Information Disclosure
Monthly
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
jose v6.0.10 was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.
Improper sandbox enforcement in macOS allows local applications to read files outside their designated sandbox boundaries without user authorization. The vulnerability affects macOS Sequoia before 15.6, macOS Sonoma before 14.7.7, and macOS Ventura before 13.7.7. An attacker controlling a sandboxed application can bypass file access restrictions through a permissions validation flaw, enabling confidentiality breaches of user data outside the app's intended scope. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the medium CVSS rating.
Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.
Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.
Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.
Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.
Local apps can access sensitive user data through inadequate log redaction in iPadOS and macOS, allowing information disclosure when a user interacts with a malicious application. Apple has released patches for iPadOS 17.7.9 and macOS versions 15.6 (Sequoia), 14.7.7 (Sonoma), and 13.7.7 (Ventura) that implement improved data redaction in logging. The EPSS score of 0.01% and absence of public exploit code indicate low real-world exploitation likelihood despite moderate CVSS scoring.
Privacy indicator bypass in Apple iOS and iPadOS allows local attackers to determine microphone or camera access without user notification. The vulnerability affects iOS 18.6 and earlier, and iPadOS 17.7.9 and earlier, enabling unauthorized monitoring of privacy-sensitive device activity. Apple has released patched versions (iOS 18.6, iPadOS 18.6, and iPadOS 17.7.9) that add logic to correctly display privacy indicators when microphone or camera access occurs. EPSS exploitation probability is very low at 0.02%, and no public exploit code has been identified.
Path traversal vulnerability in macOS allows local applications to bypass directory path validation and access protected user data without authentication. Affecting macOS Ventura, Sonoma, and Sequoia, the flaw stems from improper path parsing that enables an unprivileged app to read sensitive files outside intended boundaries. Apple has released patches for all affected versions (Ventura 13.7.7, Sonoma 14.7.7, Sequoia 15.6); exploitation requires local access and app execution capability, resulting in low real-world risk despite moderate CVSS score.
Applications on Apple operating systems can fingerprint users through a permissions flaw that bypasses privacy restrictions. Affects macOS Ventura 13.x, Sonoma 14.x, Sequoia 15.x, and iPadOS 17.x with patches released in versions 13.7.7, 14.7.7, 15.6, and 17.7.9 respectively. CVSS 9.8 critical severity contradicts the low EPSS score (0.07%, 22nd percentile) and information disclosure nature, suggesting scoring misalignment. No public exploit identified at time of analysis, but the low technical barrier (network accessible, no authentication required per CVSS vector) makes this concerning for privacy-focused environments despite the limited impact scope of user fingerprinting.
A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "Based on Vaelsys' analysis, the reported behavior does not allow actions beyond those already permitted to authenticated administrative users, and no change in system configuration or operational practices is necessary."
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended.
Remote root access in Gardyn Home Kit Firmware via SSH private key compromise allows authenticated remote attackers with high privileges to execute arbitrary commands as root on affected devices. The vulnerability stems from improper cryptographic key management (CWE-321) and carries a CVSS score of 6.6; no public exploit code or active exploitation has been independently confirmed at the time of analysis.
Linux kernel DRM scheduler fails to signal scheduled fences when killing job entities, causing dependent applications to hang indefinitely waiting for unresolved dependencies. Authenticated local users can trigger this denial of service by terminating applications whose job dependencies are not properly cleared during entity kill operations. The vulnerability affects multiple Linux kernel versions and has been patched upstream.
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar. Affects all Firefox versions prior to 141 and corresponding Thunderbird releases. Attackers can craft URLs that hide the true destination, tricking users into visiting malicious sites. Publicly available exploit code exists. CVSS 9.8 critical rating reflects network-based attack requiring no authentication, though real-world exploitation requires social engineering (user interaction despite UI:N vector).
Search term leakage in Mozilla Firefox and Thunderbird URL bars exposes sensitive user queries to unauthorized parties when URLs are shared or logged. Firefox versions prior to 141 (regular) and 140.1 (ESR), and Thunderbird versions prior to 141 (regular) and 140.1 (ESR) fail to properly clear search parameters from the URL bar after navigation, enabling information disclosure through shoulder surfing, screenshot sharing, browser history exports, or URL-based tracking. No public exploit identified at time of analysis, though the attack requires only user interaction (EPSS data not provided). CVSS 8.1 reflects high confidentiality and integrity impact despite requiring user interaction.
Frame navigation validation bypass in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to violate security boundaries due to improper path checking (CWE-345). Affects Firefox <141, Firefox ESR <140.1, Thunderbird <141, and Thunderbird ESR <140.1. The CVSS 9.8 critical score reflects network-based exploitation with no user interaction required, enabling potential unauthorized access, data manipulation, and service disruption. No public exploit identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) suggest straightforward exploitation once technical details emerge.
Cookie shadowing in Mozilla Firefox (versions prior to 141 and ESR prior to 140.1) and Thunderbird (versions prior to 141 and ESR prior to 140.1) allows remote unauthenticated attackers to bypass Secure cookie protections and access or modify session data. A nameless cookie containing an equals sign set over insecure HTTP can override cookies with the Secure attribute, enabling session hijacking or authentication bypass. No public exploit identified at time of analysis, though the attack complexity is low (CVSS AC:L) with network-based attack vector requiring no user interaction.
DNS rebinding attacks can bypass Cross-Origin Resource Sharing (CORS) protections in Mozilla Firefox and Thunderbird due to improper cache invalidation of CORS preflight responses when target IP addresses change. Remote attackers can exploit this via malicious websites to access confidential cross-origin data without user authentication (CVSS: PR:N, UI:R). No public exploit identified at time of analysis, though CERT VU#652514 provides technical disclosure. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, and no required privileges warrants attention for organizations using affected Mozilla products.
WebAssembly JIT compiler on ARM64 architectures incorrectly calculates branch addresses when processing WASM br_table instructions with numerous entries, enabling remote code execution in Firefox <141, Firefox ESR <115.26/128.13/140.1, and Thunderbird <141/128.13/140.1. The vulnerability requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), allowing network-based attackers to potentially execute arbitrary code through malicious WASM content. Vendor-released patches are available across all affected product lines. No public exploit identified at time of analysis, though the CVSS 9.8 critical rating reflects the theoretical severity of unauthenticated remote code execution.
Information disclosure in Mozilla Firefox and Thunderbird on 64-bit platforms allows remote attackers to leak sensitive memory contents via specially crafted web content. The IonMonkey JIT compiler writes only 32 bits of the 64-bit return value space on the stack, while the Baseline JIT reads the entire 64 bits, exposing uninitialized stack memory. Exploitation requires user interaction (UI:R) and no authentication. Fixes are available: Firefox 141+, Firefox ESR 115.26+, Firefox ESR 128.13+, Firefox ESR 140.1+, Thunderbird 141+, Thunderbird 128.13+, and Thunderbird 140.1+.
Weak cryptography in Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 exposes local communications on internal ports 9000 and 8036 to potential decryption and tampering. Local attackers with no privileges can compromise confidentiality and integrity of data transmitted through these internal service ports. No public exploit identified at time of analysis. EPSS data not available, but the local attack vector (AV:L) limits remote exploitation risk despite the 8.6 CVSS score.
JSON Web Token exposure in Brocade Active Support Connectivity Gateway (ASCG) prior to version 3.3.0 enables high-privileged local attackers to extract unencrypted authentication tokens from log files, leading to unauthorized access and session hijacking. This CWE-532 (insertion of sensitive information into log file) vulnerability requires local access with high privileges but presents low attack complexity. EPSS data not provided; no confirmed active exploitation (not present in CISA KEV); no public exploit code identified at time of analysis. The CVSS 4.0 score of 7.1 reflects significant confidentiality and integrity impact within the vulnerable component scope.
Local file inclusion vulnerability in HT Contact Form 7 plugin version 2.0.0 and earlier allows unauthenticated attackers to read arbitrary files from the server filesystem, potentially exposing sensitive configuration files, credentials, and source code. The vulnerability exists in PHP file inclusion/require statements that fail to properly validate or sanitize user-supplied input, enabling attackers to traverse the directory structure and access files outside the intended directory scope. With an EPSS score of 0.14% indicating low exploitation probability despite the technical capability, this vulnerability requires direct web interaction but poses information disclosure risks rather than remote code execution.
LaRecipe versions prior to 2.8.1 contain a Server-Side Template Injection (SSTI) vulnerability that can lead to Remote Code Execution (RCE) in vulnerable configurations. The vulnerability allows unauthenticated network attackers to execute arbitrary commands on the server, access sensitive environment variables, and escalate privileges without requiring user interaction or special access. With a perfect CVSS 3.1 score of 10.0 and network-based attack vector, this represents a critical threat to all unpatched LaRecipe installations.
WeGIA versions prior to 3.4.5 contain a SQL Injection vulnerability in the member deletion endpoint that allows authenticated users to execute arbitrary SQL commands via the `id_socio` parameter. This high-severity vulnerability (CVSS 8.8) compromises the confidentiality, integrity, and availability of the entire database. The vulnerability requires valid credentials to exploit but offers complete database compromise once authenticated.
CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk. Version 3.3.7 fixes the issue. Owners of instances that allow everyone to create a user account, who wish to truly restrict access to these user details, should consider restricting user search to managers. As a workaround, it is possible to restrict access to the affected endpoints (e.g. in the webserver config), but doing so would break certain form fields which could no longer show the details of the users listed in those fields, so upgrading instead is highly recommended.
CVE-2025-53623 is an arbitrary code execution vulnerability in the Job Iteration API's CsvEnumerator class affecting versions prior to 1.11.0. An unauthenticated remote attacker can execute arbitrary system commands by supplying malicious input to CSV file processing methods, particularly the count_of_rows_in_file method, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.1 indicating high severity with network-accessible attack vector and no privilege requirements.
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.
CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.
CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure.
Apache Jackrabbit versions prior to 2.23.2 contain blind XXE (XML External Entity) vulnerabilities in jackrabbit-spi-commons and jackrabbit-core components due to unsafe XML document parsing when loading privilege definitions. An authenticated attacker with low privileges can exploit this to achieve high-impact confidentiality, integrity, and availability compromise. The vulnerability requires user authentication (PR:L) but has no interaction requirement and affects all systems regardless of scope.
A security vulnerability in A vulnerability in the External Interface of OTRS (CVSS 5.3) that allows conclusions. Remediation should follow standard vulnerability management procedures.
A arbitrary file access vulnerability (CVSS 7.1) that allows an attacker. High severity vulnerability requiring prompt remediation.
A information disclosure vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.
CVE-2025-7576 is a critical improper access control vulnerability affecting Teledyne FLIR thermal imaging devices (FB-Series O and FH-Series) running firmware version 1.3.2.16 and earlier. An unauthenticated remote attacker can exploit the vulnerable /priv/production/production.html endpoint to gain unauthorized access with low complexity, potentially reading, modifying, or disrupting system availability. Public exploit code exists and the vendor has not responded to disclosure, increasing real-world exploitation risk.
A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is subsequently displayed in the user interface. This allows attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7564 is a critical authentication bypass vulnerability in LB-LINK BL-AC3600 firmware version 1.0.22 that exposes hard-coded credentials (root:blinkadmin) in the /etc/shadow file. An authenticated local attacker can exploit this to gain full system compromise with high impact on confidentiality, integrity, and availability. Public exploitation code exists and the vendor has not responded to disclosure attempts, elevating real-world risk despite requiring local access prerequisites.
A remote code execution vulnerability in Dromara Northstar (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
CVE-2025-7517 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getDay.php file's cidval parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and exploitation requires no special privileges or user interaction, making it an immediate threat to deployed instances.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.
The Friends plugin for WordPress versions up to 3.5.1 contains a PHP Object Injection vulnerability in the query_vars parameter that allows authenticated subscribers and above to inject malicious serialized objects through unsafe deserialization. While the plugin itself lacks a known gadget chain (POP chain), successful exploitation depends on the presence of vulnerable code in other installed plugins or themes; if such a chain exists, attackers can achieve arbitrary file deletion, data exfiltration, or remote code execution, but exploitation requires knowledge of the site's SALT_NONCE and SALT_KEY values.
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
CVE-2023-39338 is a security vulnerability (CVSS 6.8) that allows the user. Remediation should follow standard vulnerability management procedures.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.
CVE-2025-7028 is a critical privilege escalation vulnerability in Software SMI handlers that allows local authenticated attackers to achieve arbitrary read/write access to System Management RAM (SMRAM) through unchecked pointer dereference. The vulnerability affects firmware implementations using vulnerable SwSmiInputValue 0x20 handlers across multiple OEM platforms; attackers can corrupt firmware, exfiltrate SMRAM contents, or install persistent implants. With a CVSS score of 7.8 (High) and low attack complexity, this represents a significant firmware security risk, though exploitation requires local access and low privileges.
A security vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local (CVSS 5.1). Remediation should follow standard vulnerability management procedures.
A command injection vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-52950 is a Missing Authorization vulnerability in Juniper Networks Security Director that allows authenticated attackers to read and modify sensitive resources beyond their authorization level through the web interface. This affects Security Director version 24.4.1 and could enable lateral movement and compromise of downstream managed network devices. The vulnerability has a critical CVSS 9.6 score and represents a significant integrity and availability risk, though it requires valid credentials to exploit.
CVE-2025-52089 is a critical remote code execution vulnerability in TOTOLINK N300RB firmware version 8.54, where a hidden remote support feature protected only by a static secret allows authenticated attackers to execute arbitrary OS commands with root privileges. While the CVSS 3.1 score of 8.8 reflects high severity, the attack vector is adjacent network (AV:A), limiting widespread exploitation to network-adjacent attackers. The vulnerability has not been publicly confirmed as actively exploited or included in CISA's Known Exploited Vulnerabilities (KEV) catalog, but the simplistic authentication mechanism (static secret) and hidden feature design suggest high exploitability once discovered.
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
jose v6.0.10 was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.
Improper sandbox enforcement in macOS allows local applications to read files outside their designated sandbox boundaries without user authorization. The vulnerability affects macOS Sequoia before 15.6, macOS Sonoma before 14.7.7, and macOS Ventura before 13.7.7. An attacker controlling a sandboxed application can bypass file access restrictions through a permissions validation flaw, enabling confidentiality breaches of user data outside the app's intended scope. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the medium CVSS rating.
Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.
Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.
Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.
Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.
Local apps can access sensitive user data through inadequate log redaction in iPadOS and macOS, allowing information disclosure when a user interacts with a malicious application. Apple has released patches for iPadOS 17.7.9 and macOS versions 15.6 (Sequoia), 14.7.7 (Sonoma), and 13.7.7 (Ventura) that implement improved data redaction in logging. The EPSS score of 0.01% and absence of public exploit code indicate low real-world exploitation likelihood despite moderate CVSS scoring.
Privacy indicator bypass in Apple iOS and iPadOS allows local attackers to determine microphone or camera access without user notification. The vulnerability affects iOS 18.6 and earlier, and iPadOS 17.7.9 and earlier, enabling unauthorized monitoring of privacy-sensitive device activity. Apple has released patched versions (iOS 18.6, iPadOS 18.6, and iPadOS 17.7.9) that add logic to correctly display privacy indicators when microphone or camera access occurs. EPSS exploitation probability is very low at 0.02%, and no public exploit code has been identified.
Path traversal vulnerability in macOS allows local applications to bypass directory path validation and access protected user data without authentication. Affecting macOS Ventura, Sonoma, and Sequoia, the flaw stems from improper path parsing that enables an unprivileged app to read sensitive files outside intended boundaries. Apple has released patches for all affected versions (Ventura 13.7.7, Sonoma 14.7.7, Sequoia 15.6); exploitation requires local access and app execution capability, resulting in low real-world risk despite moderate CVSS score.
Applications on Apple operating systems can fingerprint users through a permissions flaw that bypasses privacy restrictions. Affects macOS Ventura 13.x, Sonoma 14.x, Sequoia 15.x, and iPadOS 17.x with patches released in versions 13.7.7, 14.7.7, 15.6, and 17.7.9 respectively. CVSS 9.8 critical severity contradicts the low EPSS score (0.07%, 22nd percentile) and information disclosure nature, suggesting scoring misalignment. No public exploit identified at time of analysis, but the low technical barrier (network accessible, no authentication required per CVSS vector) makes this concerning for privacy-focused environments despite the limited impact scope of user fingerprinting.
A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "Based on Vaelsys' analysis, the reported behavior does not allow actions beyond those already permitted to authenticated administrative users, and no change in system configuration or operational practices is necessary."
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 5.1.1 and 5.4.1 is able to mitigate this issue. Upgrading the affected component is recommended.
Remote root access in Gardyn Home Kit Firmware via SSH private key compromise allows authenticated remote attackers with high privileges to execute arbitrary commands as root on affected devices. The vulnerability stems from improper cryptographic key management (CWE-321) and carries a CVSS score of 6.6; no public exploit code or active exploitation has been independently confirmed at the time of analysis.
Linux kernel DRM scheduler fails to signal scheduled fences when killing job entities, causing dependent applications to hang indefinitely waiting for unresolved dependencies. Authenticated local users can trigger this denial of service by terminating applications whose job dependencies are not properly cleared during entity kill operations. The vulnerability affects multiple Linux kernel versions and has been patched upstream.
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Firefox and Thunderbird URL truncation flaw enables spoofing attacks by displaying misleading origins in the address bar. Affects all Firefox versions prior to 141 and corresponding Thunderbird releases. Attackers can craft URLs that hide the true destination, tricking users into visiting malicious sites. Publicly available exploit code exists. CVSS 9.8 critical rating reflects network-based attack requiring no authentication, though real-world exploitation requires social engineering (user interaction despite UI:N vector).
Search term leakage in Mozilla Firefox and Thunderbird URL bars exposes sensitive user queries to unauthorized parties when URLs are shared or logged. Firefox versions prior to 141 (regular) and 140.1 (ESR), and Thunderbird versions prior to 141 (regular) and 140.1 (ESR) fail to properly clear search parameters from the URL bar after navigation, enabling information disclosure through shoulder surfing, screenshot sharing, browser history exports, or URL-based tracking. No public exploit identified at time of analysis, though the attack requires only user interaction (EPSS data not provided). CVSS 8.1 reflects high confidentiality and integrity impact despite requiring user interaction.
Frame navigation validation bypass in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to violate security boundaries due to improper path checking (CWE-345). Affects Firefox <141, Firefox ESR <140.1, Thunderbird <141, and Thunderbird ESR <140.1. The CVSS 9.8 critical score reflects network-based exploitation with no user interaction required, enabling potential unauthorized access, data manipulation, and service disruption. No public exploit identified at time of analysis, though the network attack vector (AV:N) and low complexity (AC:L) suggest straightforward exploitation once technical details emerge.
Cookie shadowing in Mozilla Firefox (versions prior to 141 and ESR prior to 140.1) and Thunderbird (versions prior to 141 and ESR prior to 140.1) allows remote unauthenticated attackers to bypass Secure cookie protections and access or modify session data. A nameless cookie containing an equals sign set over insecure HTTP can override cookies with the Secure attribute, enabling session hijacking or authentication bypass. No public exploit identified at time of analysis, though the attack complexity is low (CVSS AC:L) with network-based attack vector requiring no user interaction.
DNS rebinding attacks can bypass Cross-Origin Resource Sharing (CORS) protections in Mozilla Firefox and Thunderbird due to improper cache invalidation of CORS preflight responses when target IP addresses change. Remote attackers can exploit this via malicious websites to access confidential cross-origin data without user authentication (CVSS: PR:N, UI:R). No public exploit identified at time of analysis, though CERT VU#652514 provides technical disclosure. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, and no required privileges warrants attention for organizations using affected Mozilla products.
WebAssembly JIT compiler on ARM64 architectures incorrectly calculates branch addresses when processing WASM br_table instructions with numerous entries, enabling remote code execution in Firefox <141, Firefox ESR <115.26/128.13/140.1, and Thunderbird <141/128.13/140.1. The vulnerability requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), allowing network-based attackers to potentially execute arbitrary code through malicious WASM content. Vendor-released patches are available across all affected product lines. No public exploit identified at time of analysis, though the CVSS 9.8 critical rating reflects the theoretical severity of unauthenticated remote code execution.
Information disclosure in Mozilla Firefox and Thunderbird on 64-bit platforms allows remote attackers to leak sensitive memory contents via specially crafted web content. The IonMonkey JIT compiler writes only 32 bits of the 64-bit return value space on the stack, while the Baseline JIT reads the entire 64 bits, exposing uninitialized stack memory. Exploitation requires user interaction (UI:R) and no authentication. Fixes are available: Firefox 141+, Firefox ESR 115.26+, Firefox ESR 128.13+, Firefox ESR 140.1+, Thunderbird 141+, Thunderbird 128.13+, and Thunderbird 140.1+.
Weak cryptography in Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 exposes local communications on internal ports 9000 and 8036 to potential decryption and tampering. Local attackers with no privileges can compromise confidentiality and integrity of data transmitted through these internal service ports. No public exploit identified at time of analysis. EPSS data not available, but the local attack vector (AV:L) limits remote exploitation risk despite the 8.6 CVSS score.
JSON Web Token exposure in Brocade Active Support Connectivity Gateway (ASCG) prior to version 3.3.0 enables high-privileged local attackers to extract unencrypted authentication tokens from log files, leading to unauthorized access and session hijacking. This CWE-532 (insertion of sensitive information into log file) vulnerability requires local access with high privileges but presents low attack complexity. EPSS data not provided; no confirmed active exploitation (not present in CISA KEV); no public exploit code identified at time of analysis. The CVSS 4.0 score of 7.1 reflects significant confidentiality and integrity impact within the vulnerable component scope.
Local file inclusion vulnerability in HT Contact Form 7 plugin version 2.0.0 and earlier allows unauthenticated attackers to read arbitrary files from the server filesystem, potentially exposing sensitive configuration files, credentials, and source code. The vulnerability exists in PHP file inclusion/require statements that fail to properly validate or sanitize user-supplied input, enabling attackers to traverse the directory structure and access files outside the intended directory scope. With an EPSS score of 0.14% indicating low exploitation probability despite the technical capability, this vulnerability requires direct web interaction but poses information disclosure risks rather than remote code execution.
LaRecipe versions prior to 2.8.1 contain a Server-Side Template Injection (SSTI) vulnerability that can lead to Remote Code Execution (RCE) in vulnerable configurations. The vulnerability allows unauthenticated network attackers to execute arbitrary commands on the server, access sensitive environment variables, and escalate privileges without requiring user interaction or special access. With a perfect CVSS 3.1 score of 10.0 and network-based attack vector, this represents a critical threat to all unpatched LaRecipe installations.
WeGIA versions prior to 3.4.5 contain a SQL Injection vulnerability in the member deletion endpoint that allows authenticated users to execute arbitrary SQL commands via the `id_socio` parameter. This high-severity vulnerability (CVSS 8.8) compromises the confidentiality, integrity, and availability of the entire database. The vulnerability requires valid credentials to exploit but offers complete database compromise once authenticated.
CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk. Version 3.3.7 fixes the issue. Owners of instances that allow everyone to create a user account, who wish to truly restrict access to these user details, should consider restricting user search to managers. As a workaround, it is possible to restrict access to the affected endpoints (e.g. in the webserver config), but doing so would break certain form fields which could no longer show the details of the users listed in those fields, so upgrading instead is highly recommended.
CVE-2025-53623 is an arbitrary code execution vulnerability in the Job Iteration API's CsvEnumerator class affecting versions prior to 1.11.0. An unauthenticated remote attacker can execute arbitrary system commands by supplying malicious input to CSV file processing methods, particularly the count_of_rows_in_file method, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.1 indicating high severity with network-accessible attack vector and no privilege requirements.
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.
CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.
CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure.
Apache Jackrabbit versions prior to 2.23.2 contain blind XXE (XML External Entity) vulnerabilities in jackrabbit-spi-commons and jackrabbit-core components due to unsafe XML document parsing when loading privilege definitions. An authenticated attacker with low privileges can exploit this to achieve high-impact confidentiality, integrity, and availability compromise. The vulnerability requires user authentication (PR:L) but has no interaction requirement and affects all systems regardless of scope.
A security vulnerability in A vulnerability in the External Interface of OTRS (CVSS 5.3) that allows conclusions. Remediation should follow standard vulnerability management procedures.
A arbitrary file access vulnerability (CVSS 7.1) that allows an attacker. High severity vulnerability requiring prompt remediation.
A information disclosure vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.
CVE-2025-7576 is a critical improper access control vulnerability affecting Teledyne FLIR thermal imaging devices (FB-Series O and FH-Series) running firmware version 1.3.2.16 and earlier. An unauthenticated remote attacker can exploit the vulnerable /priv/production/production.html endpoint to gain unauthorized access with low complexity, potentially reading, modifying, or disrupting system availability. Public exploit code exists and the vendor has not responded to disclosure, increasing real-world exploitation risk.
A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is subsequently displayed in the user interface. This allows attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7564 is a critical authentication bypass vulnerability in LB-LINK BL-AC3600 firmware version 1.0.22 that exposes hard-coded credentials (root:blinkadmin) in the /etc/shadow file. An authenticated local attacker can exploit this to gain full system compromise with high impact on confidentiality, integrity, and availability. Public exploitation code exists and the vendor has not responded to disclosure attempts, elevating real-world risk despite requiring local access prerequisites.
A remote code execution vulnerability in Dromara Northstar (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
CVE-2025-7517 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getDay.php file's cidval parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and exploitation requires no special privileges or user interaction, making it an immediate threat to deployed instances.
CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.
The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files.
The Friends plugin for WordPress versions up to 3.5.1 contains a PHP Object Injection vulnerability in the query_vars parameter that allows authenticated subscribers and above to inject malicious serialized objects through unsafe deserialization. While the plugin itself lacks a known gadget chain (POP chain), successful exploitation depends on the presence of vulnerable code in other installed plugins or themes; if such a chain exists, attackers can achieve arbitrary file deletion, data exfiltration, or remote code execution, but exploitation requires knowledge of the site's SALT_NONCE and SALT_KEY values.
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
CVE-2023-39338 is a security vulnerability (CVSS 6.8) that allows the user. Remediation should follow standard vulnerability management procedures.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1.
CVE-2025-7028 is a critical privilege escalation vulnerability in Software SMI handlers that allows local authenticated attackers to achieve arbitrary read/write access to System Management RAM (SMRAM) through unchecked pointer dereference. The vulnerability affects firmware implementations using vulnerable SwSmiInputValue 0x20 handlers across multiple OEM platforms; attackers can corrupt firmware, exfiltrate SMRAM contents, or install persistent implants. With a CVSS score of 7.8 (High) and low attack complexity, this represents a significant firmware security risk, though exploitation requires local access and low privileges.
A security vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local (CVSS 5.1). Remediation should follow standard vulnerability management procedures.
A command injection vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-52950 is a Missing Authorization vulnerability in Juniper Networks Security Director that allows authenticated attackers to read and modify sensitive resources beyond their authorization level through the web interface. This affects Security Director version 24.4.1 and could enable lateral movement and compromise of downstream managed network devices. The vulnerability has a critical CVSS 9.6 score and represents a significant integrity and availability risk, though it requires valid credentials to exploit.
CVE-2025-52089 is a critical remote code execution vulnerability in TOTOLINK N300RB firmware version 8.54, where a hidden remote support feature protected only by a static secret allows authenticated attackers to execute arbitrary OS commands with root privileges. While the CVSS 3.1 score of 8.8 reflects high severity, the attack vector is adjacent network (AV:A), limiting widespread exploitation to network-adjacent attackers. The vulnerability has not been publicly confirmed as actively exploited or included in CISA's Known Exploited Vulnerabilities (KEV) catalog, but the simplistic authentication mechanism (static secret) and hidden feature design suggest high exploitability once discovered.