Least-privilege violation in the D-Link DIR-823G router (firmware 1.0.2B05_20181207) stems from insecure configuration of the Boa web server via /etc/boa/boa.conf, allowing an authenticated remote attacker to abuse over-broad privileges to compromise confidentiality, integrity, and availability. Publicly available exploit code exists, but the CVSS 4.0 vector rates attack complexity high (AC:H) and vendor guidance notes exploitation is difficult; there is no public exploit identified as actively exploited (not in CISA KEV). EPSS data was not supplied, but the low-privilege network vector combined with full CIA impact makes this a meaningful risk on exposed devices.
Unauthenticated remote attackers can completely bypass access controls on Everest Forms REST API endpoints in all plugin versions before 3.5.0, enabling them to read onboarding status data, modify plugin settings, and send emails from the WordPress site to arbitrary addresses. The flaw arises because the capability check is conditioned on an attacker-controllable HTTP request header - omitting or altering that header disables the authorization gate entirely. A publicly available proof-of-concept exploit exists, and SSVC assessment confirms the attack is automatable; however, this vulnerability is not in CISA KEV, and EPSS sits at 0.14%, suggesting limited observed exploitation despite the low barrier to entry.
Reflected XSS in YesWiki's Bazar widget handler allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by sending a crafted URL containing a double-quote-breaking payload in the `id` GET parameter. The handler at `tools/bazar/handlers/__WidgetHandler.php` performs no authentication or access-control check before rendering the vulnerable template, and `strip_tags()` is misused as an output encoder - it removes tags but leaves double quotes intact, enabling attribute injection across two sinks (`data-formid` and `data-iframeUrl`). A working proof-of-concept was validated on the official doryphore 4.6.5 release; no public exploit identification as KEV-confirmed active exploitation exists at time of analysis, but a complete PoC with exact payloads is publicly available as part of the advisory.
SQL injection in code-projects Interview Management System 1.0 exposes the application to remote, unauthenticated database manipulation via the ID parameter in /inc/classes/View.php. An attacker with network access can read, modify, or partially disrupt data stored in the underlying database with no authentication required and no user interaction needed. A public exploit exists (referenced via GitHub at https://github.com/susususua-AI/CVE/issues/2), though no active exploitation has been confirmed by CISA KEV as of this analysis.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows unauthenticated remote attackers to manipulate the Username parameter on /login.php, potentially bypassing authentication or extracting database contents. A publicly available proof-of-concept exploit exists, published via a GitHub issue and documented in VulDB entry 377116. No CISA KEV listing is present, but the combination of network accessibility, no authentication requirement, and a live POC makes this a practical risk for any exposed deployment.
Cookie forgery in WP Support Plus Responsive Ticket System (WordPress plugin ≤9.1.2) allows unauthenticated network attackers to impersonate any guest ticket owner by crafting an unsigned guest-session cookie containing the victim's email address, then reading, replying to, and closing that user's support tickets. The plugin fails to sign or verify its guest-session cookie, making the trust boundary between guest sessions trivially bypassable. A publicly available proof-of-concept exists per WPScan; EPSS is low at 0.14% (3rd percentile), suggesting limited observed exploitation despite automation feasibility confirmed by SSVC.
Unauthenticated personal data exfiltration in WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 allows any remote attacker to download the full GDPR personal data export of any user, customer, or commenter by supplying only their email address. The plugin's data subject access request (DSAR) immediate-processing path omits an authorization check, converting a legally mandated privacy feature into a privacy breach vector. A publicly available POC exploit exists, SSVC confirms the attack is automatable, and a vendor patch has been released at version 3.1.40.
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery.
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back the response body. This results in a full-read Server-Side Request Forgery and open proxy.
Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes the process when handling crafted network requests, taking down all web-management-dependent services including J-Web, remote-access VPN, and firewall authentication until automatic process recovery. Exploitation is gated on a specific non-default configuration - remote-access VPN with pre-logon compliance check enabled - limiting the exposed population to SRX deployments that actively use this feature. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the official CVSS 5.3 score reflects the limited, reversible availability-only impact.
Stack buffer overflow in Vinchin Backup & Recovery through 9.0.0.86562 exposes the agentlink_server service to unauthenticated remote exploitation via the ModuleHandShake function. An attacker supplying an oversized _listen_uuid value triggers unsafe strcpy() into a fixed-length stack buffer, overwriting the saved return address and enabling process crash or control flow hijack. No public exploit or active exploitation has been confirmed at time of analysis, though the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms the attack is network-reachable without authentication or user interaction.
Repeated IKE negotiation failures on Juniper Junos OS (MX with SPC3 and SRX Series) cause a peer index rollover that assigns duplicate index values to new peers, triggering continuous iked process crashes and a full VPN service outage requiring system reboot. Unauthenticated network-based attackers can deliberately flood the device with failing VPN negotiations to accelerate the rollover condition. No public exploit code or CISA KEV listing exists at time of analysis, but the network-reachable, zero-privilege attack vector makes this a meaningful risk for any organization relying on Juniper-based VPN infrastructure with iked enabled.
Heap buffer overflow in Vinchin Backup & Recovery through version 9.0.0.86562 allows unauthenticated remote attackers to crash the agentlink_server process or corrupt heap memory without any prior access or user interaction. The agentlink_server service accepts a TCP packet body_len field without bounds validation, passing the attacker-controlled value directly to recv() and enabling heap writes of up to approximately 4 GiB beyond the allocated buffer. This vulnerability is not listed in CISA KEV and no public exploit code is confirmed at time of analysis, though the heap overflow magnitude raises concern for potential code execution beyond simple denial-of-service.
Junos OS Evolved exposes an internal communication process to the network via an unintended open port due to incorrect initialization, enabling unauthenticated remote attackers to interact with a service never designed for external access. Affected Juniper devices suffer limited information disclosure and elevated CPU consumption as the misbound process handles unsolicited ingress packets - a soft availability degradation rather than a crash. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated network vector across a broad version range warrants prompt patching on internet-facing routing infrastructure.
Web filtering bypass on Juniper Networks Junos OS MX Series exposes downstream resources to unauthenticated network attackers by allowing a specially formatted URL to evade the URL filtering plugin. The flaw stems from incorrect name or reference resolution (CWE-706), causing the router to forward traffic that security policy mandates be dropped. No public exploit has been identified at time of analysis, but the CVSS 4.0 score of 6.9 carries an Automatable:Yes modifier, indicating the bypass is scriptable at scale against any qualifying deployment.
License exhaustion in Juniper Networks Junos OS Evolved lets an unauthenticated, network-based attacker reach the device's license-management process, which was intended to be internal-only but is exposed on an open network port due to incorrect initialization. All Junos OS Evolved releases before 23.2R2-EVO are affected. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a credible network-facing denial-of-service risk to affected routing/switching platforms.
Unauthenticated access to the SSH keys synchronization endpoint in Nozomi Networks Guardian and CMC exposes user enumeration data and SSH public keys to any network-reachable attacker. By sending a single unauthenticated request to this endpoint, an attacker can retrieve usernames, group memberships, and uploaded SSH public keys - providing meaningful reconnaissance into the OT security platform's user base. No public exploit has been identified at time of analysis, and no CISA KEV listing exists; the CVSS 4.0 score of 6.9 reflects low confidentiality impact with no integrity or availability risk.
Unauthenticated API exposure in the Superior Court of California's Hearing Reminder Service (hrs.courts.ca.gov) permits any internet-accessible party to retrieve court reminder records containing potentially sensitive information with no credentials or preconditions. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-friction remote access, making bulk data harvesting trivial for any motivated actor. No public exploit code has been identified at time of analysis, and the service is not listed in the CISA KEV catalog, but the low technical barrier means exploitation requires nothing more than a standard HTTP request.
Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a local, low-privileged attacker to crash the l2ald (Layer 2 Address Learning Daemon) by issuing a specific 'show l2-learning' CLI command, disrupting all Layer 2 services until the process automatically restarts. The root cause is a Return of Pointer Value Outside of Expected Range flaw (CWE-466) in the fileio library. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA or the vendor.
Junos OS on Juniper EX Series access switches exposes a missing authorization flaw in the CLI that allows any locally authenticated user, regardless of privilege class or assigned permissions, to execute a specific privileged 'request' command and cause complete traffic disruption on the affected switch. Affected platforms span EX2300, EX4000, EX4100, EX4300-MP, and EX4400 across six active Junos OS release trains from 23.2 through 25.4. No public exploit has been identified at time of analysis and the system recovers automatically, but the low barrier to exploitation - any authenticated local user qualifies - makes this a meaningful insider threat in shared-access or multi-tenant switch environments.
Local File Inclusion in the WPFunnels WordPress plugin (all versions through 3.12.7) allows authenticated administrators to include and execute arbitrary PHP files on the server via the unsanitized `logKey` parameter, yielding full remote code execution when combined with file upload capability. The attack requires administrator-level WordPress credentials and high complexity - specifically the ability to place a PHP file on the server - materially limiting the exploitable population. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a routine-patching priority tier despite its severe potential impact.
NULL pointer dereference in the Juniper Networks Junos OS and Junos OS Evolved management daemon (mgd) allows a local, high-privileged attacker to crash the mgd process by manipulating a specific 'system services ssh' configuration parameter. Repeated execution of the offending configuration commands sustains the Denial of Service condition until the action ceases, as mgd will restart but crash again upon re-triggering. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog; the attack barrier is high, requiring both local access and administrative-level credentials.
Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.
CVE-2026-57157 has no published description, CVSS score, or CWE at time of analysis. The sole intelligence signal is a vendor report attributed to Ubuntu, indicating the vulnerability may affect a package in the Ubuntu ecosystem. No impact, affected versions, attack vector, or exploitation details can be determined from the available data. This analysis cannot characterize the vulnerability beyond acknowledging its existence and Ubuntu provenance.
Sensitive authentication data is inserted into network-transmitted responses in OSOS, the energy management platform by Sayax Energy Technologies Inc., enabling authenticated low-privilege users to extract credentials or session tokens and bypass authentication controls. All versions through build 09072026 are affected with no vendor patch available - TR-CERT disclosed this vulnerability but received no response from the vendor. No public exploit code has been identified at time of analysis, though the network-accessible attack vector with low complexity raises practical risk in industrial energy environments where even low-privilege account access is common.
Sensitive configuration data and credentials are exposed in API responses within HCL DevOps Deploy / HCL Launch, affecting all maintained version branches from 7.3 through 8.2.1.0. Any authenticated user with low-privilege access can retrieve secrets through standard API interactions, creating a stepping-stone for lateral movement or privilege escalation across connected deployment targets. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, but real-world risk is elevated because CI/CD platforms routinely store high-value credentials for downstream infrastructure.
Unauthorized write access to the admin backup store in Discourse allows any authenticated regular user to route S3 multipart uploads into a storage area that should be restricted to administrators. The flaw exists in ExternalUploadManager, which fails to enforce authorization checks (CWE-862) when accepting direct S3 multipart upload requests, meaning a low-privilege account holder can target the admin backup destination path without restriction. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis, but the low attack complexity and network accessibility make this a credible threat on any Discourse deployment using S3 direct uploads.
Path traversal in Mockoon prior to 9.7.0 allows unauthenticated network clients to read arbitrary files from sibling paths outside the configured static serving directory. The vulnerability exists in the `getSafeFilePath` function in `packages/commons-server/src/libs/server/server.ts`, which enforces directory confinement using a bare string-prefix check (`resolvedPath.startsWith(staticBaseDir)`) without a path-separator boundary. Because any path whose absolute form begins with the base directory string - including sibling directories sharing a common prefix - passes this check, crafted `../`-escaped values embedded in request data can escape the sandbox across HTTP sendFile, WebSocket, and callback channels. No public exploit code identified at time of analysis and no CISA KEV listing.
Regular expression denial of service in Open WebUI 0.9.2-0.9.x allows any authenticated user to block the Python asyncio event loop by sending a single malformed chat message. The SKILL_MENTION_RE and strip_re patterns in middleware.py use overlapping quantifiers when parsing skill-mention syntax, causing quadratic backtracking on input containing '<$' without a closing '>'. Because the event loop is synchronously blocked, the attack effectively takes the entire Open WebUI instance offline for all concurrent users. No public exploit code or active exploitation has been identified at time of analysis; the fix is confirmed in the v0.10.0 release.
Sensitive information exposure in the Backup and Staging by WP Time Capsule WordPress plugin (all versions through 1.22.26) allows authenticated attackers with subscriber-level access to download a previously admin-decrypted SQL database backup via the unprotected `download_recent_decrypted_file_wptc` endpoint. The downloaded backup typically contains WordPress password hashes, user credentials, and site configuration data stored in the `recent_decrypted_file` plugin option. No public exploit code exists at time of analysis, but the vulnerability is conditionally exploitable wherever subscriber-level user registration is enabled and an administrator has recently used the plugin's decrypt function.
SQL Injection in WP ERP (wedevs) versions through 1.17.5 allows authenticated HR Manager-level users to exfiltrate arbitrary data from the WordPress database via the unsanitized `orderby` parameter in the leave management module. The flaw resides in `functions-leave.php` and `LeaveRequestsListTable.php`, where user-supplied sort parameters are interpolated directly into SQL queries without escaping or prepared statements. No public exploit code is confirmed and this CVE is not listed in the CISA KEV catalog, but the confidentiality impact is high given the plugin stores HR records, payroll data, and CRM contacts.
Missing authorization on the `/api/storage/getCriteria` endpoint in SiYuan personal knowledge management software exposes saved search criteria - including private document paths, notebook and block IDs, and search/replace keyword history - to any publish-mode Reader, bypassing the access controls applied by all sibling storage endpoints. All SiYuan releases prior to 3.7.1 are affected per the vendor security advisory GHSA-px3c-cf92-9g83. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the low attack complexity and readily available fix commit make this straightforward to weaponize against exposed instances.
Discourse's AWS SES bounce webhook endpoint (POST /webhooks/aws) validates Amazon SNS message signatures but omits TopicArn binding, allowing any AWS account holder to publish legitimately signed forged Bounce notifications that revoke a targeted Discourse user's email address. Versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 across all active release branches are affected when the SES integration is enabled. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the low attack complexity and absence of Discourse-side authentication requirements make targeted abuse realistic for any motivated actor with an AWS account.
Denial of service in the RTSP service of MERCURY MIPC252W IP Camera firmware v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to crash the streaming service by sending a crafted DESCRIBE request containing a malformed URL in the request line. The root cause is improper input validation (CWE-20) in the RTSP parser, resulting in complete loss of camera availability until the device is rebooted. Publicly available exploit code exists per SSVC classification, though no confirmed active exploitation (CISA KEV) has been recorded.
Order data corruption and permanent deletion in Sylius affects authenticated customers across versions prior to 2.0.18, 2.1.15, and 2.2.6 due to a stale-state race condition in the cart LiveComponent. When an order transitions to STATE_COMPLETED while a customer's cart page remains open in a browser tab, subsequent cart actions - clearing, removing items, or adjusting quantities - are applied to the completed order rather than a fresh cart, irreversibly deleting or mutating finalized order records. No public exploit code has been identified at time of analysis, but the attack is trivially reproducible by any authenticated customer without specialized tooling, as the attacker can deliberately engineer the race condition by completing checkout in one tab while exploiting the stale cart in another.
Stored SQL injection in YesWiki's `recentchanges` action enables arbitrary read of the underlying MySQL database by any user who can save a wiki page - on default installations, this includes unauthenticated visitors. The payload is persisted as wiki page content and executes on every subsequent page load, leaking rows (including admin usernames and password hashes) rendered directly into the HTML response as hyperlinks. A fully working UNION-based proof-of-concept is included in the GitHub security advisory, confirming practical exploitability with no public exploit identified at time of analysis in CISA KEV.
{FIELD_ID}? or update? policy checks - even when both explicitly return false for the requesting user. Primarily impacts Avo Pro/Advanced multi-role deployments where non-administrator operators are expected to be constrained by per-field authorization policies. A PoC request spec confirms exploitation on Avo 3.31.2; no CISA KEV listing, so no confirmed active exploitation at time of analysis.
Unauthenticated manipulation of collaborative document state is possible in Open WebUI versions 0.6.16 through 0.9.x, where the Socket.IO server's always_connect=True configuration allows the ydoc:awareness:update and ydoc:document:leave event handlers to process requests from any connected client regardless of identity. An attacker with network access to the platform can inject false collaborative presence data or trigger spurious document-leave events, disrupting active collaboration sessions for legitimate users. No public exploit code or CISA KEV listing has been identified at time of analysis; EPSS data was not provided in the input.
Memory exhaustion in pyload's EventManager module allows authenticated remote attackers to cause a denial of service by sending large volumes of requests to the getEvents API endpoint with unique UUIDs. Each unique UUID causes a new Client instance to be appended to the internal clients list, but the existing clean() method that would purge inactive clients is never invoked anywhere in the codebase, resulting in unbounded memory growth. No public exploit is independently catalogued, but a functional proof-of-concept script was included in the disclosure, demonstrating that the attack can be executed with a valid API key and approximately 100,000 HTTP GET requests.
Unauthorized data disclosure in the Blocks for ACF Fields WordPress plugin (versions up to and including 1.6.2) allows any authenticated user holding the Author role or above to read ACF field values from arbitrary WordPress objects - including private posts, drafts, and posts owned by other users - via an insecure REST API endpoint. The flaw stems from the REST handler accepting a user-supplied post ID and passing it directly to get_field_objects() without verifying whether the requester holds read permission on that specific object, a classic object-level authorization failure (CWE-862). Reported by Wordfence; no CISA KEV listing and no standalone public exploit code identified at time of analysis, though exploitation is operationally trivial for any attacker with a valid Author-level WordPress account.
Stored Cross-Site Scripting in the AcyMailing WordPress newsletter plugin (all versions up to and including 10.10.2) permits authenticated contributors to inject persistent arbitrary scripts via the unsanitized 'alignment' attribute across both the classic form builder and Gutenberg block editor code paths. Any user - including unauthenticated site visitors - who subsequently loads a page containing the injected element triggers script execution in their browser, enabling session hijacking, credential theft, or malicious redirects. No public exploit identified at time of analysis and no CISA KEV listing, though the CVSS scope change (S:C) correctly reflects the cross-user, cross-session impact characteristic of stored XSS.
Stored Cross-Site Scripting in the Customer Reviews for WooCommerce WordPress plugin (all versions ≤ 5.113.0) allows contributor-level authenticated users to inject arbitrary JavaScript via the 'color' attribute of the trust badge shortcode, which then executes in the browsers of every subsequent visitor to the compromised page. The trust badge rendering code in class-cr-trust-badge.php and badge-small.php fails to sanitize or escape shortcode attribute input before writing it to HTML output. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; a patch commit is referenced in the WordPress SVN repository.
Stored Cross-Site Scripting in the Bookero.pl WordPress booking plugin (versions up to and including 2.2) allows authenticated contributors to permanently inject arbitrary JavaScript into WordPress pages via the `bookero_products` shortcode. The `bookero_products()` function in `libraries/bookero-front.php` (lines 173-174) concatenates the raw `hide_products` and `filter_products` attribute values directly into an inline `<script>` block with no sanitization or output escaping, meaning any page rendered with the poisoned shortcode will execute the attacker-supplied script in every visitor's browser. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Stored Cross-Site Scripting in the Ultimate Post (PostX) WordPress plugin versions up to and including 5.0.31 allows authenticated contributors to permanently inject arbitrary JavaScript into WordPress pages via the 'moreResultsText' attribute of the advanced-search Gutenberg block. The root cause is a sanitization gap: the render callback applies wp_kses() which strips disallowed HTML tags but does not encode special characters like double quotes in attribute context, and the unsanitized value is then concatenated directly into the data-viewmoretext HTML attribute without esc_attr(), allowing attribute boundary escape. No public exploit code has been identified at time of analysis, and no EPSS data was provided, but the contributor-level access requirement represents the primary real-world friction point for exploitation.
Stored Cross-Site Scripting in the WordPress Download Manager plugin (all versions through 3.3.61) allows authenticated contributors to inject persistent JavaScript payloads via the 'note_before' and 'note_after' shortcode attributes. The root cause is an unescaped output sink in the shortcode renderer: although wp_kses_post filters post content on save for users lacking the unfiltered_html capability, kses-allowed tag and attribute combinations that survive filtering are passed directly to the unsafe sink and execute in victims' browsers when the injected page is rendered. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Stored XSS in the Block, Suspend, Report for BuddyPress WordPress plugin (bp-toolkit) through version 3.6.4 allows low-privileged authenticated attackers to inject persistent malicious scripts via the 'link' parameter in report submissions. Authenticated users with subscriber-level access can plant JavaScript payloads that execute in any visitor's browser upon accessing the affected report pages, with Changed Scope (S:C) indicating execution in the victim's security context rather than the application's. No public exploit code has been identified at time of analysis and the vulnerability has not been added to CISA KEV, but on BuddyPress community sites with open registration the subscriber-level prerequisite is trivially satisfied.
Secure upload bypass in Discourse exposes protected files through the pull_hotlinked_images feature, which fails to enforce the secure_uploads access control when processing posts containing a known secure URL. Affected instances are those running versions prior to 2026.6.0, 2026.5.1, 2026.4.2, or 2026.1.5 with the secure_uploads site setting enabled. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV; however, the fix commits are publicly visible on GitHub, potentially aiding reverse-engineering of the flaw.
Restricted tag and tag-group name disclosure in Discourse exposes internal taxonomy metadata to anonymous and unauthorized users via the category and group API endpoints. All Discourse versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 are affected when restricted tags or tag groups are configured on publicly readable categories. An unauthenticated actor can enumerate these names - which may contain sensitive organizational labels, project codenames, or internal classifications - using standard HTTP requests with no exploit tooling required. No public exploit code exists and this is not listed in CISA KEV; the CVSS 4.0 AT:P modifier confirms that exploitation requires a specific non-default configuration to be present.
Open WebUI versions 0.8.12 through 0.9.x expose a missing authorization flaw that permits authenticated non-admin users to reach restricted underlying AI models by exploiting a code-path divergence in task endpoints. The standard chat route (/api/v1/chat/completions) correctly re-validates submodel access after arena wrapper resolution, but task endpoints such as /api/v1/tasks/moa/completions call utils.chat.generate_chat_completion() directly, triggering arena fallback resolution after the wrapper check passes and recursing with bypass_filter=True - effectively nullifying the submodel access control. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the attack requires only low-privilege authentication (PR:L), making it directly relevant to any multi-tenant or enterprise Open WebUI deployment with model access tiering.
Insecure default OPC UA configuration in Siemens CPCI85 Central Processing/Communication and SICORE Base System exposes industrial control system functions to unauthenticated network attackers. Both products ship with all OPC UA security mechanisms disabled, meaning any attacker who can reach the OPC UA endpoint over the network can interact with the system without authentication or encryption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the affected products operate in OT/ICS environments where unauthorized control access carries disproportionate operational and safety risk relative to the moderate CVSS score.