Remote code execution in Vtiger CRM before 8.4.0 lets an authenticated low-privileged user upload a malicious .phar file through the Documents module and execute arbitrary PHP. The extension denylist in config.inc.php omits .phar, and a stale Apache 2.2-syntax .htaccess is silently ignored on Apache 2.4, so the payload lands in a web-accessible directory reachable by unauthenticated HTTP - the attack begins authenticated but the final execution step is unauthenticated. Publicly available exploit code exists (published by VulnCheck/Jiva Security); no CISA KEV listing and no EPSS score were provided.
Authenticated remote code execution in Vtiger CRM through version 8.4.0 lets an administrator upload a crafted ZIP archive through the ModuleManager import feature and drop executable PHP files directly into the web-root modules/ directory, yielding a persistent web shell. Because Apache resolves and executes those PHP files before Vtiger's routing layer runs, the resulting shell bypasses the application's authentication entirely and survives independently of the attacker's login session. Publicly available exploit code exists (VulnCheck / Jiva Security), though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.
Local privilege escalation in MSI Feature Manager (GameGaraj) stems from its bundled KernCoreLib64.sys kernel driver exposing IOCTL handlers that any logged-on user can reach without administrator rights, granting arbitrary physical memory read/write and unrestricted I/O port access. Any low-privileged user on an affected Windows host can leverage this to manipulate kernel objects, tamper with kernel callbacks, bypass Protected Process Light (PPL), and disable endpoint security. Publicly available exploit code exists (published by VulnCheck), though there is no public exploit identified as being used in active attacks at time of analysis.
Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg).
Remote code execution in the Oraios Serena MCP coding toolkit (prior to v1.5.2) lets a malicious webpage hijack a developer's local coding agent via DNS rebinding. Serena's built-in web dashboard runs an unauthenticated Flask API on a fixed, predictable port with no auth, no CSRF protection, and no Host-header validation, so any site the victim visits while Serena is running can write attacker-controlled content into the agent's persistent memory store; because the agent autonomously reads that memory and can invoke execute_shell_command with shell=True, this chains to code execution on the developer's machine. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.
Arbitrary code execution via an out-of-bounds write (CWE-787) affects an industrial control system product covered by CISA ICS advisory ICSA-26-188-06, where an attacker can corrupt memory past an allocated buffer to run code in the context of the affected application. The CVSS 4.0 vector (AV:L/UI:A) indicates the flaw is triggered locally and requires a victim to actively interact - consistent with opening a malicious file or project in engineering/HMI software. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high-impact memory corruption and DHS ICS-CERT reporting warrant prompt patching in OT environments.
Local arbitrary code execution affects an unspecified industrial control system (ICS) product reported through CISA ICS-CERT (advisory ICSA-26-188-06). A stack-based buffer overflow (CWE-121) lets an attacker who can supply crafted input trigger memory corruption and run arbitrary code once a local user interacts with the malicious data, fully compromising confidentiality, integrity, and availability. No public exploit identified at time of analysis and the affected vendor/product is not disclosed in the available data.
Arbitrary code execution in an unnamed ICS/OT application arises from a use-after-free (CWE-416) triggered when the software parses a specially crafted file, letting an attacker run code in the context of the current process. The flaw was reported through CISA's ICS-CERT (advisory ICSA-26-188-06) and carries a CVSS 4.0 base score of 8.4; exploitation is local and requires a user to open the malicious file. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV.
Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.
Path traversal leading to remote code execution in Coolify (self-hosted PaaS) before 4.0.0-beta.474 allows an authenticated user to abuse insufficient filename sanitization in the PostgreSQL initialization-script generator (generate_init_scripts() in app/Actions/Database/StartPostgresql.php) to write files outside the intended directory and execute commands during database init. Any user with sufficient privileges to provision a PostgreSQL resource can escalate to code execution on the Coolify host. No public exploit identified at time of analysis, though the fix commit and security advisory publicly disclose the vulnerable code path.
Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user with write access to any subtree to inject a malicious sudoRole object and gain root-level sudo on every SSSD-enrolled host. The flaw exists because, when ldap_sudo_search_base is left unset, SSSD searches the entire directory tree for sudoRole objects, trusting rules planted anywhere in the DIT. Rated CVSS 8.8 by Red Hat and reported against RHEL 6 through 10 and OpenShift Container Platform 4; no public exploit identified at time of analysis and it is not listed in CISA KEV.
OS command injection in Coolify (self-hosted server/application/database management platform) versions prior to 4.0.0-beta.471 allows an authenticated low-privileged member to run arbitrary commands as root on managed servers by embedding shell metacharacters in persistent volume names, which are interpolated unescaped into shell commands during volume operations. The CVSS 3.1 score is 8.8 (High) with a network vector requiring only low privileges. No public exploit identified at time of analysis; an upstream fix commit and a tagged patched release exist.
Authenticated command injection in Coolify (self-hosted server/application/database management platform) before 4.0.0-beta.466 lets a user with access to a server's Sentinel settings embed shell metacharacters in the sentinel_token value, which is passed unsanitized into a shell command and executed on the host the next time Sentinel is restarted (CWE-78). The flaw yields full host command execution with confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor has released a fixed build (v4.0.0-beta.466) with an available upstream commit.
OS command injection in Coolify (self-hosted server/app management platform) before 4.0.0-beta.471 lets an authenticated user embed shell metacharacters in a LocalPersistentVolume storage name, which is interpolated unescaped into docker volume shell commands and executed on managed servers when the associated resource is deleted. Rated CVSS 8.8 (CWE-78), it yields arbitrary command execution on downstream hosts controlled by the Coolify instance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed in release 4.0.0-beta.471.
Command injection in Coolify before 4.0.0-beta.471 lets an authenticated user break out of the pre-deployment and post-deployment command fields and run arbitrary shell statements on the target deployment server. The supplied commands are single-quote escaped but then piped through an SSH heredoc transport that preserves newlines, so newline-delimited injected statements survive escaping and execute during deployment. No public exploit is identified at time of analysis, though the fixing pull request and commit are public and make the root cause easy to reconstruct; CVSS is 8.8 (High).
OS command injection in Coolify, the open-source self-hostable server/application/database management PaaS, allows an authenticated user with permission to edit application settings (versions prior to 4.0.0-beta.469) to run arbitrary commands on the managed host. The flaw lives in the executeInDocker() helper, which wraps user-controlled values in single quotes without escaping embedded quotes, letting an attacker break out of the quoted shell context during deployments and escape the intended Docker container confinement. No public exploit identified at time of analysis; this is not listed in CISA KEV.
OS command injection in Coolify's self-hosted server-management platform (all versions prior to 4.0.0-beta.471) lets any authenticated team member execute arbitrary shell commands on any managed remote server. The flaw lives in the Livewire Server\Resources component, whose public startUnmanaged/stopUnmanaged/restartUnmanaged methods take a browser-supplied container ID and interpolate it unescaped into SSH-executed shell commands. No public exploit identified at time of analysis and it is not in CISA KEV, but the trivially low complexity (CVSS 8.8) makes exploitation straightforward for anyone with a team account.
OS command injection in Coolify's self-hosted server/app management platform lets an authenticated user achieve remote code execution on the underlying host via a malicious database import container name. The database import Livewire component passes client-controlled container and server properties into shell commands without locking or validation, so any low-privileged authenticated user can inject arbitrary commands. Rated CVSS 8.8 and fixed in 4.0.0-beta.471; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authentication bypass in MicroRealEstate (open-source property/real-estate management platform) through version 1.0.0-alpha3 lets remote unauthenticated attackers brute-force the One-Time Password (OTP) login flow to authenticate as any user. Because the OTP tokens are not tracked in server-side state, codes are not invalidated or rate-limited across attempts, collapsing the effective keyspace and enabling account takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
OS command injection in Coolify (self-hosted server/application/database management platform) before 4.0.0-beta.466 lets an authenticated user execute arbitrary commands on the host by supplying log drain secret or environment values that are interpolated into shell commands without proper encoding. Because Coolify orchestrates the underlying host, the injected commands run with the platform's host-level context, effectively yielding host takeover. No public exploit identified at time of analysis; this is not in CISA KEV and no POC is referenced, so risk is driven by the ease of authenticated exploitation rather than confirmed in-the-wild activity.
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
Remote code execution in DataEase before 2.10.24 allows an authenticated attacker to bypass the prior H2 zip-protocol and file-dropper hardening by uploading a ZIP archive masquerading as a font file (.ttf) via the FontManage.saveFile endpoint, then invoking the H2 database zip protocol against it to execute arbitrary code on the server. The flaw is a regression that defeats an earlier fix, and carries a CVSS 4.0 score of 8.7 (High). No public exploit has been identified at time of analysis, but the vendor GitHub Security Advisory (GHSA-8x36-774q-pwqg) and two remediation commits are published.
Privilege-escalation-capable LDAP injection in HAVELSAN Liman MYS (all releases before Master.1107) lets an authenticated attacker inject unsanitized special characters into LDAP queries, subverting directory-backed authentication and authorization logic. Because Liman is typically wired into corporate LDAP/Active Directory for login, a successful injection can expose directory data, bypass access controls, and manipulate query results. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list; risk is driven by the high CVSS 8.8 rating rather than confirmed in-the-wild activity.
{id} route is explicitly whitelisted from authentication, exported data files can be pulled by fully unauthenticated remote attackers, matching the vendor's CVSS 4.0 PR:N rating (8.7, High). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial ID-enumeration attack pattern makes exploitation straightforward once the endpoint is reachable.
Denial of service in the Phoenix Framework (Elixir) affects any endpoint mounting a Phoenix.Socket with a reachable WebSocket or LongPoll channel transport, in versions from 0.11.0 up to the fixed 1.5.15, 1.6.17, 1.7.24, and 1.8.9. Because transports place no cap on channels joined per connection, one unauthenticated client can stream unlimited phx_join messages down a single connection to spawn hundreds of thousands of channel processes and exhaust the BEAM process table, taking the whole node offline. Rated CVSS 4.0 8.7 (availability-only impact); no public exploit identified at time of analysis, though the mechanics are described in detail in the vendor advisory.
Arbitrary code execution in DataEase before 2.10.24 lets authenticated users bypass H2 JDBC URL validation using special Unicode characters whose case conversion differs between DataEase's validator and the H2 parser, smuggling dangerous parameters such as INIT into a malicious H2 connection string. Because H2's INIT clause executes SQL/DDL at connection time, an attacker can run arbitrary code on the host. No public exploit has been identified at time of analysis, but a fix commit and release exist, making the mechanism reproducible from the public patch.
Denial of service in GNU Wget through 1.25.0 lets a malicious or compromised HTTP(S) server crash the client by serving a Metalink document whose URL element contains only whitespace, causing clean_metalink_string() in src/metalink.c to decrement a pointer past the start of the heap buffer. The out-of-bounds read (CWE-125) produces abnormal program behavior and is reported by VulnCheck; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The fix landed upstream in GitLab commit 37a40fc.
Unauthorized portfolio data exposure in Ghostfolio's public API allows anyone holding a private access ID to read another user's full portfolio through the GET /api/v1/public/:accessId/portfolio endpoint. The endpoint accepts private access IDs without enforcing the granteeUserId filter, so holdings, quantities, buy prices, and performance metrics are returned without authentication. This is an authorization (broken access control) flaw with high confidentiality impact and no known public exploit at time of analysis.
Authentication bypass in DataEase open-source BI platform before 2.10.24 lets unauthenticated remote attackers who know a protected share UUID retrieve a valid X-DE-LINK-TOKEN from the /de2api/share/proxyInfo endpoint, because the token is issued before the share password or ticket is checked. With that token an attacker can call subsequent share APIs and read data behind password-protected dashboards without valid credentials. No public exploit identified at time of analysis; the flaw is fixed in 2.10.24.
SQL injection in DataEase before 2.10.24 lets an authenticated user inject arbitrary SQL into queries run against configured datasources by supplying malicious quota (chart aggregation) or Y-axis filter values. The flaw sits in Quota2SQLObj.getYWheres(), which embeds attacker-controlled filter values directly into generated SQL while skipping the literal validation and escaping that other filter paths enforce. No public exploit identified at time of analysis, but the fixing commit and GitHub Security Advisory publicly disclose the exact vulnerable code path.
Broken access control in DataEase before 2.10.24 lets any authenticated low-privilege user reach the /de2api/datasetData/previewSql endpoint, which is missing its mandatory @DePermit authorization check, and pass datasourceId=-1 to hit the built-in engine database and execute arbitrary SQL. This CWE-862 missing-authorization flaw exposes sensitive core application data and carries a CVSS 4.0 base score of 8.7 (High). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Arbitrary file deletion in the WordPress Frontend File Manager Plugin (versions up to and including 23.6) lets unauthenticated visitors remove any file on the server when guest upload mode is enabled, because a user-supplied file path is not validated before the delete operation. Removing critical files such as wp-config.php drops the site into its installation/setup routine, which an attacker can chain toward a complete site takeover. No public exploit is identified at time of analysis and EPSS is low (0.15%, 4th percentile), but the unauthenticated network vector and scope-changing impact make this a serious risk for exposed sites running the vulnerable configuration.
Cross-tenant file disclosure in FastGPT prior to v4.15.0-beta5 allows an attacker to read another team's stored files by supplying that team's S3 object key to the chat-file presign or dataset preview endpoints. The handlers authorize an unrelated resource but then sign or read the S3 object using a request-supplied key without verifying tenant ownership, so global bucket keys become an IDOR primitive. No public exploit code has been identified at time of analysis, though the upstream fix (PR #7104 / commit decb6d2) reveals the exact vulnerable code path.
Arbitrary Python code execution in calibre (e-book manager) before 9.10.0 lets attackers run code on a victim's machine simply by having them import or edit a malicious EPUB, OPF, or PDF. The crafted file embeds a custom column definition containing a python: template inside the calibre:user_metadata field, which calibre passes unsanitized to exec() in its template formatter during routine metadata reading (Add books / Edit books). No public exploit has been identified at time of analysis, but the flaw triggers through normal user workflows, making weaponized e-book files a realistic delivery vector.
Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.
Privilege escalation in ARC Informatique PcVue SCADA/HMI software (all versions prior to 17.0.0) arises because the encryption algorithm protecting user-account configuration in the built-in user directory is cryptographically inadequate (CWE-326). A local attacker with low privileges can decrypt or tamper with the stored account configuration and ultimately obtain privileged access to the PcVue application. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 base score is 8.4 (High).
Authentication bypass in DataEase before 2.10.24 lets remote attackers forge valid share-link JWTs because ShareSecretManage ships with a hardcoded signature key (link-pwd-fit2cloud). An attacker who has obtained any passwordless share can mint linkToken JWTs that pass TokenFilter verification and access backend resources as the original share creator, even after that share has been revoked. There is no public exploit identified at time of analysis, but the hardcoded key is disclosed in the advisory, making forgery trivial once the signing algorithm is known.
Pre-account-hijacking in the better-auth Node/TypeScript authentication library (versions < 1.6.11 on the stable line and all current `next` pre-releases) lets an unauthenticated attacker seize a victim's account by pre-registering the victim's email via `/sign-up/email`, then having the victim's later OAuth/SSO sign-in implicitly linked to the attacker's row. The result is a single account the attacker controls with a working password login plus the victim's OAuth identity, and the link-time verification flip defeats `requireEmailVerification: true`. No public exploit identified at time of analysis; not listed in CISA KEV, though the flaw is the same class as Microsoft nOAuth (2023) and the Sign in with Apple JWT flaw (2020).
Privilege escalation and unauthorized functionality access in HAVELSAN Liman MYS (Yönetim Sistemi) before release.Master.1107 allows an authenticated low-privileged user to invoke functions that should be gated by access-control lists. Because certain endpoints fail to enforce authorization (CWE-862), a limited user can reach administrative or restricted operations, enabling significant integrity and availability impact. No public exploit identified at time of analysis; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).
Information disclosure in Armiya Information Technologies' Access Control System (GKS) before Version 2 allows remote unauthenticated attackers to collect sensitive data from common resource locations due to a missing authorization check. Because the affected endpoints do not verify that a requester is entitled to the data they return, an attacker who can reach the system over the network can harvest information without credentials. No public exploit is identified at time of analysis and the flaw is not listed in CISA KEV, but the CVSS 8.2 rating and CWE-862 root cause make it a meaningful exposure for any accessible deployment.
Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4. Because ad_gpo_extract_smb_components() fails to sanitize '..' sequences in the gPCFileSysPath LDAP attribute (CWE-23), an actor holding AD GPO management rights can force an SSSD-enrolled host to write attacker-controlled files outside the GPO cache as root, injecting Kerberos configuration to bypass authentication. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Refresh-token family forking in better-auth's OAuth provider plugin (@better-auth/oauth-provider 1.6.0–1.6.10, and embedded in better-auth 1.4.8-beta.7–1.5.x) lets a race condition on the /oauth2/token refresh_token grant split one parent refresh token into multiple valid child families, defeating RFC 9700 reuse detection. An attacker holding a stolen refresh token who times two concurrent redemptions can obtain a persistent, independently-rotating branch that survives revocation of the legitimate user's branch and never trips family-invalidation. No public exploit is identified at time of analysis and the flaw is not listed in CISA KEV, but the security impact is indefinite unauthorized access plus detection bypass at the victim's full authorization scope.
Signature verification bypass in HAVELSAN Liman MYS (versions before release.Master.1107) lets remote attackers forge the source/authenticity of data - tagged as a JWT attack - enabling identity spoofing and likely authentication bypass. Per CVSS the vector is network-based and unauthenticated (AV:N/PR:N) with high impact to confidentiality and integrity. No public exploit is identified at time of analysis and it is not on CISA KEV.
{uuid} endpoint performing a state-changing password reset when merely visited. In versions prior to 4.0.0-beta.471, an attacker who knows a victim's invitation UUID and lures them to a crafted link can silently reset the victim's account password to a predictable value and seize the account. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the fix is confirmed in release v4.0.0-beta.471.
Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in read_RLE_channel(), producing an undersized heap allocation for the RLE row-length table that is then overwritten row-by-row, potentially yielding denial of service or arbitrary code execution. The flaw affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9 and is triggered when a victim opens or imports a crafted PSD file. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Server-side request forgery in QuantumNous New API (an open-source LLM API gateway/proxy) lets any authenticated low-privilege user coerce the server into making HTTP requests to internal or cloud-metadata IP addresses via notification URL configuration. Because the default SSRF protection (ApplyIPFilterForDomain disabled) validated only the literal hostname against domain allow/block lists and never resolved and re-checked the destination IP, a user could set Webhook, Bark, or Gotify notification URLs whose hostname points at internal services. No public exploit identified at time of analysis; the flaw is fixed in v0.12.0-alpha.1 and rated High (CVSS 7.7).
Cross-tenant log disclosure in Coolify (self-hosted PaaS) before 4.0.0-beta.466 lets any authenticated user read application logs belonging to other teams by supplying a victim resource's UUID. The Logs::mount() component resolves resources by UUID alone without verifying the caller's team ownership, breaking the multi-tenant isolation boundary. Rated CVSS 7.7 (CWE-639, IDOR); no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is a one-line-class authorization check that is trivially reversible from the public commit.
Server-side request forgery in FastGPT before 4.15.0-beta4 lets an authenticated team member abuse the HTTP-tool OpenAPI schema importer to reach internal-only services and cloud instance metadata. Because the importer only validates the top-level URL and then hands the document to SwaggerParser.bundle, whose $ref resolver fetches remote references without FastGPT's internal-address guard, fetched content is returned inline to the caller. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the vendor advisory (GHSA-72hf-5382-2mq9) confirms the flaw and its fix.
Path traversal in Goploy's `/deploy/fileDiff` endpoint (versions <=1.17.5) enables any authenticated low-privilege member to read arbitrary files on both the Goploy host and every SFTP-managed remote server registered in the system. The dual file read returns local content in the `srcText` response field and remote server content in `distText`, multiplying the blast radius across all managed deployment targets. Publicly available exploit code exists per the GitHub Security Advisory; this is not listed in CISA KEV, but exploitation conditions are trivially met under default Goploy configuration.
Privilege escalation and account/organization takeover in the better-auth Node/TypeScript library affects applications using the organization plugin with unverified email sign-up enabled (emailAndPassword without requireEmailVerification). Because acceptInvitation treats a plain email-string match as proof of address ownership, an attacker who pre-registers an unverified account keyed to a victim's address and obtains a leaked invitationId can accept an admin's invitation and join the organization at the invited role. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but the mechanism is fully documented in the vendor advisory (GHSA-fmh4-wcc4-5jm3).