Monthly
Partial string comparison in BettaFish's InsightEngine deduplication logic (versions up to 1.2.1) allows remote unauthenticated attackers to manipulate search-result deduplication by crafting inputs that exploit the flawed comparison in `_deduplicate_results` within `InsightEngine/agent.py`. The integrity impact is limited - attackers can cause duplicate or otherwise manipulated entries to persist in search output - but the attack requires no authentication and no user interaction, and a public proof-of-concept exploit exists. No active exploitation has been confirmed by CISA KEV; a fix pull request (PR #689) has been submitted but not yet merged.
Authorization bypass in Caddy's remote admin `/config` API (versions 2.4.0-2.11.2) allows a certificate-authenticated remote admin client restricted to a specific array-indexed config path (e.g., `/routes/0`) to read and modify sibling array elements (e.g., `routes[1]`) by requesting the path with a leading-zero index variant (`/routes/01`). The root cause is a semantic mismatch between two internal layers: the authorization layer performs string prefix matching (`strings.HasPrefix`), while the config traversal layer parses index components numerically via `strconv.Atoi()`, so `"01"` passes authorization as a prefix of `"0"` but resolves to integer index 1 during traversal. No public exploit is in CISA KEV, but a complete proof-of-concept with captured curl requests and server responses is publicly documented in the vendor GitHub advisory GHSA-x5w9-xh9r-mvfc.
Information disclosure in Rack web server interface (versions <2.2.23, <3.1.21, <3.2.6) allows unauthenticated remote attackers to access sensitive files due to flawed prefix matching in Rack::Static. The vulnerability enables access to unintended files sharing configured URL prefixes (e.g., '/css' matching '/css-backup.sql'), exposing configuration files, database backups, or environment variables. CVSS 7.5 (High) with network vector and no complexity. No public exploit identified at time of analysis.
OpenWrt versions prior to 24.10.6 allow local attackers with limited privileges to inject a malicious PATH environment variable into hotplug scripts due to improper filtering in the hotplug_call function, enabling execution of arbitrary binaries with elevated privileges. The vulnerability stems from a strcmp/strncmp logic error that fails to properly exclude the PATH variable when executing scripts in /etc/hotplug.d, resulting in local privilege escalation. No patch is currently available.
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). [CVSS 3.7 LOW]
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Partial string comparison in BettaFish's InsightEngine deduplication logic (versions up to 1.2.1) allows remote unauthenticated attackers to manipulate search-result deduplication by crafting inputs that exploit the flawed comparison in `_deduplicate_results` within `InsightEngine/agent.py`. The integrity impact is limited - attackers can cause duplicate or otherwise manipulated entries to persist in search output - but the attack requires no authentication and no user interaction, and a public proof-of-concept exploit exists. No active exploitation has been confirmed by CISA KEV; a fix pull request (PR #689) has been submitted but not yet merged.
Authorization bypass in Caddy's remote admin `/config` API (versions 2.4.0-2.11.2) allows a certificate-authenticated remote admin client restricted to a specific array-indexed config path (e.g., `/routes/0`) to read and modify sibling array elements (e.g., `routes[1]`) by requesting the path with a leading-zero index variant (`/routes/01`). The root cause is a semantic mismatch between two internal layers: the authorization layer performs string prefix matching (`strings.HasPrefix`), while the config traversal layer parses index components numerically via `strconv.Atoi()`, so `"01"` passes authorization as a prefix of `"0"` but resolves to integer index 1 during traversal. No public exploit is in CISA KEV, but a complete proof-of-concept with captured curl requests and server responses is publicly documented in the vendor GitHub advisory GHSA-x5w9-xh9r-mvfc.
Information disclosure in Rack web server interface (versions <2.2.23, <3.1.21, <3.2.6) allows unauthenticated remote attackers to access sensitive files due to flawed prefix matching in Rack::Static. The vulnerability enables access to unintended files sharing configured URL prefixes (e.g., '/css' matching '/css-backup.sql'), exposing configuration files, database backups, or environment variables. CVSS 7.5 (High) with network vector and no complexity. No public exploit identified at time of analysis.
OpenWrt versions prior to 24.10.6 allow local attackers with limited privileges to inject a malicious PATH environment variable into hotplug scripts due to improper filtering in the hotplug_call function, enabling execution of arbitrary binaries with elevated privileges. The vulnerability stems from a strcmp/strncmp logic error that fails to properly exclude the PATH variable when executing scripts in /etc/hotplug.d, resulting in local privilege escalation. No patch is currently available.
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). [CVSS 3.7 LOW]
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.