Stored Cross-Site Scripting in the BuddyHolis TableSearch plugin for WordPress (all versions ≤1.1.0) permits authenticated attackers holding Contributor-level or higher role access to inject persistent JavaScript via the 'placeholder' parameter, which then executes in the browsers of every subsequent visitor to the affected page. The Scope:Changed CVSS metric reflects that payload impact crosses from the WordPress plugin into victims' browser environments, enabling session hijacking, credential theft, or administrative account takeover if an administrator views the injected page. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the low authentication bar makes this relevant for any WordPress site permitting open contributor registration.
Stored cross-site scripting in Mezunum Satiyorum (versions 1.2.504 through 10072026) allows a low-privileged authenticated attacker to inject persistent malicious scripts into web pages served to other users. The scope change (S:C) in the CVSS vector confirms the payload executes in the victim's browser context, enabling session hijacking, credential theft, or malicious redirects against any user who loads the affected page. No public exploit code has been identified at time of analysis, and the vendor did not respond to TR-CERT's disclosure, leaving the vulnerability unpatched.
Unauthenticated API endpoints in Deloitte AI Assist for Customer exposed the platform's retrieval-augmented generation corpus to unauthorized read access and content injection by any network-reachable attacker who could discover the required request parameters. The root cause is missing authentication on critical internal API functions (CWE-306), enabling adversaries to exfiltrate proprietary knowledge base content or poison AI-generated responses with injected documents. The vendor applied a server-side fix on 2026-03-25 by restricting network access and enforcing authentication; no public exploit code or CISA KEV listing has been identified, though an independent security advisory has been published.
Use-after-free in ImageMagick's PDB decoder (all versions before 7.1.2-15) allows remote attackers supplying crafted Palm Database image files to crash the application or write a single null byte to freed heap memory. The flaw manifests specifically when memory allocation fails during PDB decoding, leaving a stale pointer that is subsequently dereferenced rather than nulled or re-validated. No public exploit or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects constrained exploitation conditions (AC:H, AT:P) and impact limited strictly to availability.
CSS injection in Snipe-IT's superadmin branding configuration (versions prior to 8.6.2) allows arbitrary stylesheet content to persist in the database and render for all authenticated users on every subsequent page load. The template default.blade.php applies HTML entity encoding to the header_color and related color settings before embedding them inside a CSS style block - encoding that is context-incorrect and insufficient to prevent CSS breakout via constructs such as closing braces or url() references. No public exploit has been identified at time of analysis, but the CVSS 4.0 vector (SC:H/SI:H) reflects that, once injected, the payload affects every authenticated user's session regardless of their privilege level, making this a persistent, cross-user impact from a single privileged action.
Stored cross-site scripting in Snipe-IT prior to 8.6.2 enables a low-privilege authenticated user to upload malicious XHTML or XML files that bypass the SVG sanitization gate and execute arbitrary JavaScript in any viewer's browser when the attachment is opened inline. The bypass works because UploadFileRequest only sanitizes SVG content when PHP's finfo extension reports image/svg+xml - uploading XHTML or generic XML evades this check - while UploadedFilesController serves the file same-origin without invoking StorageHelper::allowSafeInline(), completing the injection path. No public exploit code or CISA KEV listing has been identified at time of analysis; the vendor released a confirmed fix in version 8.6.2.
Reflected XSS in the ICS Calendar WordPress plugin (all versions ≤ 12.0.9) allows unauthenticated network attackers to inject arbitrary JavaScript into victim browsers by exploiting a missing nonce check and input sanitization failure on the publicly accessible wp_ajax_nopriv_r34ics_ajax AJAX endpoint. The attacker-controlled js_args object is merged over stored shortcode configuration before allowlist validation, enabling the htmltagtitle key to reach the calendar-month.php template unescaped. No public exploit code or CISA KEV listing exists at time of analysis, though the scope-changing CVSS vector (S:C) and zero authentication barrier make socially engineered delivery via crafted URLs a realistic threat to any site running this plugin.
Stored cross-site scripting in JetBrains TeamCity before 2026.1.2 lets an unauthenticated attacker persist malicious script through the agent registration flow, which then executes in the browser of any privileged user (e.g. an administrator) who later views the affected agent-management interface. Because agent registration requires no authentication, the entry barrier is minimal, and successful execution in an admin session can lead to session/token theft and pivoting to control of a CI/CD build server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.
Reflected Cross-Site Scripting in the Brevo (formerly Sendinblue) Newsletter, SMTP, Email marketing and Subscribe forms WordPress plugin allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in victims' browsers through a crafted URL containing a malicious payload in the `page` parameter. All plugin versions up to and including 3.1.77 are affected, with the root flaw traced to insufficient input sanitization and output escaping in `inc/table-forms.php` at line 102. No active exploitation has been confirmed in CISA KEV, and no POC code is identified in the provided data, though the CVSS scope-change rating (S:C) elevates the effective impact beyond the plugin's own context.
Reflected cross-site scripting in the WP Hotel Booking WordPress plugin (all versions up to and including 2.3.1) permits unauthenticated remote attackers to inject arbitrary JavaScript via the check_in_date and check_out_date URL parameters across multiple search result and Elementor widget templates. Successful exploitation requires tricking a victim into clicking a crafted link, after which the injected script executes in the victim's browser context - making logged-in administrators particularly high-value targets. No public exploit has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.
Reflected XSS in Logto's SAML application flow allows unauthenticated remote attackers to inject and execute arbitrary JavaScript on the Logto tenant origin by supplying a crafted RelayState parameter. Versions prior to 1.41.0 of @logto/core reflect the SAML RelayState, SAMLResponse, and actionUrl directly into an auto-submit HTML form without HTML-attribute escaping, meaning a victim who follows a crafted SAML authentication link and completes the login sequence will execute attacker-controlled script within the identity provider's origin context. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though a GitHub security advisory and fix commit are publicly available.
Open redirect in Snipe-IT prior to 8.6.2 allows unauthenticated attackers to abuse the application as a trusted redirector against authenticated users. The user edit workflow persists the HTTP Referer header - which an attacker can control - into Laravel's session-stored intended URL, then unconditionally honors it via redirect()->intended() when redirect_option=back is submitted by a legitimate user. No public exploit code and no CISA KEV listing have been identified at time of analysis; the vulnerability is a medium-severity phishing-chain enabler rather than a direct system compromise.
Cross-site scripting in the Drupal Canvas contributed module enables remote attackers to inject and execute malicious scripts in the browsers of Drupal site visitors. Affecting multiple version branches - 0.0.0 through 1.4.2, 1.5.0 through 1.5.2, 1.6.0 through 1.6.1, and 1.7.0 through 1.7.1 - the flaw (CWE-79) stems from insufficient sanitization of user-supplied input before rendering it in generated web pages. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; the EPSS score of 0.20% (10th percentile) reflects minimal current exploitation activity.
Cross-site scripting in the Drupal Canvas contributed module allows unauthenticated remote attackers to inject and execute malicious scripts in victims' browsers across multiple version branches (0.0.0-1.4.2, 1.5.0-1.5.2, 1.6.0-1.6.1, 1.7.0-1.7.1). The scope-changed CVSS vector (S:C) confirms the attack escapes the server context and executes within the victim's browser environment, enabling session theft, credential harvesting, or unauthorized actions on behalf of the victim. No public exploit or CISA KEV listing has been identified, and EPSS at 0.20% (10th percentile) reflects minimal observed exploitation activity at time of analysis.
Cross-site scripting in the Drupal AI (Artificial Intelligence) contributed module exposes sites to session hijacking and malicious content injection when users interact with unsanitized AI-generated or AI-related output rendered in the browser. The module fails to properly neutralize user-controlled or AI-sourced input before including it in generated web pages, allowing an unauthenticated remote attacker to craft a payload that executes in a victim's browser upon interaction. No active exploitation is confirmed (not in CISA KEV) and EPSS is very low at 0.16% (6th percentile), though the network-accessible, no-privilege attack surface warrants prompt patching on internet-facing Drupal deployments.
Stored XSS in the Drupal contributed module Advanced Content Feedback (admin_feedback) affects all releases from 0.0.0 up to 2.8.0, enabling a remote unauthenticated attacker to inject persistent malicious scripts that execute in the browsers of users who subsequently view affected pages. The scope change (S:C) in the CVSS vector indicates the injected payload escapes the application's security context and operates in the victim's browser, potentially enabling session hijacking or unauthorized actions on behalf of privileged users. No public exploit code has been identified and CISA has not added this to KEV; EPSS at 0.16% (6th percentile) and SSVC's 'exploitation: none' classification confirm this is a low-urgency finding with no evidence of active targeting.
Reflected XSS in the Anti-Spam by CleanTalk Drupal contributed module (versions 0.0.0 through 9.7.1) allows remote unauthenticated attackers to inject and execute malicious JavaScript in a victim's browser by tricking them into visiting a crafted URL. The CVSS Changed scope (S:C) confirms the payload executes in the browser's security context, enabling session theft, credential harvesting, or UI redirection against authenticated Drupal users. No public exploit code and no active exploitation have been identified; EPSS at 0.16% (6th percentile) indicates negligible observed exploitation probability at time of analysis.
Stored XSS in JetBrains YouTrack before 2026.2.17394 allows low-privileged authenticated users to inject malicious scripts into article titles, which are then rendered unsanitized within digest emails delivered to other users. When a recipient opens the digest email in an HTML-capable client and interacts with the affected content, the injected script executes in their browser context, enabling session token or credential theft. No public exploit or active exploitation has been identified; the CVSS score of 3.5 (Low) reflects the constrained impact due to required authentication, mandatory user interaction, and limited confidentiality-only impact.
Arbitrary file overwrite in Coturn prior to 4.13.0 is possible through the CLI management interface's `psd` (print sessions dump) command, which passes a user-supplied filename directly to `fopen()` without any path validation (CWE-73). An authenticated admin with CLI access can overwrite any file writable by the coturn process, potentially corrupting sensitive system files, certificates, or configuration data to achieve privilege escalation or service disruption. No public exploit identified at time of analysis; exploitation is constrained to local, high-privilege access, limiting realistic threat surface despite the High integrity and availability impact ratings.
Time-based SQL Injection in the Booking Calendar, Appointment Booking System WordPress plugin (versions ≤ 3.2.17) permits unauthenticated remote attackers to extract sensitive database contents via the 'wpdevart_id' parameter. The flaw exists in main_class.php due to insufficient parameter escaping and unprepared SQL queries, but is only triggerable when the Pro version is installed with the 'Delete previous dates' option enabled - a non-default configuration that meaningfully limits the exposed population. No public exploit code and no CISA KEV listing have been identified at time of analysis; the CVSS 5.9 Medium rating reflects both the high confidentiality impact and the high attack complexity imposed by the conditional prerequisites.
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.
High-privilege network exploitation of the Drupal Raw Formatter [Meta Tag Formatter] contributed module leads to high confidentiality and integrity impact across all released versions. The vulnerability requires an authenticated user with elevated Drupal permissions and high attack complexity (PR:H, AC:H per CVSS), significantly narrowing the realistic attack surface despite the notable C:H/I:H impact rating. No public exploit has been identified at time of analysis, EPSS sits at 0.24% (15th percentile), and SSVC confirms exploitation status as none - consistent with a narrow, privilege-dependent flaw in a niche contrib module rather than a broadly weaponizable issue.
Object injection in Drupal Core through improperly controlled modification of dynamically-determined object attributes (CWE-915) exposes sites to high-severity confidentiality and integrity compromise when triggered by an authenticated user with high privileges. Affected branches include the entire 10.x line before 10.5.12 and 10.6.11, the fully unsupported 11.0.x and 11.1.x trees, and the 11.2.x and 11.3.x lines before 11.2.14 and 11.3.12 respectively. No active exploitation is confirmed (not in CISA KEV) and EPSS sits at just 0.16% (6th percentile), making this a patch-priority rather than emergency-response scenario.
Object injection via a mass assignment flaw in Drupal Core enables an authenticated administrator to manipulate dynamically-determined PHP object attributes, potentially compromising confidentiality and data integrity of the application. Affected versions span multiple active and end-of-life branches: 10.5.x through 10.5.12, 10.6.0 through 10.6.11, 11.2.0 through 11.2.14, 11.3.0 through 11.3.12, and the entirely unsupported 11.0.x and 11.1.x branches. No public exploit code is identified at time of analysis, and EPSS at 0.16% (6th percentile) signals very low observed exploitation activity despite the C:H/I:H impact potential.
vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*.
Open redirect in Drupal Core across multiple major release branches enables phishing and content spoofing attacks by forwarding victims from a trusted Drupal domain to an attacker-controlled site via crafted URLs. The exposure spans the 10.x and 11.x release trains, creating a broad attack surface across the Drupal install base. EPSS probability sits at 0.13% (3rd percentile) and the vulnerability is absent from CISA KEV, indicating low observed exploitation to date despite the wide version coverage.
GNU Wget's FTP passive mode implementation fails to validate the IP address returned in a server's PASV response, enabling a malicious FTP server - or any HTTP server issuing a redirect to an ftp:// URL - to redirect Wget's data connection to an arbitrary internal IP address and port. All Wget releases through 1.25.0 (prior to upstream commit 4f85853) are affected, exposing any host running Wget to server-side request forgery (SSRF) that can probe or interact with localhost services and internal network resources. No confirmed active exploitation exists (SSVC: exploitation none), and no public POC exploit has been identified at time of analysis; the NVD-provided CVSS attack vector (AV:L) appears inconsistent with the network-based attack mechanism and may be an error.
Improper authorization in Samsung's KnoxGuardManager component allows local low-privileged attackers to bypass the application's persistence configuration, potentially undermining enterprise device management and carrier lock enforcement on affected Samsung Mobile Devices. Devices running Android 14, 15, and 16 prior to SMR Jul-2026 Release 1 are affected, making this a notable concern for enterprise MDM deployments and carrier-managed device fleets relying on Knox Guard controls. No public exploit has been identified and no active exploitation is confirmed; Samsung has shipped a patch in the July 2026 Security Maintenance Release.
Stored cross-site scripting in the RabbitMQ federation management plugin allows any user with federation upstream or policy configuration privileges to execute arbitrary JavaScript in the browser of an administrator viewing the Federation Status page. The rabbitmq_federation_management plugin renders the consumer_tag field without HTML escaping, making it a persistent injection vector that fires passively when a victim navigates to the page. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS 4.0 score of 5.7 reflects meaningful but constrained risk due to the high-privilege prerequisite.
Unauthorized modification of import ownership metadata in Snipe-IT prior to version 8.6.1 allows an authenticated user with CSV import capabilities to overwrite the created_by field on import records via the Importer API endpoint. The flaw stems from insufficient authorization enforcement (CWE-863) on the created_by parameter during CSV import operations, enabling a low-privileged API user to falsify asset audit trails and attribution records. No public exploit code has been identified and this vulnerability is absent from CISA KEV; a vendor-released patch is available in v8.6.1.
Server-side request forgery in zhayujie CowAgent versions up to 2.1.1 allows remote unauthenticated attackers to manipulate the `image` argument passed to `_build_image_content` or `_download_to_data_url` within the Vision Tool component, forcing the server to issue arbitrary outbound HTTP requests to attacker-specified destinations. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms exploitation requires no authentication and no special conditions, making this trivially accessible over the network. Exploit code has been publicly disclosed (CVSS 4.0 E:P per VulDB submission), raising real-world risk; no CISA KEV listing exists at time of analysis, so confirmed mass exploitation is not established.
Stored Cross-Site Scripting in the Drupal AI SEO/GEO Analyzer contrib module (versions 0.0.0 through pre-1.1.3) enables authenticated low-privilege users to persist malicious JavaScript payloads that execute in the browser context of other users - including administrators - who subsequently view the affected content. The scope change (S:C in the CVSS vector) confirms cross-context execution, enabling session hijacking, credential theft, or unauthorized DOM manipulation against victim users. EPSS probability stands at 0.25% (17th percentile) and no active exploitation has been reported in CISA KEV, indicating limited real-world threat at this time. A vendor-released patch is available via the Drupal security advisory SA-contrib-2026-076.
Stored XSS in the Drupal UI Patterns (SDC in Drupal UI) contributed module allows a low-privileged authenticated attacker to inject persistent malicious scripts into web pages, which execute in the browsers of other users - including administrators - who view the affected content. Versions 2.0.0 through 2.0.17 of the module are affected, with a patch available from the Drupal security team. No public exploit identified at time of analysis, and the EPSS score of 0.25% (17th percentile) signals minimal observed exploitation pressure, though the stored nature of the XSS and potential to target privileged users elevates practical risk for sites using this module.
Authorization bypass in the WPCafe WordPress plugin (all versions through 3.0.14) allows any authenticated subscriber-level user to fully manage email notification flow workflows that are intended to be administrator-only. The FlowAPI REST endpoints bundled within the plugin's email notification SDK rely solely on a wp_rest nonce for access control - a token freely obtainable from the frontend page source by any logged-in user - completely bypassing role-based authorization. No public exploit or active exploitation has been identified at time of analysis, though the low exploitation complexity makes this a realistic risk on sites with open user registration.
Brute-force credential attacks against Drupal sites running the Login Disable contrib module (versions 0.0.0 through 2.1.4) are enabled by the module's failure to restrict excessive authentication attempts (CWE-307). The module, intended to provide administrators with login-gating controls, paradoxically omits rate-limiting enforcement, allowing a low-privileged attacker to enumerate or compromise user credentials via automated requests. EPSS is low (0.21%, 12th percentile) and no active exploitation is confirmed in CISA KEV, but the network-accessible attack vector and low complexity keep this relevant for sites where the module is deployed.
SQL injection in OpenReplay's enterprise session search and analytics API allows an authenticated member to exfiltrate arbitrary ClickHouse table data and disrupt session search for all project viewers. Affected are enterprise editions with multi-tenancy enabled, running versions prior to 1.27.0, where user-controlled input is inserted unsanitized into ClickHouse query strings at two positions. No public exploit has been identified at time of analysis, and the fix was released in version 1.27.0.
Cross-site scripting in the Drupal Colorbox module allows an authenticated low-privileged attacker to inject malicious scripts that execute in the browser context of other users. The CVSS scope-change indicator (S:C) confirms this is likely stored XSS, where crafted input persists and executes when victims visit affected pages. No active exploitation is confirmed - EPSS sits at 0.20% (10th percentile) and the vulnerability is not listed in the CISA KEV catalog - but a vendor patch is available via Drupal security advisory SA-CONTRIB-2026-069.
Cross-site scripting in Drupal's Siteimprove Analytics contributed module (all versions before 2.0.1) allows an authenticated low-privileged attacker to inject malicious scripts that execute in a victim user's browser session. The CVSS scope change (S:C) indicates the attack crosses the application trust boundary, enabling potential session hijacking or privilege escalation against higher-privileged users such as administrators who view attacker-controlled content. No public exploit code exists and EPSS of 0.19% (8th percentile) confirms low real-world exploitation probability; no active exploitation has been identified at time of analysis.
Missing Authorization (CWE-862) in the Drupal FlowDrop contributed module allows authenticated low-privilege users to perform Forceful Browsing - directly accessing protected URLs without proper permission checks being enforced. All FlowDrop releases from 0.0.0 up to 1.6.0 are affected; a successful attacker can read or modify content and workflow data beyond their authorized scope. No public exploit has been identified and EPSS sits at 0.18% (8th percentile), indicating negligible observed exploitation probability at time of analysis; the vulnerability is not listed in CISA KEV.
Missing authorization in the FlowDrop Drupal contributed module (versions prior to 1.6.0) enables authenticated low-privilege users to perform forceful browsing, accessing URLs and resources that should be restricted to higher-privilege roles. The vulnerability stems from CWE-862, where authorization checks are absent or bypassed on protected endpoints within the module. No public exploit code or CISA KEV listing exists at time of analysis; the EPSS score of 0.18% (8th percentile) reflects low observed exploitation probability, but the low attack complexity and network accessibility make it a meaningful risk on multi-tenant or public Drupal sites with the module installed.
Incorrect authorization in the Fluent Forms WordPress plugin (versions up to and including 6.2.1) enables any authenticated subscriber-level user to cancel payment subscriptions belonging to other users by supplying an arbitrary 'subscription_id' in the payment cancellation AJAX endpoint. The payment cancellation flow performs no ownership check - only that the user is authenticated - making this a classic IDOR (Insecure Direct Object Reference) under CWE-863. No public exploit code has been identified at time of analysis, and the flaw is not listed in CISA KEV, but the low bar for exploitation (any registered site account) raises practical risk for sites using Fluent Forms payment/subscription features.
Stored cross-site scripting in the Drupal Tagify contributed module allows low-privileged authenticated users to inject persistent malicious scripts that execute in the browsers of subsequent page visitors, including administrators. All Tagify module versions prior to 1.2.52 are affected. No public exploit code has been identified and EPSS sits at the 6th percentile, but the stored nature of the XSS elevates impact relative to reflected variants since payloads persist across all future viewers of the poisoned content.
Stored cross-site scripting in Drupal Commerce Core 3.3.0 through 3.3.5 allows an authenticated low-privilege attacker to inject persistent malicious scripts that execute in other users' browsers when affected pages are viewed. The scope change (S:C in the CVSS vector) confirms the payload breaks out of the application's security context into the victim's browser environment, enabling session hijacking or unauthorized UI manipulation. No active exploitation or public exploit code has been identified; EPSS of 0.16% (6th percentile) reflects low real-world exploitation probability at time of analysis.
Cross-site scripting (XSS) in Drupal Core affects a broad swath of the 10.x and 11.x release lines, enabling an authenticated low-privileged attacker to inject malicious client-side script that executes in the browser of a victim who interacts with the crafted content. The CVSS scope-change indicator (S:C) confirms the impact escapes the originating component into the victim's browser context, enabling session hijacking or privilege escalation against higher-privileged users. No public exploit code has been identified and EPSS sits at 0.15% (5th percentile), indicating low automated exploitation probability at time of analysis, though the wide deployment footprint of Drupal still makes patching urgent.
Authorization bypass in the KiviCare WordPress EHR plugin (all versions through 4.4.0) allows unauthenticated network attackers to confirm arbitrary pending clinic appointments and inject forged payment records into the wp_kc_payments_appointment_mappings table using attacker-supplied payment IDs, completely circumventing the payment collection process. The root defect is a two-part failure: the appointments API controller does not verify user authorization before processing status changes, and the KCPaymentGatewayFactory returns all registered gateways regardless of admin-enabled status - meaning the KCPayLater manual-payment gateway is always selectable, even by unauthenticated callers on default installations. No public exploit or CISA KEV listing exists at time of analysis, though the trivially low attack complexity makes scripted abuse realistic.
Path traversal via the unsanitized 'X-FILENAME' HTTP header in the ARMember WordPress membership plugin allows unauthenticated remote attackers to upload and overwrite files outside the intended 'wp-content/uploads/armember' directory on affected WordPress installations running versions 4.0.27 and earlier. The integrity impact is limited by the plugin's handling of 'certain files (e.g., CSS)' rather than arbitrary file types, capping the CVSS score at 5.3 Medium; however, successful exploitation can enable website defacement or manipulation of frontend assets without any authentication. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Stored cross-site scripting in JetBrains TeamCity before 2026.1.2 lets an attacker who controls a build agent persist a malicious script into agent-reported data that executes when a privileged user opens the cloud profile page. Because it fires in the browser session of an operator with access to CI/CD configuration, it can lead to session/token theft and actions performed as the victim. The issue was reported by JetBrains itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
WAF rule bypass in ModSecurity 3.0.0-3.0.15 on i386 architecture allows network-accessible attackers to evade rules that use the t:utf8toUnicode transformation, potentially permitting injection attacks or other malicious payloads to reach protected applications undetected. The root cause is CWE-467 - sizeof() applied to a char pointer in utf8_to_unicode.cc yields the pointer width (4 bytes on i386) rather than the unicode buffer length, corrupting transformation output. No public exploit code or active exploitation has been identified at time of analysis; the fix is available in v3.0.16.
Path traversal in zhayujie CowAgent versions up to 2.1.0 allows remote low-privilege authenticated attackers to write files outside the intended skill installation directory by manipulating the `Name` argument in the Skill Installation Handler. The flaw resides in the `_add_url` and `_add_package` functions within `agent/skills/service.py`, which fail to sanitize path components before constructing filesystem paths during skill installation. No public exploit or active exploitation confirmed (no CISA KEV listing); a vendor-released patch exists in version 2.1.2.