Information Disclosure

webERP 4.15.1 has an unauthenticated file access vulnerability allowing remote attackers to download sensitive files including configuration and database credentials.

import module contains a vulnerability that allows attackers to delete arbitrary files by manipulating the delete_import parameter (CVSS 8.8).

HTTP request smuggling in libsoup allows remote attackers to exploit non-compliant chunk header parsing by injecting malformed requests with LF-only line endings instead of proper CRLF formatting. Without requiring authentication, an attacker can cause libsoup to interpret multiple HTTP requests from a single network message, potentially leading to information disclosure. No patch is currently available for this vulnerability.

An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Tenda AC7 firmware V03.03.03.01_cn and earlier transmits account credentials in cleartext over HTTP, enabling network-positioned attackers to intercept and obtain authentication material without user interaction. This cleartext credential exposure in HTTP responses creates a high confidentiality risk for affected device users. No patch is currently available for this vulnerability.

Local code injection in NVIDIA Megatron-LM allows authenticated users to achieve arbitrary code execution and privilege escalation through malicious input to vulnerable scripts. An attacker with local access can craft specially designed data to trigger unsafe code evaluation, enabling complete system compromise including data theft and modification. No patch is currently available for this vulnerability affecting all supported platforms.

Tenda AC7 firmware v03.03.03.01_cn and earlier transmits administrative credentials in plaintext within web management responses and fails to set proper Cache-Control headers, allowing credentials to be cached by browsers. A local attacker with access to a client system or browser profile can retrieve these cached credentials to gain unauthorized administrative access to affected routers. No patch is currently available for this vulnerability.

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. [CVSS 3.7 LOW]

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 4.3 MEDIUM]

Open Eclass Platform versions up to 4.2 contains a vulnerability that allows attackers to identify valid user accounts by analyzing differences in the login response beha (CVSS 5.3).

FUXA v1.2.7 SCADA/HMI system has insecure default configuration with security disabled by default, exposing industrial control interfaces without authentication.

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). [CVSS 7.5 HIGH]

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. [CVSS 4.3 MEDIUM]

Rustfs versions up to 1.0.0 is affected by insertion of sensitive information into log file (CVSS 7.5).

The ContestsWP plugin versions 2.0.7 and earlier expose sensitive embedded data through improper access controls, allowing unauthenticated attackers to retrieve information from the contest-code-checker component. This low-impact information disclosure affects WordPress sites running vulnerable versions of the Run Contests, Raffles, and Giveaways plugin. No patch is currently available to remediate this exposure.

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method.

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. [CVSS 6.5 MEDIUM]

data exposed depends on the last application view displayed versions up to 4.71.0 contains a security vulnerability.

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. [CVSS 4.3 MEDIUM]

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. [CVSS 5.4 MEDIUM]

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. [CVSS 3.5 LOW]

Moodle contains a vulnerability that allows attackers to authenticate through the Learning Tools Interoperability (LTI) Provider (CVSS 8.1).

The Tutor LMS plugin for WordPress fails to enforce capability checks in its coupon details AJAX function, allowing authenticated subscribers to disclose sensitive coupon data including codes, discount amounts, and usage metrics through nonce validation bypass. This information exposure affects all versions up to 3.9.5 and requires only valid user authentication to exploit. No patch is currently available.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026. [CVSS 7.5 HIGH]

WRC-X1500GS-B and WRC-X1500GSA-B routers contain a weak credential derivation vulnerability where initial administrative passwords can be predicted from publicly available system information, potentially allowing unauthenticated attackers to gain administrative access. The vulnerability requires physical proximity to the device to obtain necessary system details, limiting its practical exploitability. No patch is currently available for affected devices.

Spectra Gutenberg Blocks plugin for WordPress fails to properly check password protection before displaying post excerpts, allowing unauthenticated attackers to read excerpts from password-protected posts through Post Grid, Post Masonry, Post Carousel, and Post Timeline blocks. The vulnerability affects all versions up to 2.19.17 and requires no authentication or user interaction to exploit. Currently, no patch is available.

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).

Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C.

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php.

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. [CVSS 7.5 HIGH]

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. [CVSS 6.5 MEDIUM]

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.

Email enumeration in PolarLearn through timing analysis of the login endpoint allows unauthenticated attackers to identify valid user accounts by observing response time differences between existing and non-existent users. The vulnerability stems from the server only performing expensive password hashing for registered accounts, creating a measurable timing side-channel. Public exploit code exists for this vulnerability affecting PolarLearn version 0-PRERELEASE-15 and earlier.

PolarLearn versions 0-PRERELEASE-15 and earlier lack proper state parameter validation in OAuth 2.0 authentication, enabling attackers to conduct login CSRF attacks against GitHub and Google login flows. An attacker can pre-authenticate a victim's session and trick them into logging into the attacker's account, causing the victim's data and academic progress to be stored on the attacker's account instead. Public exploit code exists for this vulnerability, and a patch is available.

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction.

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. [CVSS 4.9 MEDIUM]

Sannav contains a vulnerability that allows attackers to a remote authenticated attacker with admin privilege able to access the SANnav l (CVSS 4.9).

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. [CVSS 6.5 MEDIUM]

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. [CVSS 7.7 HIGH]

Native Access's privileged XPC helper uses PID-based code signature verification, which is vulnerable to PID reuse attacks allowing local attackers with low privileges to bypass security checks and gain elevated access. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can leverage this flaw to achieve arbitrary code execution with the privileges of the helper process.

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. [CVSS 8.8 HIGH]

Foreman KubeVirt disables SSL/TLS certificate verification by default when a CA certificate is not explicitly configured, enabling network-positioned attackers to intercept and manipulate communications between Satellite and OpenShift clusters. This man-in-the-middle vulnerability affects authenticated users and could result in unauthorized access to or modification of sensitive deployment data. No patch is currently available.

Improper certificate validation in fog-kubevirt enables remote attackers with network access to conduct man-in-the-middle attacks against communications between Satellite and OpenShift clusters, potentially exposing sensitive data and modifying traffic in transit. An authenticated attacker can exploit this vulnerability to intercept and tamper with cluster management communications due to disabled SSL/TLS certificate verification. Currently no patch is available for this high-severity vulnerability.

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings. [CVSS 2.7 LOW]

The debug interface in EFM ipTIME A8004T firmware versions up to 14.18.2 contains a backdoor vulnerability in the /sess-bin/d.cgi component that can be exploited remotely through manipulation of the cmd parameter, allowing authenticated attackers with high privileges to achieve unauthorized access. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification of the disclosure.

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs extracted from query strings, transmitting authentication tokens without user confirmation. This network-based vulnerability requires user interaction (clicking a malicious link) and allows attackers to hijack authenticated sessions and perform actions with the victim's privileges. Public exploit code exists for this high-severity flaw with no patch currently available.

Improper authorization in CRMEB up to version 5.6.3 allows authenticated remote attackers to access unauthorized order details by manipulating the order_id parameter in the /api/store_integral/order/detail/ endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

The Linux kernel's dmaengine QCOM GPI driver fails to properly handle krealloc() failures in gpi_peripheral_config(), causing memory leaks when reallocation of the channel configuration buffer fails. Local users with sufficient privileges can trigger this memory exhaustion condition, potentially leading to denial of service through resource depletion. A patch is not yet available for this vulnerability.

A memory corruption vulnerability in the Linux kernel's page allocation subsystem affects uniprocessor (SMP=n) configurations, allowing local attackers with low privileges to corrupt per-CPU page caches and potentially execute arbitrary code with elevated privileges. The vulnerability stems from improper spinlock handling in the page freeing path that can cause data structure corruption when triggered from interrupt context. No patch is currently available for this high-severity issue.

The idpf driver in the Linux kernel fails to properly clean up flow steering list entries during module removal, resulting in memory leaks when ethtool flow steering rules remain active. A local user with module removal privileges can trigger this memory exhaustion condition. No patch is currently available for this medium-severity vulnerability.

The Linux kernel's idpf driver fails to properly free the vport->rx_ptype_lkup memory during virtual port reset operations, resulting in a memory leak that could degrade system performance or cause denial of service on affected systems. A local attacker with sufficient privileges could trigger repeated reset cycles to exhaust available kernel memory. No patch is currently available for this vulnerability.

The Linux kernel's idpf driver fails to free the hw->lan_regs memory allocation during core deinitialization, resulting in a memory leak that can degrade system stability during driver reset operations. Local users with sufficient privileges can trigger this leak repeatedly through driver reset cycles, potentially leading to denial of service through memory exhaustion. A patch is not currently available for this medium-severity vulnerability.

The pegasus USB driver in Linux kernel fails to properly release memory when asynchronous device register writes encounter USB submission failures, leading to memory exhaustion. A local attacker with user-level access can trigger this leak by causing USB operations to fail, potentially degrading system performance or causing denial of service. A patch is available to address the resource cleanup issue.

A local privilege escalation vulnerability in the Linux kernel's btrfs filesystem can cause a denial of service through circular locking dependencies when memory reclaim is triggered during inode initialization. An authenticated local attacker can exploit this to hang or crash the system by performing filesystem operations that trigger the vulnerable code path. No patch is currently available.

Linux kernel netfilter conntrack cleanup can hang indefinitely due to improper reference counting in IP fragmentation reassembly, where fraglist skbs retain nf_conn references that are never released. A local attacker with network namespace capabilities can trigger this denial of service condition, causing conntrack cleanup operations to become blocked. No patch is currently available for this medium-severity vulnerability.

The Linux kernel GPIO MPSSE driver fails to properly release USB device references during probe error handling, potentially leading to resource exhaustion and denial of service on systems using affected GPIO hardware. A local attacker with standard user privileges can trigger this leak by causing probe failures, eventually exhausting system resources and impacting system availability. No patch is currently available for this issue.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources.

CVE-2025-71190 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route...

In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one of them is a directory, we can end up with a log tree that contains only of the inodes and after a power failure that can result in an attempt to delete the other inode when it should not because it was not deleted before the power failure.

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free.

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git...

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

Vendure versions up to 3.5.3 contains a vulnerability that allows attackers to enumerate valid usernames (email addresses) (CVSS 5.3).

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.

Insufficient input validation in HIKSEMI NAS devices allows authenticated users to trigger denial of service conditions through malformed messages. An attacker with valid credentials can exploit this flaw to cause abnormal device behavior and availability disruptions without requiring user interaction. No patch is currently available to address this vulnerability.

Codriapp Innovation and Software Technologies Inc. HeyGarson is affected by error message information leak (CVSS 8.2).

Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. [CVSS 3.2 LOW]

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]

Vx800V Firmware contains a vulnerability that allows attackers to high impact to confidentiality, integrity, and availability of transmitted data (CVSS 8.8).

Bhojon Restaurant Management System versions up to 20260116 contain a price manipulation vulnerability in the add-to-cart endpoint that allows authenticated attackers to bypass business logic controls. Public exploit code exists for this issue, and the vendor has not provided a patch despite early notification. While the direct impact is limited to price modification, this could enable financial fraud through order manipulation.

Bhojon versions up to 20260116. contains a vulnerability that allows attackers to business logic errors (CVSS 4.3).

Improper authorization in Bdtask SalesERP's administrative endpoint allows authenticated attackers to manipulate the ci_session parameter and gain unauthorized access to restricted functions. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. Affected versions through January 16, 2026 enable remote exploitation by any user with valid credentials.

R PVI client versions up to 6.5 is affected by insertion of sensitive information into log file (CVSS 5.0).

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain ...

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. [CVSS 7.8 HIGH]

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [CVSS 5.7 MEDIUM]