Information Disclosure

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

A security vulnerability in Fortinet FortiPAM 1.4.0 (CVSS 6.3) that allows attacker. Remediation should follow standard vulnerability management procedures.

A security vulnerability in Fortinet FortiOS (CVSS 5.9) that allows an unauthenticated attacker with the knowledge of device specific data. Remediation should follow standard vulnerability management procedures.

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.

An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.

CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.

A security vulnerability in OctoPrint versions up until and including 1.11.1 contain a vulnerability that (CVSS 6.5) that allows any unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

CVE-2025-48067 is a security vulnerability (CVSS 5.4) that allows an attacker with the file_upload permission. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Critical authentication bypass vulnerability affecting Energy Services products that use the G5DFR component, where default credentials allow unauthenticated remote attackers to gain full control and tamper with device outputs. The CVSS 9.9 score reflects the severe nature of this issue-no authentication required, network-accessible, with high integrity impact across system boundaries. This vulnerability poses an immediate threat to critical infrastructure and industrial control systems relying on Energy Services with G5DFR.

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

Credential disclosure vulnerability in Ivanti Workspace Control versions before 10.19.10.0, where a hardcoded cryptographic key enables local authenticated attackers to decrypt stored SQL database credentials. This allows privilege escalation and lateral movement within enterprise environments. With a CVSS score of 8.8 and local attack vector requiring authentication, exploitation requires internal access but poses significant risk to SQL database security and overall system compromise.

Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.

Cryptographic weakness in Ivanti Workspace Control versions before 10.19.10.0 where a hardcoded encryption key is embedded in the application, allowing authenticated local attackers to decrypt stored environment passwords. This vulnerability enables privilege escalation and lateral movement within affected environments. The CVSS 7.3 score reflects high confidentiality and integrity impact, though exploitation requires local access and user authentication; KEV and active exploitation status are not confirmed in available intelligence.

Cryptographic weakness in Ivanti Workspace Control prior to version 10.19.0.0 that uses a hardcoded encryption key to protect SQL database credentials stored locally. A local authenticated attacker with user-level privileges can exploit this to decrypt and extract stored SQL credentials without elevated permissions, potentially leading to lateral movement and data exfiltration. The CVSS 8.8 score reflects high severity due to confidentiality and integrity impacts across system boundaries, though exploitation requires local access and valid authentication.

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.

PHP Local File Inclusion (LFI) vulnerability in LoftOcean TinySalt versions before 3.10.0, caused by improper control of filenames in PHP include/require statements (CWE-98). An unauthenticated remote attacker can exploit this network-accessible vulnerability with moderate complexity to read arbitrary files, execute code, and potentially achieve remote code execution, though exploitation requires specific conditions due to high attack complexity. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown), but represents a critical risk for exposed TinySalt installations.

CVE-2025-43701 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows unauthenticated network attackers to read Custom Settings data without authorization. Affecting OmniStudio versions before 254, this high-severity flaw (CVSS 7.5) enables direct exposure of sensitive configuration data through a low-complexity attack requiring no user interaction or privileges. While KEV status and active exploitation details are not available in provided data, the combination of high CVSS score, unauthenticated attack vector, and direct confidentiality impact indicates significant real-world risk to Salesforce deployments storing sensitive configuration in Custom Settings.

CVE-2025-43700 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows unauthenticated network-based attackers to expose encrypted data without requiring user interaction. This high-impact confidentiality breach (CVSS 7.5) affects OmniStudio versions prior to Spring 2025 release and represents a significant risk to organizations using FlexCards for sensitive data handling, particularly given the low attack complexity and absence of privilege requirements.

A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio's DataMapper component that allows unauthenticated network-based attackers to expose encrypted data without requiring user interaction. The vulnerability affects OmniStudio versions prior to Spring 2025 and carries a CVSS 7.5 (High) severity rating. While specific KEV status and EPSS data were not provided in the intelligence sources, the high CVSS score combined with unauthenticated access (AV:N, PR:N) indicates this is a significant exposure risk for organizations using affected OmniStudio deployments.

CVE-2025-41657 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.

CVE-2025-40661 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass authentication and access the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/selection.asp endpoint. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact, indicating potential exposure of sensitive administrative data. No KEV status, EPSS score, or confirmed POC availability was provided in the source data, limiting definitive assessment of active exploitation.

CVE-2025-40660 is a security vulnerability (CVSS 7.5) that allows an attacker. High severity vulnerability requiring prompt remediation.

CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass access controls and view the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelectionNetworks.asp endpoint. This high-severity vulnerability (CVSS 7.5) has a high confidentiality impact but does not enable data modification or service disruption. No active exploitation in the wild (KEV) or public proof-of-concept has been confirmed in available intelligence, but the vulnerability's simplicity and unauthenticated attack vector make it a significant priority for affected organizations.

CVE-2025-40658 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to bypass access controls and view private administrative areas by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelection.asp endpoint. The vulnerability has a CVSS 3.1 score of 7.5 (High) with high confidentiality impact, no privilege requirement, and no user interaction needed, making it a significant authentication bypass risk for affected CMS installations.

Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbitrary SQL commands through the 'cod' parameter in the /administer/node-selection/data.asp endpoint. This enables complete database compromise including unauthorized retrieval, creation, modification, and deletion of data. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an extremely high-severity threat to all exposed instances; exploitation status and proof-of-concept availability should be verified against current KEV and EPSS data.

Critical SQL injection vulnerability in DM Corporative CMS affecting the /antcatalogue.asp endpoint's 'name' parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with complete database compromise (retrieval, creation, modification, deletion). With a CVSS 9.8 score, zero authentication requirements, and network-accessible attack surface, this vulnerability represents an immediate and severe risk to all exposed instances; exploitation likelihood is extremely high given the straightforward injection point and lack of input validation.

A critical SQL injection vulnerability (CVE-2025-40654) exists in DM Corporative CMS affecting the /antbuspre.asp endpoint, where the 'name' and 'cod' parameters are not properly sanitized. This unauthenticated, network-accessible vulnerability allows remote attackers to execute arbitrary SQL commands, enabling complete database compromise including data exfiltration, modification, and destruction. With a CVSS 9.8 score and network-exploitable attack surface, this represents a critical production risk if DM Corporative CMS is internet-facing.

CVE-2025-4681 is an Improper Privilege Management vulnerability in upKeeper Solutions' upKeeper Instant Privilege Access that allows authenticated local attackers with low privileges to escalate permissions and achieve high-impact confidentiality, integrity, and availability violations. This affects all versions of upKeeper Instant Privilege Access before 1.4.0, and the CVSS 8.6 severity combined with local attack vector and low privilege requirements indicates a significant real-world threat to organizations using this privilege access management solution.

CVE-2025-4680 is an improper input validation vulnerability in upKeeper Solutions' upKeeper Instant Privilege Access that allows attackers with local access and low privileges to bypass access control security levels and achieve high-impact confidentiality, integrity, and availability violations. Versions before 1.4.0 are affected. With a CVSS score of 8.6 and local attack vector requiring user interaction, this represents a significant privilege escalation risk for organizations using this privileged access management solution, particularly if KEV status indicates active exploitation or public POC availability.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.

Privilege escalation vulnerability in SAP GRC that allows authenticated non-administrative users to access and initiate transactions capable of modifying system credentials. This critical flaw compromises confidentiality, integrity, and availability across the application, with a CVSS score of 8.8 indicating high severity. The vulnerability requires valid credentials to exploit but has no privilege requirements beyond basic user access, making it a significant risk in environments with broad GRC user bases.

SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.

Stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects BI Workspace that allows unauthenticated attackers to inject and persist malicious JavaScript code within workspaces. When authenticated users access compromised workspaces, the malicious script executes in their browser context, potentially exposing sensitive session tokens, cookies, and user data. The vulnerability has a CVSS score of 8.2 (High) with significant confidentiality impact; while KEV/EPSS data and active exploitation status are not provided in available intelligence, the attack requires user interaction and authentication context, moderating real-world severity despite the high CVSS rating.

CVE-2025-0037 is a security vulnerability (CVSS 6.6) that allows access. Remediation should follow standard vulnerability management procedures.

CVE-2025-0036 is a security vulnerability (CVSS 3.2). Remediation should follow standard vulnerability management procedures.

Critical arbitrary file upload vulnerability in CyberData 011209 Intercom systems that allows authenticated attackers to upload malicious files to multiple locations within the system without user interaction. With a CVSS 9.8 score and network-accessible attack surface requiring only valid authentication credentials, this vulnerability poses severe risk to organizations deploying these intercom systems. The vulnerability enables complete system compromise through arbitrary file placement, potentially allowing remote code execution, system manipulation, and data theft.

CyberData 011209 Intercom devices fail to properly store or protect web server administrator credentials, allowing unauthenticated remote attackers to obtain plaintext or weakly protected credentials with high confidence. This vulnerability (CVSS 7.5) affects web-based administrative interfaces and could lead to complete compromise of device configuration and control. No public exploit code or active KEV listing is confirmed at this time, but the vulnerability requires immediate attention due to the critical nature of credential exposure in networked intercom systems.

CVE-2025-26468 is an unauthenticated denial-of-service vulnerability in CyberData 011209 Intercom systems that allows remote attackers to disrupt system availability without requiring authentication or user interaction. The vulnerability has a CVSS score of 7.5 (High) with a network attack vector, indicating significant real-world risk from remote exploitation. While active exploitation status and POC availability cannot be confirmed from the provided data, the lack of authentication requirements (PR:N, UI:N) makes this a critical priority for affected organizations.

A security vulnerability in A vulnerability classified as critical (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

CyberData 011209 Intercom devices contain an authentication bypass vulnerability in the web interface accessible via an alternate path, allowing unauthenticated attackers complete unauthorized access (confidentiality, integrity, availability compromise). This CVSS 9.8 critical vulnerability affects CyberData intercom systems and poses immediate risk to organizations relying on these devices for communication and physical security integration. No specific KEV or active exploitation data provided, but the unauthenticated network-accessible nature with no mitigation requirements makes this highly likely to be targeted.

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Sensitive data exposure vulnerability in Lablup's BackendAI that allows authenticated attackers with high privileges to retrieve user credentials from active sessions on the management platform. The vulnerability affects the session management mechanism and has a CVSS score of 8.0 with a complex attack vector requiring high privilege access, indicating a serious but not trivially exploitable issue in production environments.

A security vulnerability in the session. This vulnerability exists in all current (CVSS 8.1) that allows attackers. High severity vulnerability requiring prompt remediation.

A security vulnerability in Requests (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

A security vulnerability in version 4.0.0 and (CVSS 9.0) that allows capturing of env variables. Risk factors: EPSS 41% exploitation probability, public PoC available. Vendor patch is available.

react-native-keys version 0.7.11 contains a sensitive information disclosure vulnerability where encryption ciphers and Base64-encoded secrets are stored as plaintext in compiled native binaries, allowing attackers with network access to extract these credentials via static analysis of the binary. This affects all applications using the vulnerable library version, and the high CVSS score of 7.5 reflects the ease of exploitation (no authentication required) and significant confidentiality impact, though the practical risk depends on whether secrets are actually embedded at build time and the sensitivity of exposed data.

PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Magze versions up to 1.0.9 that allows unauthenticated remote attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. This is a network-accessible vulnerability with high attack complexity but complete impact on confidentiality, integrity, and availability (CVSS 8.1). The vulnerability likely affects WordPress plugin deployments where Magze is installed, and successful exploitation could lead to remote code execution through log poisoning or other LFI-to-RCE chains.

A security vulnerability in Unfoldwp Magways allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A security vulnerability in Unfoldwp Magty allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A security vulnerability in Unfoldwp Blogvy allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.

PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogty plugin versions up to 1.0.11 that allows unauthenticated remote attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. The vulnerability has a CVSS score of 8.1 (High), indicating potential for confidentiality, integrity, and availability compromise. Active exploitation status and EPSS probability are critical factors in determining real-world risk severity.

PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogprise WordPress plugin versions through 1.0.9, stemming from improper control of filename parameters in PHP include/require statements (CWE-98). An unauthenticated remote attacker can exploit this vulnerability over the network to read arbitrary files from the server filesystem, potentially leading to information disclosure, code execution, or further compromise. The CVSS 8.1 score reflects high severity with network accessibility and significant confidentiality/integrity/availability impact, though attack complexity is rated as high suggesting specific conditions must be met for exploitation.

PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogmine versions up to 1.1.7 that allows unauthenticated remote attackers to include and execute arbitrary files on the server. The vulnerability stems from improper input validation on filename parameters used in PHP include/require statements (CWE-98). While the CVSS score of 8.1 reflects high impact potential across confidentiality, integrity, and availability, the AC:H (Attack Complexity: High) suggests exploitation requires specific conditions; KEV status, EPSS probability, and public POC availability are critical factors for determining actual prioritization.

PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogbyte versions through 1.1.1, stemming from improper control of filenames in PHP include/require statements. An unauthenticated remote attacker can exploit this vulnerability with high complexity to achieve arbitrary code execution, information disclosure, or service disruption. While the CVSS score of 8.1 reflects severe potential impact, the High attack complexity (AC:H) suggests exploitation requires specific conditions or timing, and KEV/active exploitation status and POC availability remain unconfirmed from available intelligence.

CVE-2025-48261 is an information disclosure vulnerability in MultiVendorX that allows unauthenticated remote attackers to retrieve sensitive data embedded within sent data through a network-accessible interface. The vulnerability affects MultiVendorX versions up to and including 4.2.22, with a CVSS score of 7.5 indicating high confidentiality impact. While no active KEV or public POC details were provided in the available intelligence, the network-accessible attack vector (AV:N) and lack of privilege requirements (PR:N) make this a material risk for exposed instances.

PHP Local File Inclusion (LFI) vulnerability in g5theme Essential Real Estate plugin versions through 5.2.1, allowing unauthenticated remote attackers to include and execute arbitrary local files on the affected server. The vulnerability stems from improper control of filename parameters in PHP include/require statements (CWE-98), enabling potential information disclosure, code execution, and system compromise. While the CVSS score of 8.1 indicates high severity with high confidentiality and integrity impact, real-world exploitation depends on server configuration, file system permissions, and available local files for inclusion.

Local File Inclusion (LFI) vulnerability in WP Event Manager WordPress plugin versions through 3.1.49 that allows unauthenticated remote attackers to include and execute arbitrary PHP files from the server filesystem. This CWE-98 vulnerability has a CVSS score of 8.1 (High severity) with high impact on confidentiality, integrity, and availability. While the vulnerability requires specific conditions (AC:H), its network accessibility and lack of authentication requirements make it a significant risk for affected WordPress installations.

PHP Local File Inclusion (LFI) vulnerability in magentech Revo versions up to 4.0.26 that allows unauthenticated remote attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. An attacker can exploit this to read sensitive files, execute code, or compromise the affected system; the vulnerability requires user interaction (UI:R) but carries high impact across confidentiality, integrity, and availability. While no public exploit code or KEV status is currently confirmed in available intelligence, the combination of network accessibility, high CVSS score (7.5), and file inclusion primitives makes this a notable risk for unpatched Revo installations.

PHP Local File Inclusion (LFI) vulnerability in Gavias Krowd versions up to 1.4.1 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper control of filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or execute malicious code with high complexity but high impact including confidentiality, integrity, and availability compromise. No public exploit code or active exploitation reports are currently available in standard vulnerability databases, but the high CVSS score (8.1) and network-accessible attack vector indicate significant risk for unpatched installations.

CVE-2025-31045 is an information disclosure vulnerability in the Elfsight Contact Form widget (versions through 2.3.1) that allows unauthenticated remote attackers to retrieve embedded sensitive data without any user interaction. The vulnerability exposes system information through an unauthorized control sphere, posing a high confidentiality risk with a CVSS score of 7.5. While the specific KEV status and EPSS probability are not provided in available sources, the network-accessible nature (AV:N) with no authentication required (PR:N) and lack of user interaction (UI:N) suggests this is readily exploitable by threat actors.

PHP Local File Inclusion (LFI) vulnerability in SNS Anton theme versions up to 4.1 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper input validation on filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or achieve remote code execution through log poisoning or other local file abuse techniques. With a CVSS score of 8.1 and network-based attack vector, this represents a critical risk to affected WordPress installations, particularly if actively exploited in the wild or if public proof-of-concept code is available.

A remote code execution vulnerability in snstheme Valen - Sport (CVSS 8.1). High severity vulnerability requiring prompt remediation.

PHP Local File Inclusion (LFI) vulnerability in the snstheme Avaz plugin that allows unauthenticated remote attackers to include arbitrary PHP files via improper control of filename parameters in include/require statements. The vulnerability affects Avaz versions through 2.8 and has a CVSS score of 8.1 (high severity), enabling attackers to execute arbitrary code, read sensitive files, and compromise system integrity without requiring authentication or user interaction.

PHP Local File Inclusion (LFI) vulnerability in BZOTheme GiftXtore versions through 1.7.4 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. This is a high-severity vulnerability (CVSS 8.1) that can lead to complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability stems from improper validation of filename parameters in PHP include/require statements, enabling attackers to access sensitive files or execute malicious code without authentication.

PHP Local File Inclusion (LFI) vulnerability in BZOTheme Petito versions up to 1.6.2 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability exploits improper control of filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files, execute code, or compromise server integrity with a CVSS score of 8.1 (High). While no public exploit code or KEV/EPSS data are confirmed in standard databases, the high CVSS and network accessibility make this a significant priority for affected organizations.

PHP Local File Inclusion (LFI) vulnerability in AncoraThemes Inset theme affecting versions through 1.18.0, allowing unauthenticated remote attackers to include and execute arbitrary local files on vulnerable servers. This CWE-98 vulnerability stems from improper control of filename parameters in PHP include/require statements, with a CVSS score of 8.1 (High) reflecting significant confidentiality, integrity, and availability impact. The moderate attack complexity (AC:H) suggests exploitation requires specific conditions or knowledge, though the network-accessible attack vector (AV:N) and lack of privilege requirements (PR:N) make this practically exploitable.

PHP Local File Inclusion (LFI) vulnerability in BZOTheme CraftXtore versions up to 1.7 that allows unauthenticated remote attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. The vulnerability has a CVSS score of 8.1 (high severity) with network accessibility and high impact to confidentiality, integrity, and availability. Exploitation requires moderate attack complexity but no user interaction or privileges, making it a significant risk if actively exploited or proof-of-concept code becomes public.

PHP Local File Inclusion (LFI) vulnerability in snstheme Nitan theme affecting versions through 2.9, allowing unauthenticated remote attackers to include and execute arbitrary local files on the server. While the CVSS score of 8.1 indicates high severity with potential for confidentiality, integrity, and availability impact, the attack complexity is marked as HIGH, suggesting exploitation requires specific conditions or server configurations. The vulnerability stems from improper validation of filename parameters in PHP include/require statements (CWE-98), a classic but dangerous class of web application flaws.

PHP Local File Inclusion (LFI) vulnerability in BZOTheme Fitrush versions up to 1.3.4 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper control of filenames in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or achieve remote code execution depending on server configuration. While the CVSS score is 8.1 (high severity), the CVSS vector indicates high attack complexity (AC:H), suggesting exploitation may require specific environmental conditions or knowledge of the target system's file structure.

A remote code execution vulnerability in snstheme BodyCenter - Gym (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.

Denial-of-service vulnerability in Discourse that allows unauthenticated remote attackers to reduce the availability of a Discourse instance by sending malicious URLs in private messages to bot users. The vulnerability affects Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed), with a CVSS 7.5 rating indicating high severity. No known public exploits or workarounds are currently available, but patches have been released.

CVE-2025-36528 is an authenticated SQL injection vulnerability in Zohocorp ManageEngine ADAudit Plus versions 8510 and earlier, affecting the Service Account Auditing reports functionality. An authenticated attacker with low privileges can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data disclosure, data modification, or partial denial of service. With a CVSS score of 8.3 and network-accessible attack vector, this represents a significant risk to organizations using affected versions, particularly in environments where administrative audit logs contain sensitive credentials and access patterns.