Memory leak regression in Wasmtime 37.0.0 and 37.0.1 causes permanent host-process memory exhaustion when C/C++ embeddings use `externref` or `anyref` WebAssembly reference types. The refactoring from `ManuallyRooted<T>` to `OwnedRooted<T>` introduced three distinct defects - a no-op typo in `wasmtime_val_unroot`, unreleased return values from host-defined callbacks, and missing C++ destructors - that collectively prevent GC roots from ever being freed, even after the WebAssembly store is destroyed. No public exploit confirmed in CISA KEV; a proof-of-concept is publicly available, but EPSS at 0.18% (7th percentile) and SSVC exploitation status of none indicate minimal active threat.
Path traversal in GoClaw 3.13.3-beta.3 allows authenticated remote attackers to read or write files outside the intended workspace directory by manipulating the path argument to the `writeFile` function in the ACP ToolBridge Workspace Handler (`internal/providers/acp/tool_bridge.go`). A proof-of-concept exploit has been publicly disclosed via a GitHub issue, lowering the bar for exploitation. No CISA KEV listing indicates active widespread exploitation has not been confirmed at time of analysis.
Server-side request forgery in louisho5 picobot up to version 0.2.0 allows authenticated remote attackers to manipulate the url argument of the WebTool.Execute function in internal/agent/tools/web.go, causing the server to issue arbitrary HTTP requests to internal or external targets. The vulnerability carries a CVSS 4.0 score of 5.3 with low-privilege authentication required and has publicly available exploit code disclosed via a GitHub issue report. The upstream project has not responded to the responsible disclosure, meaning no patch is available at time of analysis.
Server-side request forgery in GoClaw 3.13.3-beta.3 enables authenticated remote attackers to manipulate the `output.video_url` parameter within the `bytePlusDownloadVideo` function, coercing the server into issuing HTTP requests to attacker-controlled destinations including internal network resources. The flaw resides in `internal/tools/create_video_byteplus.go` at the invoke endpoint. A proof-of-concept exploit has been publicly disclosed via GitHub issue #1199; however, no CISA KEV listing confirms mass active exploitation, and the CVSS 4.0 score of 2.1 reflects the low-privilege authentication barrier and limited per-request impact scope.
SQL injection in itsourcecode Electronic Judging System 1.0 exposes the admin panel endpoint /intrams/admin/add_judges.php to database manipulation via the unsanitized `fname` parameter. Authenticated remote attackers can craft malicious input to read, alter, or potentially enumerate backend database contents. A publicly available proof-of-concept exploit exists on GitHub, though the vulnerability is not listed in CISA KEV and carries a CVSS 4.0 base score of 2.1 (Low), reflecting the authenticated access prerequisite and limited-scope CIA impact.
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Prototype pollution in compromise (spencermountain/compromise) through version 14.15.1 exposes all JavaScript applications using the library to Object.prototype contamination via the nlp.extend() Public Root API. A low-privileged remote attacker who can supply a crafted plugin argument containing __proto__, constructor, or prototype keys can inject properties into the global Object.prototype, producing partial confidentiality, integrity, and availability impact across the Node.js runtime. A public exploit exists via GitHub issue #1208, a vendor patch has been released (commit b4644ab7), and no CISA KEV listing has been confirmed at time of analysis.
Link-following vulnerability in louisho5 picobot up to version 0.2.0 allows a remote, low-privileged attacker to traverse outside the intended workspace directory via the CreateSkill and GetSkill functions in the filesystem handler. The root cause is improper symlink resolution (CWE-59) in internal/agent/tools/filesystem.go, enabling potential unauthorized file read and write operations on the host filesystem. A public exploit exists as a GitHub issue report; no vendor patch has been released and the project maintainer has not yet responded to the disclosure.
Server-side request forgery in zhayujie CowAgent's Vision Tool allows authenticated remote attackers to make the server issue arbitrary HTTP requests to internal network resources. The vulnerability exists in the Vision._download_to_data_url / _build_image_content function in agent/tools/vision/vision.py, where the image argument is passed to an HTTP fetch without URL validation, enabling access to private RFC1918 addresses, loopback interfaces, and other non-public infrastructure. A publicly available proof-of-concept exploit exists (GitHub issue #2878), and a vendor-released patch (version 2.1.2) is available.
Information disclosure in nextlevelbuilder GoClaw up to version 3.13.3-beta.3 allows remote low-privileged attackers to extract sensitive data by manipulating the `args.targetUrl` argument passed to the `handleNavigate` function in `pkg/browser/tool.go`. A public proof-of-concept exploit exists and is referenced via GitHub issue #1207, elevating the practical risk beyond the moderate CVSS 4.0 score of 5.3. No confirmed patched release has been identified at the time of analysis, leaving all known versions of the product exposed.
GoClaw 3.11.3 by nextlevelbuilder exposes an incomplete blacklist bypass in the ExecApprovalManager.CheckCommand function, allowing authenticated low-privilege remote attackers to circumvent command approval controls enforced in internal/tools/exec_approval.go. The bypass can yield limited confidentiality, integrity, and availability impacts consistent with the information-disclosure tag and the VC:L/VI:L/VA:L CVSS 4.0 impact metrics. No public exploit identified at time of analysis is incorrect here - a public proof-of-concept exploit exists per the referenced GitHub issue, lowering the technical bar for abuse.
Server-side request forgery in mosaxiv clawlet up to version 0.2.10 enables authenticated remote attackers to manipulate the webFetch tool function to issue arbitrary HTTP requests from the server, potentially reaching internal services, cloud metadata endpoints, or other network resources not directly accessible to the attacker. A publicly available proof-of-concept exploit was disclosed via GitHub issue #14, making real-world exploitation more accessible. Critically, the upstream maintainer closed the issue as 'not planned,' meaning no vendor-released patch is forthcoming and the vulnerability will remain permanently unaddressed in the existing codebase.
Cross-site scripting in code-projects Online Job Portal 1.0 allows a remote, low-privileged attacker to inject malicious JavaScript via the /Admin/DetailJob.php endpoint, which executes in the browser of any user who views the affected page. The CVSS 4.0 vector (PR:L/UI:P) confirms that exploitation requires an authenticated session and passive victim interaction, constraining but not eliminating real-world risk. A public proof-of-concept has been disclosed on GitHub; no patch from the vendor has been identified at time of analysis.
Path traversal in DedeCMS 5.7.118's Album Publishing Feature allows remote attackers with administrative credentials to read or write files outside the intended extraction directory by manipulating the `filename` argument passed to the `ExtractFile` function in `include/zip.class.php`. A public proof-of-concept exploit has been released on GitHub, lowering the skill bar for exploitation, though no active exploitation has been confirmed in the CISA KEV catalog. The CVSS 4.0 score of 5.1 with PR:H reflects the high privilege requirement, which materially limits the exposed attack surface to authenticated admin-level sessions.
OS command injection in louisho5 picobot up to version 0.2.0 allows local low-privileged attackers to execute arbitrary operating system commands through the ExecTool.Execute function in internal/agent/tools/exec.go. A publicly available proof-of-concept exploit exists (GitHub issue #43), elevating practical risk despite the moderate CVSS 4.0 score of 4.8. No patch has been issued as the project maintainer has not responded to responsible disclosure, leaving all known deployments persistently exposed.
Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
The `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target['__proto__']` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. **Scope of real-world risk is limited.** No first-party Feathers package routes input - trusted or untrusted - through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`. Fixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration - the standard remediation used by lodash and others. Avoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates. Reported responsibly by Andrew Ridings (@ridingsa).
User account enumeration in SAP HANA Extended Application Services Classic Model (XSC) user self-service tools allows unauthenticated remote attackers to identify valid usernames and email addresses by crafting requests that elicit distinguishable server responses. The CWE-204 root cause - observable response discrepancy - means the application behaves differently for valid versus invalid accounts, leaking account existence without requiring credentials. CVSS scores this at 3.7 (AV:N/AC:H) reflecting network accessibility tempered by high attack complexity; no public exploit code or CISA KEV listing has been identified at time of analysis.
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK with an HTML URL-encoded ZIP entry name can force rendering of arbitrary HTML, perform out-of-band requests, disclose the victim IP address, or interact with locally exposed applications. This issue is fixed in version 1.5.6.
{ $items = []; foreach ($this->variantes() as $item) { $match = $item->{$this->match}; $description = Tools::textBreak($item->description(), 300); ... $items[] = '<tr class="clickableRow" onclick="widgetVarianteSelect(\'' . $this->id . '\', \'' . $match . '\');">' . '<td class="text-center">' ... ``` `$this->match` defaults to `'referencia'` (`WidgetVariante::__construct`, line 42). `$item->referencia` was sanitised at write time by `Variante::test()` (`Core/Model/Variante.php:392`) which calls `Tools::noHtml($this->referencia)`. `Tools::noHtml` (`Core/Tools.php:499-504`) replaces `'`, `"`, `<`, `>` with `'`, `"`, `<`, `>`. The defender therefore expects that any apostrophe a user typed becomes `'` in the database, which renders inside the `onclick` attribute as `'` and cannot break out of the surrounding `'...'` JS string literal. `Core/Lib/Widget/WidgetSubcuenta.php:290-305` has the identical shape: ```php foreach ($this->subcuentas() as $item) { $match = $item->{$this->match}; ... $items[] = '<tr class="clickableRow" onclick="widgetSubaccountSelect(\'' . $this->id . '\', \'' . $match . '\');">' . '<td class="text-center">' . '<a href="' . $item->url() . '" target="_blank" onclick="event.stopPropagation();">' ... ``` `$this->match` defaults to `'codsubcuenta'`; the value is `Tools::noHtml`-encoded by `Subcuenta::test()` (`Core/Model/Subcuenta.php:213`). Per the HTML5 spec (and what every browser actually does), the value of an HTML attribute is processed by the **character reference state** of the tokenizer before any consumer sees it. By the time the `onclick` attribute value reaches the script engine, the bytes inside are the *decoded* string. Concretely, the HTML the browser receives is: ```html <tr onclick="widgetVarianteSelect('id', '1',alert(1),'2');"> ``` After the tokenizer decodes `'` to `'`, the JavaScript fragment passed to the script engine is: ```javascript widgetVarianteSelect('id', '1',alert(1),'2'); ``` `alert(1)` runs as a third positional argument that JavaScript happily evaluates while building the call. The `widgetVarianteSelect` function ends up being called with four arguments and the side-effect of `alert(1)` (or any payload) has already occurred. The recent `40bc701` AccountingModalHTML and `8586b97` SalesModalHTML / PurchasesModalHTML fix recognised this. Both replaced the `onclick="...('"+ value +"')"` pattern with: ```php $tbody .= '<tr ... data-subaccount="' . $code . '" onclick="$(...).modal(\'hide\');' . ' return newLineAction(this.dataset.subaccount);">' ``` Where `$code = static::html($subaccount->codsubcuenta)` and `static::html` is `htmlspecialchars(html_entity_decode($text, ENT_QUOTES | ENT_HTML5, 'UTF-8'), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8')`. The HTML5 entity decode is deliberate: it normalises any double-encoded data so that the subsequent `htmlspecialchars` produces stable single-encoded output. The JavaScript then reads the value from `this.dataset.*`, which is the post-decoded attribute value, where the original quote is now literally inside a string property and cannot break out of any quote context. `WidgetSubcuenta` and `WidgetVariante` were not migrated to this pattern. `Variante::test()` (`Core/Model/Variante.php:389-401`) accepts up to 30 characters in `referencia`. The minimum payload is 13 bytes (`1',alert(1),'2`), comfortably under the limit. The `Tools::noHtml` pass during `test()` produces the stored form `1',alert(1),'2`, which is 22 bytes. Three plant primitives are practical: 1. **Direct create** via `EditProducto?action=save` with the attacker-controlled `referencia` field. Because `EditProducto` is exposed to any user with the `EditProducto` permission (which roles like *sales agent* and *warehouse manager* commonly carry), this is a within-tenant primitive: a low-privilege salesperson plants the payload, an admin opens any sales document and clicks the variant picker. 2. **DB write** by anyone with raw SQL access (DBA or shared-hosting admin). `INSERT INTO variantes (referencia, ...) VALUES ('1\',alert(1),\'2', ...)`. This is what I used for the live test; the plant is permanent until the row is deleted. 3. **Plugin / API import.** `ApiAttachedFiles` and the various import endpoints allow a low-privilege API key to land arbitrary `referencia` values that bypass the `EditProducto` `permissions->onlyOwnerData` filter. For `WidgetSubcuenta`, the `codsubcuenta` field is constrained to the exercise's `longsubcuenta` length (10 by default), and the regex-free `Tools::noHtml` pass turns one apostrophe into 5 bytes (`'`), so the post-noHtml string must equal the configured length exactly. A 5-byte payload (`1','` is 4) plus padding is workable for compact bypass payloads such as `'+x+'` (where `x` is a previously-loaded global). DB-write planting (primitive 2) bypasses the length check entirely. The fix wave centred on the `Lib/AjaxForms/*ModalHTML.php` files. Both audited widgets live in `Lib/Widget/` and look superficially safe to a reviewer because every value is `Tools::noHtml`-escaped at storage. The actual decoding step happens inside the browser, not the PHP code, so the defect is not visible in a `grep`-based review of the PHP source unless the reviewer specifically looks for `onclick="...('+ $field +')'` shapes that put a `Tools::noHtml`-escaped value in a JavaScript string position inside an HTML attribute. > **Live PoC verified 2026-05-01** against `http://127.0.0.1:8081/` running facturascripts at commit `24281ca`. A `Variante.referencia` value of `1',alert(1),'2` (planted via raw DB write below) renders inside `widgetVarianteSelect('0', '1',alert(1),'2');` in the modal grid; opening the variant-picker modal in any user's browser (low-priv or admin) fires `alert(1)` from the host page's realm. Setup: the admin session at `http://127.0.0.1:8081/` is at `/tmp/fs-cookie2`. Step 1 - plant the payload (any of the three primitives works). DB-write primitive: ```bash mysql -h127.0.0.1 -ufs -pfs facturascripts <<'SQL' INSERT INTO productos (referencia, descripcion, codimpuesto, sevende, secompra, bloqueado, nostock, publico, stockfis, ventasinstock, observaciones) VALUES ('XSSPRD', 'XSS via WidgetVariante', 'IVA21', 1, 1, 0, 1, 0, 0, 1, ''); INSERT INTO variantes (referencia, idproducto, precio, coste, margen, stockfis, codbarras) SELECT "1',alert('XSS-WidgetVariante'),'2", idproducto, 0, 0, 0, 0, '' FROM productos WHERE referencia='XSSPRD'; SQL ``` After the insert, `Variante::test()` did not run (the row was created via SQL), so the literal `'` survives. Even via the EditProducto UI primitive, the round trip through `Tools::noHtml` produces the encoded form `1',alert(...),'2` which decodes back to the working payload at render time. Step 2 - open any controller that uses WidgetVariante with the default `match` (or any third-party plugin form that does so). Core ships two views (`Core/XMLView/EditAgente.xml`, `Core/XMLView/ListAgente.xml`) but both override `match="idproducto"`, so they are not exposed in stock core. Any plugin form that uses `<widget type="variante" .../>` without an explicit `match` attribute opts into the vulnerable code path. Trigger the variant-picker modal: ```bash $ curl -s -b /tmp/fs-cookie2 "http://127.0.0.1:8081/EditAgente?code=1" \ | grep -oE 'widgetVarianteSelect[^<>]{1,200}' | head -3 ``` When the modal renders `match=referencia`, the row in the response contains: ```html <tr class="clickableRow" onclick="widgetVarianteSelect('0', '1',alert('XSS-WidgetVariante'),'2');"> ``` The browser HTML-decodes the attribute value before passing it to the script engine, yielding the actual JavaScript `widgetVarianteSelect('0', '1',alert('XSS-WidgetVariante'),'2');`. The `alert` fires the moment the attribute is parsed for execution (i.e., when the user clicks the row, or when an automation script triggers the click programmatically), and the host realm's session, cookies, and CSRF tokens are exposed to the payload. For `WidgetSubcuenta`, the payload trigger is identical: any controller with `<widget type="subcuenta" fieldname="codsubcuentaXxx"/>` (`Core/XMLView/EditProducto.xml`, `EditCuentaBanco.xml`, `EditFamilia.xml`, `EditImpuesto.xml`, `EditRetencion.xml` are the in-tree consumers) renders the modal with `widgetSubaccountSelect('id', '<HTML-decoded codsubcuenta>')`. A `codsubcuenta` row planted with one apostrophe and five bytes of payload escapes the JS string and runs in the host page. * **Stored XSS in any user's browser the moment they open a product or subaccount picker.** The execution context is the host page, with full access to the viewer's session, CSRF tokens, and the running application. From an admin viewer's perspective the payload achieves admin compromise (install plugins, change passwords); from a normal user's perspective it can be used to exfiltrate the user's data and pivot. * **Within-tenant escalation primitive.** `EditProducto` is a routinely granted role permission. A salesperson, warehouse user, or a plugin-supplied controller without `admin` rights can plant a payload that fires in admin's browser the next time admin opens any sales document and clicks the variant picker. * **Sister vulnerability to the `40bc701` / `8586b97` fix wave.** The maintainers already understand and have fixed the same anti-pattern in three sister classes; these two were missed and remain exploitable. CVSS reasoning: `AV:N`, `AC:L` (one DB or one form POST plant), `PR:H` (the planter must be authenticated and have either `EditProducto` or DB write or import-API access; with weaker roles the payload is also reachable), `UI:R` (the victim opens a form that renders the modal and triggers a click), `S:U` (the impact stays within the application), `C:L I:L A:N` (the viewer's session and CSRF token are exposed; integrity loss bounded by viewer's role). Score 4.8. Mirror the `40bc701` and `8586b97` fix exactly. In both `Core/Lib/Widget/WidgetVariante.php:321` and `Core/Lib/Widget/WidgetSubcuenta.php:296`, replace: ```php $items[] = '<tr class="clickableRow" onclick="widgetVarianteSelect(\'' . $this->id . '\', \'' . $match . '\');">' ``` with the data-attribute pattern that the modal helpers now use: ```php $encMatch = htmlspecialchars( html_entity_decode((string)$match, ENT_QUOTES | ENT_HTML5, 'UTF-8'), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8' ); $items[] = '<tr class="clickableRow" data-match="' . $encMatch . '"' . ' onclick="widgetVarianteSelect(\'' . $this->id . '\', this.dataset.match);">' ``` (and the analogous change for `widgetSubaccountSelect`). The same approach should be applied to: * `WidgetSubcuenta::renderExerciseFilter` (`Core/Lib/Widget/WidgetSubcuenta.php:251-255`) where `$item->codejercicio` is interpolated into `<option value="...">`. Codes are short and predictable but the same escaping consideration applies for defence in depth. * `WidgetVariante::renderManufacturerFilter` (line 213) and `renderFamilyFilter` (line 197). Long term, the `BaseWidget::onclickHtml` and `inputHtml` builders (`Core/Lib/Widget/BaseWidget.php:163-167`, `234-239`, `273-283`) likewise concatenate `$this->value` into HTML attributes without context-aware escaping. Migrating them to use Twig (or at least `htmlspecialchars` with `ENT_QUOTES`) closes a class of bugs that today rely on every model's `test()` to be defensive. A regression test should plant a `Variante.referencia` of `1',alert(1),'2`, render the page through the live HTTP stack, and assert that no JavaScript dialog fires (e.g. via Playwright `page.on('dialog', ...)`).
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Devolutions Server 2026.1.22.0 and 2026.2.11.0 exposes Azure Key Vault client secrets in cleartext within Recovery Kit response files, defeating an explicit 'exclude sensitive data' option that administrators rely on. Any party who obtains a copy of the generated response file can trivially read the credential without any decryption or tooling. No public exploit code exists and the vulnerability is not in CISA KEV; however, because successful exploitation yields a reusable cloud credential, the downstream blast radius in Azure environments substantially exceeds what the 3.3 CVSS base score suggests. A vendor-released patch is available.
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
Horizontal privilege escalation in Easy!Appointments prior to 1.6.0 permits any authenticated provider to inject appointments into a peer provider's calendar or reassign existing appointments across provider boundaries by supplying an arbitrary `id_users_provider` value to the `store` and `update` API endpoints. The asymmetry is stark: the `search` endpoint correctly enforces provider-scoped filtering, confirming the isolation boundary was intentionally designed - making this an incomplete implementation rather than a missing feature. An additional write-before-crash defect on the `store` path means the unauthorized database row is silently persisted even when the attacker receives an HTTP error response. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.
Symlink entries in malicious tar archives bypass the `filter_safe_tarinfos` validation in Keras 3.12.0, enabling directory escape that can read or overwrite arbitrary files on the host filesystem. The root defect is in `keras/src/utils/file_utils.py`, where `is_path_in_dir` path containment checks are applied only to regular file entries - symlink entries are extracted without equivalent validation. The exposure is most severe on Python 3.10 and 3.11, where `filter_safe_tarinfos` is the sole extraction safeguard; no public exploit or active exploitation has been identified at time of analysis.
HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.
Improper authorization in Devolutions Server's secure messages deletion endpoint exposes an Insecure Direct Object Reference (IDOR) flaw allowing any authenticated user to permanently delete secure messages belonging to other users simply by supplying a target message identifier. Affected versions are 2026.2.11 and 2026.1.22; patched releases 2026.1.23 and 2026.2.12 are available per the vendor advisory. No public exploit identified at time of analysis, and the low CVSS score of 3.1 reflects constrained impact (integrity only, no data disclosure) paired with high attack complexity.
OAuth provider rebinding in Easy!Appointments prior to version 1.6.0 allows any authenticated backend user - including low-privilege secretary and provider roles - to silently hijack a peer provider's Google Calendar integration by supplying an arbitrary provider_id to the OAuth initiation endpoint. The attacker completes a legitimate Google OAuth flow with their own Google account, which the application then binds to the victim provider's database row without verifying ownership. From that point forward, every appointment on the victim's schedule syncs to the attacker's Google Calendar, leaking customer names and email addresses as attendee data. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Server-side request forgery in Easy!Appointments prior to 1.6.0 allows authenticated backend users - admins, providers, or secretaries - to probe internal network hosts by supplying arbitrary URLs to the CalDAV synchronization endpoint. The Guzzle HTTP client in `Caldav.php:60` forwards a REPORT request to the caller-supplied `caldav_url` without validating the scheme or destination host, enabling access to loopback, RFC1918, and link-local addresses on the deployment network. The SSRF is semi-blind, returning up to approximately 120 bytes of upstream response body through the exception path; no public exploit has been identified, exploitation requires an active backend account, and version 1.6.0 resolves the issue.
Stored XSS in Easy!Appointments versions prior to 1.6.0 allows an authenticated administrator to inject arbitrary HTML or JavaScript into the 'booking disabled' message field via the booking settings rich-text editor. The unsanitized value is rendered directly to every unauthenticated visitor who opens the public booking page while booking is disabled, crossing a scope boundary from admin context to anonymous public users. No public exploit has been identified at time of analysis; CVSS rates this 2.6 (Low) driven by the administrator-level privilege requirement, though the persistent cross-scope impact on all public visitors is a meaningful secondary risk factor.
The payment withdrawal approval endpoint in xianyu-auto-reply executes state-changing financial approval actions in response to HTTP GET requests, violating the HTTP safe-method contract and enabling unintended approvals through automated link-prefetching clients. Any low-privileged authenticated user possessing a valid review token can approve withdrawal requests by issuing a GET to /api/v1/payment/withdraw/review?action=approve, and more critically, email clients or mail-security gateways that automatically prefetch URLs can trigger approvals silently when an administrator receives a notification email. A proof-of-concept has been publicly disclosed per CVSS 4.0 E:P; no CISA KEV listing or confirmed active exploitation was identified at time of analysis.
Server-side request forgery in mosaxiv clawlet up to version 0.2.10 allows remote attackers to manipulate the server into issuing arbitrary HTTP requests by supplying a crafted URL to the web_fetch function in tools/tool_web_fetch.go via the IPv4 Handler. The CVSS 4.0 score of 2.1 reflects limited practical impact, constrained further by a user-interaction requirement (UI:P) and low CIA impact metrics. Publicly available exploit code exists (E:P per CVSS 4.0 supplemental vector), and the upstream maintainer has closed the tracking issue as 'not planned', meaning no official fix will be released.
A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcp__getComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.
Prototype pollution in kofrasa mingo up to version 7.2.1 allows low-privileged remote attackers to corrupt JavaScript Object.prototype by supplying `__proto__` as a field selector in `$set`, `updateOne`, or `updateMany` operations, injecting arbitrary properties into all objects within the Node.js process. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and successful exploitation can cascade to application-wide privilege logic bypass, information disclosure, or denial of service depending on how the host application relies on inherited object properties. Vendor-released patch version 7.2.2 is confirmed available.
Prototype pollution in svg.js (svgdotjs) up to version 3.2.5 allows a remote low-privileged attacker to inject arbitrary properties into JavaScript's shared Object.prototype via the EventTarget.on function of the npm package API. Depending on how consuming applications perform property lookups, this can lead to information disclosure, logic bypass, or integrity violations across the entire JavaScript runtime. No vendor patch exists - the maintainer has not responded to the responsible disclosure - and a proof-of-concept exists (CVSS E:P), though no confirmed active exploitation appears in CISA KEV.
Protection mechanism failure in mosaxiv clawlet up to version 0.2.10 allows remote attackers to bypass the exec Safety Guard, undermining the tool's core command-execution restriction logic. The vulnerability resides in the `guardExecCommand` function within `tools/tool_exec.go`, where insufficient enforcement of protection controls permits manipulation that should otherwise be blocked. Passive user interaction is required (CVSS 4.0 UI:P), and a public proof-of-concept exploit has been released; however, the vendor has closed the tracking GitHub issue as 'not planned', indicating no patch is forthcoming.
Buffer overflow in SUSE Virtual Machine Driver Pack allows a local attacker with registry modification rights to corrupt driver integrity. Affected are all versions of the pack before upstream commit e7a602ec232756ead019bdf19d6d3b9d010cc94b, targeting virtualized guest environments running SUSE's paravirtual drivers. No public exploit exists and the vendor explicitly states no feasible exploitation path is currently known; no public exploit identified at time of analysis.
Path traversal in mastergo-magic-mcp versions up to 0.2.0 allows local low-privileged attackers to read and write files outside the intended working directory by supplying manipulated path sequences via the `rootPath` argument of the `mcp__getComponentGenerator` component's `execute` function. A public proof-of-concept exploit has been disclosed (CVSS 4.0 E:P), and the vendor has not responded to the issue report, leaving no patch available at time of analysis. No public exploitation (CISA KEV) has been confirmed, and the local-only attack vector significantly constrains the realistic threat surface.
A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcp__C2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.