and committed to `DNSCache` and `ServiceInfo` intact. The vendor manually downgraded severity to low, noting no RCE or OOM risk, but characterizes this as a building block for higher-impact chains in downstream consumers such as Home Assistant. No public exploit code has been identified and the vulnerability is not in CISA KEV.
Wallet balance inflation in AVideo's Authorize.Net payment plugin (versions <= 28.0) allows a low-privileged attacker to credit arbitrary amounts to any user account by forging webhook requests. Three code flaws chain together: a logical OR in the signature check lets a real transaction ID bypass HMAC validation entirely, attacker-controlled payload fields take precedence over authoritative API-fetched amounts and user IDs, and the payment approval status is never verified before crediting the wallet. A detailed proof-of-concept with working curl commands is publicly documented in GitHub Advisory GHSA-95jh-7r58-xmxw. No confirmed active exploitation (CISA KEV) at time of analysis, but the PoC lowers the bar to exploitation significantly.
Missing authentication on the Atlassian Connect install callback in Mattermost allows a remote attacker to inject a rogue sharedSecret into an in-progress Jira integration setup. Affected versions span the 10.11.x, 11.5.x, 11.6.x, and 11.7.x release trains, all of which expose the POST /ac/installed endpoint without validating the caller's identity during the pending-install window. No public exploit has been identified at time of analysis, but a successful injection corrupts the integration's trust handshake, yielding high integrity and availability impact against the Jira connection. The vendor CVSS vector assigns PR:L, which conflicts with the description's 'remote unauthenticated attacker' language - this discrepancy warrants direct verification with Mattermost advisory MMSA-2026-00654.
Subscription hijacking in Mattermost allows authenticated low-privileged users to take control of subscriptions belonging to channels they have no access to by submitting a crafted PUT request to the subscription edit endpoint. The root cause is a missing channel ownership validation check, classified as an Insecure Direct Object Reference (CWE-639), affecting versions across four active release branches (10.11.x, 11.5.x, 11.6.x, 11.7.x). No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Stored cross-site scripting in Filament's ImageColumn and ImageEntry components allows low-privileged authenticated attackers to plant malicious HTML or JavaScript into database-backed image fields, which then executes in the browsers of any user who views the affected table or schema. Affected versions span 4.0.0 through the pre-fix releases across both the v4 and v5 branches of this widely-used Laravel admin panel framework. Vendor-released patches exist at versions 4.11.5 and 5.6.5; no public exploit code or CISA KEV listing has been identified at time of analysis.
Typeless deserialization in MessagePack-CSharp allows blocked types to be instantiated by wrapping them inside arrays or generic type constructs, bypassing the ThrowIfDeserializingTypeIsDisallowed safety check. Applications using typeless deserialization on MessagePack-CSharp prior to versions 2.5.301 (2.x branch) and 3.1.7 (3.x branch) are exposed. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects high attack complexity and the prerequisite that typeless deserialization must be enabled and attacker-controlled input must reach the deserializer.
Insecure default initialization in MessagePack for C#'s ASP.NET Core MVC formatter exposes .NET web applications to hash-collision denial-of-service attacks. The parameterless `MessagePackInputFormatter()` constructor silently applies `MessagePackSecurity.TrustedData` to HTTP request bodies - data that by definition crosses an untrusted boundary - bypassing the hash-seed randomization that `MessagePackSecurity.UntrustedData` provides. Vendor-released patches are available in versions 2.5.301 and 3.1.7; no public exploit code or CISA KEV listing identified at time of analysis.
LZ4 decompression in MessagePack for C# prior to versions 2.5.301 (v2 branch) and 3.1.7 (v3 branch) allows remote attackers to force excessive heap memory allocations via crafted Lz4Block or Lz4BlockArray payloads that declare arbitrarily large uncompressed lengths. The library allocates an output buffer sized to the attacker-controlled wire-format length field before performing any validation of the compressed data or the reasonableness of the declared expansion, enabling a classic decompression-bomb denial-of-service. No public exploit has been identified at time of analysis and no CISA KEV listing exists; however, the attack pattern is mechanically straightforward for any application that accepts untrusted MessagePack data with LZ4 compression enabled.
Quadratic CPU and memory allocation behavior in MessagePack-CSharp's ExpandoObjectFormatter enables remote unauthenticated attackers to degrade or deny service by submitting attacker-controlled MessagePack maps containing many distinct keys. Affected are all releases prior to 2.5.301 (2.x branch) and 3.1.7 (3.x branch). No public exploit code has been identified at time of analysis, and no CISA KEV listing was referenced in available intelligence.
Uncontrolled recursion in MessagePack-CSharp's JSON conversion helpers allows remote attackers to crash .NET host processes via an uncatchable StackOverflowException, producing a denial-of-service condition in applications that route untrusted input through these APIs. Three independent recursive code paths - ConvertFromJson's FromJsonCore(), TinyJsonReader.ReadNextToken() (which recurses once per comma or colon character, enabling exploitation via malformed JSON), and the ConvertToJson ext-100 typeless extension branch - all bypass the library's existing MessagePackSecurity depth-limit enforcement. No public exploit has been identified at time of analysis, and only applications explicitly using the JSON conversion helpers (not normal typed MessagePack deserialization) are exposed.
Uncontrolled recursion in MessagePack for C# allows network-reachable attackers to crash applications by submitting deeply nested union-type payloads that bypass the library's object graph depth protection. DynamicUnionResolver's runtime-generated deserializers omit the required MessagePackSecurity.DepthStep calls, leaving union code paths entirely outside the recursion guard that protects all other formatter paths. No public exploit or active KEV listing exists at time of analysis, but any application deserializing untrusted MessagePack data via union types over a network endpoint is exposed to availability-only impact.
Unchecked large-array allocation in MessagePack for C# exposes any .NET application deserializing untrusted MessagePack extension payloads to a denial-of-service condition. The UnsafeBlitFormatterBase<T>.Deserialize method trusts an attacker-supplied byteLength field from the inner extension payload and allocates a T[] array of that size before comparing it against the outer extension header length or remaining input bytes, meaning a few-byte payload can trigger gigabyte-scale allocations. No active exploitation has been confirmed (no CISA KEV listing, no public exploit identified at time of analysis), but the attack requires no authentication and no user interaction, lowering the bar for any attacker with network access to an exposed endpoint.
Heap exhaustion via crafted multi-dimensional array payloads in MessagePack-CSharp affects all v2.x releases before 2.5.301 and all v3.x releases before 3.1.7, enabling remote unauthenticated attackers to trigger disproportionately large heap allocations with minimal payload bytes. The multi-dimensional array formatters (T[,], T[,,], T[,,,]) allocate based on attacker-supplied dimension values before cross-validating against the encoded element count, so a payload declaring a 10000×10000 array with only a handful of elements forces a massive allocation before any guard fires. No public exploit or active exploitation has been confirmed; the CVSS 4.0 score of 6.3 reflects high attack complexity and a specific prerequisite condition (AT:P), constraining realistic risk to services that deserialize untrusted MessagePack containing multi-dimensional array types.
CPU denial of service in MessagePack for C# affects applications deserializing ILookup<TKey,TElement> types from untrusted input, exploitable even when the application has explicitly configured MessagePack's untrusted-data security posture. The InterfaceLookupFormatter constructs its internal dictionary with the default equality comparer rather than the security-aware, randomization-backed comparer provided by options.Security.GetEqualityComparer<TKey>(), silently bypassing the protection the developer believed was active. No public exploit code has been identified at time of analysis, and the CVSS 4.0 AC:H/AT:P rating reflects that exploitation requires crafting keys with deliberate hash collisions.
Webhook forgery in n8n's GitHub Webhook Trigger node allows unauthenticated remote attackers to spoof GitHub events and trigger arbitrary workflow execution by sending unsigned POST requests to any known webhook URL. The root cause is a complete absence of HMAC-SHA256 signature verification - the cryptographic control GitHub provides specifically to authenticate webhook deliveries - meaning n8n accepted all inbound POST traffic without validation. Affected versions span the v1 branch (below 1.123.15) and v2 branch (2.0.0 through 2.5.0); no public exploit code or CISA KEV listing exists at time of analysis, but the attack is trivially executable by any party possessing the webhook URL.
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site scripting in IBM Datacap and Datacap Navigator 9.1.7 through 9.1.9 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript within the Web UI, targeting authenticated users during active sessions. Successful exploitation can lead to credential theft or session hijacking by abusing the trust context of a legitimate user's browser. No public exploit code has been identified at time of analysis, and IBM has released a patch via official advisory.
Path traversal in Keras 3.14.0 exposes local file systems to arbitrary file and directory creation when processing maliciously crafted model files. The DiskIOStore.make method constructs directory paths from user-supplied layer names without sanitizing directory traversal sequences (..); since only forward slashes are blocked, embedding .. components in a layer name allows escape from the intended temporary working directory during model save or load operations. No active exploitation (CISA KEV) and no public proof-of-concept has been identified at time of analysis; however, EPSS data was not provided, leaving probabilistic exploitation likelihood unquantified.
World-readable configuration file permissions in motionEye <= 0.43.1b4 expose the admin SHA1 password hash to any local user account on the host. The flaw affects both supported installation methods (manual and motioneye_init), making it a software default rather than a deployment error. Proof-of-concept code is publicly available in the vendor's GitHub Security Advisory; when chained with GHSA-45h7-499j-7ww3 (hash-as-signing-key authentication bypass) and CVE-2025-60787 (OS command injection requiring admin auth), a local unprivileged attacker can escalate to the Motion daemon user - often root - without any elevated privileges. No active exploitation is confirmed in CISA KEV at time of analysis.
Heap-based buffer overflow in dnsmasq's DNSSEC logging path enables remote denial of service against instances where both DNSSEC validation and query logging are simultaneously enabled. When dnsmasq receives a DS or DNSKEY DNS response containing an algorithm or digest type it does not recognize, its logging routine writes past the end of an internal heap-allocated buffer, corrupting memory and crashing the process. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the network-deliverable attack vector (PR:N) makes the configuration prerequisite the primary limiting factor for defenders.
Incorrect default file permissions in Browserbase's Autobrowse Trace Artifact Handler (versions up to 20260526) expose locally stored trace artifact files to low-privileged users on the same host, resulting in unauthorized information disclosure. A public exploit (poc.sh) was released without a vendor patch, as the vendor did not respond to responsible disclosure. With a CVSS 4.0 score of 1.9, the attack is strictly local and limited to confidentiality impact; no KEV listing exists, but publicly available exploit code lowers the bar for exploitation in shared-host environments.
Server-side request forgery in phpseclib's X.509 validation allows unauthenticated network attackers to force the validating server to open arbitrary outbound connections to attacker-controlled hosts, including internal loopback addresses (127.0.0.1) and cloud metadata endpoints (169.254.169.254). The flaw exists because X509::validateSignature() unconditionally fetches URLs embedded in the Authority Information Access extension of untrusted certificates with no blocklist or destination filtering - and this behavior is enabled by default across all three maintained release branches. No CISA KEV listing exists at time of analysis, and no weaponized public exploit was referenced, though the GitHub advisory provides exact file and line references making the trigger path immediately reproducible.
Out-of-bounds read and denial-of-service in Zephyr RTOS's ext2 filesystem parser expose embedded devices to filesystem-level attacks via maliciously crafted disk images. The flaw resides in ext2_fetch_direntry() (subsys/fs/ext2/ext2_diskops.c), where insufficient validation of on-disk directory entry fields - specifically de_rec_len and de_name_len against block boundaries - allows a crafted ext2 image to trigger an oversized memcpy (out-of-bounds read) or a zero-progress infinite loop when de_rec_len equals zero. All Zephyr versions are indicated as affected per the wildcard CPE, no public exploit code has been identified at time of analysis, and this CVE is not currently listed in CISA KEV.
Path traversal and sandbox escape in LangChain prior to 1.3.9 allow untrusted inputs - including LLM-generated content steered by adversarial prompts - to escape a configured filesystem root boundary. Three components are affected: a file-search agent middleware that validates a starting directory but not glob patterns or symlink targets; prompt and chain/agent configuration loaders that resolve path fields without root confinement; and path-prefix authorization logic that performs string-prefix comparison without segment boundaries, allowing sibling paths to bypass access controls. No public exploit code has been identified at time of analysis and this CVE does not appear in CISA KEV, but the risk is meaningful for any deployment that exposes LangChain filesystem agents to untrusted user input or LLM prompt injection.
Stored cross-site scripting in IBM TRIRIGA Application Platform 5.0.2 and 5.0.3 allows an authenticated low-privileged user to inject arbitrary JavaScript into the Web UI, which executes in the browser context of other users who view the affected page - enabling session hijacking and credential theft within trusted sessions. No public exploit code has been identified at time of analysis, and IBM has released a patch via their support advisory. The CVSS score of 5.4 (Medium) reflects the authentication prerequisite and limited direct impact scope, though the credential disclosure risk elevates practical severity for privilege-escalation scenarios.
The /gitlab connect slash command in Mattermost fails to enforce administrator-level authorization on the setDefaultInstance call, enabling any authenticated user to overwrite the workspace-wide default GitLab instance configuration. Affected across four concurrent release trains (11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17), this missing authorization flaw (CWE-862) is exploitable by any valid Mattermost account holder without elevated privileges. No public exploit code or active exploitation has been identified at time of analysis, but the low attack complexity and low privilege requirement make this accessible to any workspace member targeting GitLab integration infrastructure.
Stored cross-site scripting in IBM Engineering Workflow Management's Web UI enables an authenticated low-privileged attacker to inject arbitrary JavaScript that executes in the browser sessions of other users, including administrators, within the same trusted application context. Affected versions span 7.0.3 through 7.0.3 Interim Fix 020 and 7.1 through 7.1 Interim Fix 007. The scope-changed CVSS vector (S:C) confirms that impact crosses the attacker's own session boundary, creating a realistic path to credential theft or session hijacking against higher-privileged users. No public exploit code exists and this CVE is not listed in the CISA KEV catalog at time of analysis.
Broken object level authorization (BOLA) in Paymenter's ticket creation endpoint allows any authenticated customer to reference another account's service by substituting the service ID in the HTTP request, causing support personnel to inadvertently review that third-party service. The flaw affects all Paymenter installations running versions prior to 1.5.0 (pkg:composer/paymenter/paymenter). No confirmed active exploitation (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the attack requires only a valid customer account and basic HTTP manipulation, making real-world abuse accessible to low-sophistication actors.
Unauthenticated arbitrary S3 object write in Budibase server (npm/@budibase/server before 3.39.2) lets any remote caller who learns a workspace ID and S3 datasource ID obtain attacker-chosen PutObject presigned URLs signed with the workspace's stored AWS credentials. The /api/attachments/:datasourceId/url route is gated only by reCAPTCHA - no authentication, builder role, or datasource permission check - so an unauthenticated attacker can write arbitrary objects to any bucket the stored credentials can reach. No public exploit identified at time of analysis, though the advisory publishes a step-by-step non-destructive PoC.
Unenforced resource limits on the POST /app/demo endpoint in Capgo before 12.128.2 allow any authenticated user holding org write permissions to create unlimited demo applications, each triggering approximately 138 database write operations. Sustained abuse degrades platform performance, inflates infrastructure costs, and can cause service instability for all tenants sharing the backend. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low exploitation complexity for any org-level member makes compromised-account or insider-threat scenarios operationally realistic.
Cross-workspace chatflow configuration disclosure in Flowise before 3.1.2 allows any holder of a valid API key for one workspace to read the full configuration of unprotected chatflows belonging to all other workspaces in the same instance. The `/api/v1/chatflows/apikey/:apikey` endpoint's database query omits a workspace scope filter when the `keyonly` parameter is absent (the default), causing it to return every chatflow system-wide where `apikeyid` is NULL or empty - including `flowData`, system prompts, `chatbotConfig`, `apiConfig`, and credential IDs from unrelated tenants. No public exploit code or CISA KEV listing has been identified at time of analysis, but the vulnerability is trivially reproducible given the disclosed source code and standard HTTP tooling.
Subkey permission bypass in Capgo before 12.128.2 allows authenticated API users to escalate from restricted subkey scope to full main API key privileges by sending malformed x-limited-key-id header values. The parsing flaw - triggered by submitting zero, NaN-coercible, or duplicate header values - causes the subkey scoping enforcement to evaluate to falsy, silently falling through to the unrestricted main API key context. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, but the bypass is mechanically straightforward for any holder of a valid subkey credential.
Server-Side Request Forgery (SSRF) in n8n's dynamic node parameters endpoint allows authenticated users with credential access to bypass the platform's Allowed HTTP Request Domains restriction, causing the n8n server to issue outbound HTTP requests carrying stored credentials to attacker-controlled or unauthorized hosts. All n8n deployments prior to version 2.20.0 are affected regardless of domain restriction configuration, as the restriction is not enforced on the POST /rest/dynamic-node-parameters/options endpoint. No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack is low-complexity once authentication is obtained.
Reflected XSS in Nuxt 3.x before 3.21.7 and 4.x before 4.4.7 enables client-side script execution in the application's first-party origin when user-controlled input is passed to the `navigateTo()` composable's `open` parameter. The client-side early-open handler invoked `window.open(toPath, ...)` without running the `isScriptProtocol` check that guards the normal navigation path, allowing `javascript:`, `data:`, and `vbscript:` scheme URLs to reach `window.open()` directly. No active exploitation has been confirmed (not listed in CISA KEV), but vendor-released patches are available in versions 4.4.7 and 3.21.7.
Filament's login page leaks account existence through a measurable timing side-channel, allowing unauthenticated remote attackers to enumerate registered email addresses. Versions 4.0.0 through 4.11.4 and 5.0.0 through 5.6.4 of this widely-used Laravel full-stack component library are affected. The impact is confined to account enumeration - no credentials, session tokens, or other data are exposed - but the disclosed information can seed targeted phishing or credential-stuffing campaigns. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.
Server-side open redirect in Nuxt's `navigateTo` composable allows unauthenticated network attackers to bypass external-host checks by submitting path-normalized payloads such as `/..//evil.com` or `/.//evil.com`, which WHATWG URL parsing resolves to the protocol-relative URL `//evil.com`. Affected versions are Nuxt 4.0.0-4.4.6 and all 3.x releases before 3.21.7. Because Nuxt documentation presents `navigateTo` as the safe, built-in mechanism for post-login redirects, applications commonly pass unvalidated user-supplied redirect parameters directly to it - making OAuth authorization-code theft and phishing the principal real-world risks. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV.
Open redirect in Nuxt 3.x before 3.21.7 and 4.x before 4.4.7 allows remote unauthenticated attackers to redirect victims to arbitrary external hosts by supplying protocol-relative paths such as `//evil.com` to the `reloadNuxtApp` composable. The function's only security gate checks whether the resolved URL's scheme is a script protocol; protocol-relative paths inherit the page's own scheme (`https:`), pass that check, and are then written directly to `window.location.href`. The practical consequence is phishing and OAuth authorization-code theft on any application that forwards user-controlled input into `reloadNuxtApp`. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the GHSA advisory notes this is part of a broader cluster of three URL-handling weaknesses in Nuxt's navigation APIs.
Forced browsing exposure in IBM Datacap and IBM Datacap Navigator 9.1.7 through 9.1.9 allows a highly privileged local user to access application resources and functionality not surfaced in the UI by constructing direct URL requests, bypassing the intended UI-driven access control model. The impact is limited to partial confidentiality disclosure (C:L) with no integrity or availability consequence, and no exploitation has been confirmed - no public exploit code exists and this CVE is absent from the CISA KEV catalog. IBM has released a patch addressing all affected versions.
DNS rebinding against the Glances XML-RPC server (`glances -s`) allows a network-adjacent or remote attacker to exfiltrate the full system monitoring dataset - including process command lines that routinely contain secrets - from a victim's browser without any authentication. The `GlancesXMLRPCHandler` in `glances/server.py` accepts arbitrary HTTP `Host` headers without validation, an omission that persists while the REST/WebUI server received an equivalent fix (TrustedHostMiddleware, v4.5.2) and the MCP server was protected since v4.5.1. No active exploitation is confirmed (not in CISA KEV), but a detailed proof-of-concept is published in the vendor's GitHub security advisory GHSA-w856-8p3r-p338 and the attack is materially amplified by the companion CORS wildcard issue CVE-2026-46608.
Blind Server-Side Request Forgery in Paymenter's PayPal gateway module (versions < 1.5.0) allows remote unauthenticated attackers to coerce the application server into issuing arbitrary HTTP GET requests by supplying a malicious URL in the PAYPAL-CERT-URL HTTP header. The webhook endpoint at /extensions/paypal/webhook passes this header directly to PHP's file_get_contents() with no allowlist, domain validation, or signature pre-check, violating the security intent of PayPal's certificate verification flow. No public exploit has been identified at time of analysis, but the zero-prerequisite attack surface and public advisory disclosure make this an accessible target for any unauthenticated actor who can reach the endpoint.
Unvalidated redirect in Venueless social login allows phishing attacks by abusing the trusted domain reputation of legitimate event platform instances. Any Venueless deployment with social login enabled is affected across all tracked versions (CPE wildcard), and an attacker can craft a social login URL embedding an arbitrary external redirect destination that executes silently after a victim completes OAuth authentication. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low attack complexity and authentication-flow context make this a credible phishing vector against event attendees and organizers.
Formula injection in Venueless Excel exports allows an attacker with a low-privilege account to embed malicious spreadsheet formulas into user-supplied data fields, which execute when an administrator opens the generated export file. Affected deployments include all versions of Venueless (pretix) as indicated by the wildcard CPE entry. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low attack complexity and the availability of a GitHub security advisory signal a credible, reproducible attack path against administrative workflows.
Unlimited OTP brute-force against AIL Framework's two-factor authentication endpoint allows an attacker who already possesses a valid account password to bypass the second authentication factor entirely and gain unauthorized account access. The verify_2fa() route accepted an unbounded number of OTP submissions without incrementing a failure counter or enforcing a lockout, and the implementation uses counter-based HOTP rather than time-limited TOTP, removing the time-window throttle that would otherwise constrain brute-force speed. No public exploit code or CISA KEV listing exists at time of analysis, but the prerequisite of a valid password - obtainable via phishing or credential dumps - makes this a realistic threat against any AIL deployment where 2FA is meant to serve as a meaningful access boundary.
Stored Cross-Site Scripting in Digiwin's EasyFlow .NET workflow platform enables authenticated low-privilege attackers to inject persistent JavaScript that executes in other users' browsers on page load. The CVSS 4.0 vector (PR:L/UI:P/SC:L/SI:L) confirms the attacker requires a valid low-privilege account to plant the payload, while victims trigger execution passively by navigating to affected pages - including administrators who may have elevated session privileges worth hijacking. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing real-world risk in the medium tier, concentrated in multi-tenant or shared-user deployments.