Information Disclosure

Information disclosure in wandb OpenUI up to version 1.0/3.5-turb allows authenticated local network attackers to expose sensitive information through error messages in the APIStatusError handler by manipulating the key argument. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification. Attack complexity is low and requires only local network access and low-level privileges.

Ninja Forms plugin for WordPress versions up to 3.14.1 exposes authorization tokens via an insecure callback function in blocks/bootstrap.php, allowing authenticated Contributor-level users and above to access form submission data from arbitrary forms without proper authorization. The vulnerability enables sensitive information disclosure affecting all WordPress installations using the affected plugin versions, with no active exploitation confirmed at time of analysis.

A information disclosure vulnerability in for WordPress is vulnerable to Sensitive Information Exposure in all (CVSS 8.0). High severity vulnerability requiring prompt remediation.

Cookie leakage in Happy DOM JavaScript library (all versions prior to 20.8.9) allows remote attackers to steal authentication cookies across origins when fetch() is invoked with credentials:include. The vulnerability stems from the library incorrectly attaching cookies from the current page origin (window.location) rather than the request target URL, enabling cross-origin cookie exfiltration. EPSS data not available, but exploitation requires no authentication (PR:N) with low complexity (AC:L), making this readily exploitable. Upstream fix available (PR/commit); released patched version not independently confirmed.

The FLIP login page in versions 0.1.1 and prior lacks rate limiting and CAPTCHA protection, enabling unauthenticated remote attackers to conduct brute-force and credential-stuffing attacks against user accounts. The vulnerability affects the Federated Learning and Interoperability Platform, an open-source medical imaging AI training system where users are typically external to host organizations, amplifying the risk of credential reuse. While the CVSS score is low (2.7), the attack vector is network-based, requires no authentication or interaction, and directly enables unauthorized account access with potential integrity impact.

Authentication flow hijacking in Gematik Authenticator (versions <4.16.0) enables remote attackers to impersonate victim users through malicious deep links. This affects a critical healthcare identity provider used across Germany's digital health infrastructure. The vulnerability requires user interaction (clicking a crafted link) but requires no attacker authentication (CVSS AV:N/PR:N/UI:R), enabling complete account takeover with high confidentiality and integrity impact. EPSS data not available; no public exploit identified at time of analysis, though the attack vector's social engineering component makes weaponization straightforward once technical details become public.

Unauthenticated network access to Home Assistant apps bypasses intended Docker isolation on Linux systems, exposing internal services to any device on the local network. Apps configured with host network mode inadvertently bind internal Docker bridge endpoints to the broader LAN without authentication controls, enabling unauthorized access with high confidentiality, integrity, and availability impact (CVSS 9.6). Vendor-released patch available in Home Assistant Supervisor 2026.03.02. No public exploit identified at time of analysis, though exploitation requires only adjacent network access with low attack complexity.

LibreChat versions 0.8.2-rc1 through 0.8.3-rc1 leak OAuth access tokens when authenticated users interact with malicious MCP servers, which can inject credential placeholders into HTTP headers that are automatically substituted with sensitive tokens. An attacker can create a rogue MCP server containing headers like {{LIBRECHAT_OPENID_ACCESS_TOKEN}} to harvest victim credentials during tool execution; the vulnerability is fixed in version 0.8.3-rc2. No public exploit code or CISA KEV listing is documented, but the attack requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact.

Fleet device management software versions prior to 4.81.1 allow malicious enrolled Windows devices to access Mobile Device Management (MDM) commands intended for other devices, potentially disclosing sensitive configuration data including WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. The vulnerability stems from improper authorization controls in Windows MDM command processing, affecting any organization using Fleet for Windows device management. Vendor-released patch: version 4.81.1.

changedetection.io versions up to 0.54.6 leak all server environment variables including password hashes, proxy credentials, and API keys via unrestricted jq filter expressions. Attackers with API access (default: no authentication required) can extract SALTED_PASS, PLAYWRIGHT_DRIVER_URL, HTTP_PROXY, and any secrets passed to the container by creating a watch with 'jqraw:env' as the include filter. Vendor-released patch available in version 0.54.7. No active exploitation confirmed (not in CISA KEV), but a detailed proof-of-concept exists in the GitHub advisory demonstrating full environment variable extraction in three API calls.

Session hijacking in the Model Context Protocol Ruby SDK (mcp gem) allows attackers to intercept Server-Sent Events streams by reusing valid session identifiers. The streamable_http_transport.rb implementation overwrites existing SSE stream objects when a duplicate session ID connects, silently disconnecting legitimate users and redirecting all tool responses and real-time data to the attacker. A proof-of-concept demonstration has been provided showing successful stream hijacking, where the attacker receives confidential tool call responses intended for the victim. Patch available per vendor advisory (release v0.9.2 per references).

SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.

Fleet server memory exhaustion via unbounded request bodies allows unauthenticated denial-of-service against multiple HTTP endpoints. The vulnerability affects Fleet v4 (github.com/fleetdm/fleet/v4) and was responsibly disclosed by @fuzzztf. Attackers can exhaust available memory and force server restarts by sending oversized or repeated HTTP requests to unauthenticated endpoints lacking size limits. No public exploit identified at time of analysis, though the attack mechanism is straightforward given the CWE-770 resource allocation vulnerability class.

WWBN AVideo up to version 26.0 allows authenticated attackers to conduct concurrent balance transfers that exploit a Time-of-Check-Time-of-Use (TOCTOU) race condition in the wallet module, enabling arbitrary financial value multiplication without database transaction protection. An attacker with multiple authenticated sessions can trigger parallel transfer requests that each read the same wallet balance, all pass the sufficiency check independently, but result in only a single deduction while the recipient receives multiple credits. The vulnerability requires local authentication and moderate attacker effort (AC:H) but carries high integrity impact; no public exploit code or active exploitation has been identified at the time of analysis.

Dolibarr Core versions up to 22.0.4 allow authenticated users with minimal privileges to read arbitrary non-PHP files from the server via a Local File Inclusion vulnerability in /core/ajax/selectobject.php. The flaw stems from dynamic file inclusion occurring before authorization checks and a fail-open logic in the access control function, enabling exfiltration of sensitive configuration files, environment variables, and logs. Publicly available exploit code exists, and a vendor patch has been released.

Improper neutralization of directives in dynamically evaluated code within letta-ai letta 0.16.4 allows remote attackers without authentication to manipulate the resolve_type function in letta/functions/ast_parsers.py, resulting in code injection and information disclosure. This vulnerability represents an incomplete fix for CVE-2025-6101, and publicly available exploit code exists that demonstrates remote exploitation with low attack complexity.

Docker daemon privilege validation logic in plugin installation contains a comparison error that allows malicious plugins to bypass approval checks and request unintended privileges, including sensitive device access permissions. The vulnerability affects Docker and Moby (pkg:go/github.com_docker_docker, pkg:go/github.com_moby_moby) across multiple versions, with CVSS 6.8 reflecting high confidentiality and integrity impact. Exploitation requires installation from a malicious plugin source and user interaction during the install prompt, but no active public exploitation has been confirmed.

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Service component, enabling local attackers with low privileges to achieve code execution with elevated privileges through DLL hijacking. Publicly available exploit code exists (Google Drive link in references), and the vendor has not responded to disclosure attempts. While the CVSS score is 7.3, exploitation requires local access, high attack complexity, and is considered difficult to execute, tempering immediate risk for most deployments.

WebSocket token validation bypass in WWBN AVideo versions up to 26.0 allows authenticated attackers to retain permanent real-time access to sensitive connection metadata after account revocation. The verifyTokenSocket() function fails to enforce token expiration despite generating 12-hour timeouts, enabling captured tokens to grant indefinite access to admin-level data including IP addresses, browser fingerprints, and user page locations. Authenticated users (PR:L per CVSS vector) can exploit this to maintain surveillance capabilities even after account deletion or privilege demotion. No public exploit identified at time of analysis.

MLflow's basic-auth authentication system fails to protect tracing and assessment endpoints, enabling any authenticated user with no experiment permissions to read trace metadata and create unauthorized assessments. The vulnerability affects MLflow deployments running with the '--app-name=basic-auth' flag and carries a CVSS score of 8.1 (High) with network-based attack vector requiring low privilege authentication. This vulnerability was reported via the HackerOne bug bounty platform (@huntr_ai) with no public exploit identified at time of analysis.

Undertow's improper handling of HTTP requests with leading whitespace in header lines enables remote, unauthenticated request smuggling attacks (CWE-444) against Red Hat middleware and enterprise products. Attackers can exploit this HTTP standard violation to bypass security controls, access restricted data, or poison web caches across a wide deployment base including JBoss EAP 7/8, Red Hat Fuse 7, Data Grid 8, and RHEL 8/9/10 distributions. The CVSS score of 8.7 with changed scope (S:C) and high attack complexity (AC:H) indicates significant impact potential, though no public exploit identified at time of analysis.

OpenBMB XAgent 1.0.0 exposes sensitive API credentials in log files through improper handling of the api_key argument in the FunctionHandler.handle_tool_call function, allowing remote authenticated attackers with high privileges to disclose confidential information. The vulnerability is classified as information disclosure (CWE-200) with a CVSS score of 5.1 and has publicly available exploit code; however, the vendor has not responded to early disclosure notification.

Wazuh authd daemon contains a heap-buffer overflow vulnerability (CWE-125) triggered by specially crafted input from authenticated remote users, causing memory corruption and denial of service to the authentication daemon. The vulnerability affects all versions of Wazuh (CPE: cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*) and requires authenticated network access to exploit; no public exploit code or active exploitation has been confirmed at this time.

Unauthenticated credential theft in Botpress Twilio integration allows remote attackers to capture plaintext Twilio account credentials (accountSID and authToken) via forged webhook requests. The webhook handler fails to validate X-Twilio-Signature headers and can be tricked into making HTTP requests to attacker-controlled servers with embedded credentials in Authorization headers, enabling full Twilio account compromise. CVSS score of 8.2 reflects high confidentiality impact with low attack complexity and no authentication required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N).

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Grafana publicly exposes direct data-source credentials in public dashboards, allowing authenticated users to retrieve plaintext passwords for all configured direct data-sources regardless of whether those sources are actively referenced in the dashboard itself. Grafana versions affected by CVE-2026-27877 leak sensitive authentication material through an information disclosure vulnerability with a CVSS score of 6.5 (Medium severity). Authenticated attackers with access to public dashboards can extract database passwords, API keys, and other credentials without requiring additional privileges or user interaction. Proxied data-sources are not affected by this vulnerability.

GlobaLeaks whistleblowing platform versions prior to 5.0.89 contain insufficient input validation in the /api/support endpoint, permitting attackers to inject arbitrary URLs into support request emails sent to administrators. This can facilitate phishing attacks, credential harvesting, or social engineering by making malicious links appear to originate from legitimate support communications. Remote attackers without authentication can exploit this vulnerability to craft convincing fraudulent messages to site administrators.

OpenText Identity Manager versions up to 25.2 (v4.10.1) suffer from insecure cache handling that permits remote authenticated users to retrieve another user's session data, resulting in unauthorized information disclosure. An attacker with valid credentials can exploit this cache misconfiguration on both Windows and Linux deployments to access sensitive session information belonging to other authenticated users, compromising confidentiality of user sessions and potentially enabling lateral movement or privilege escalation attacks.

Venueless instances allow authenticated users with 'update world' permissions to exfiltrate chat messages from direct messages or other worlds' channels via a flaw in the reporting feature, provided the attacker can obtain the target channel's internal UUID. This cross-world information disclosure affects Pretix Venueless across versions prior to patching, and exploitability is constrained by the requirement to discover internal identifiers that are not typically exposed to unauthorized users.

Bludit versions prior to 3.17.2 allow attackers to fix a victim's session identifier before authentication, with the session ID persisting unchanged after successful login, enabling authenticated session hijacking via session fixation. The vulnerability affects all Bludit instances below version 3.17.2 and requires local access and user interaction to exploit. No public exploit code or active exploitation has been identified at the time of analysis, though the session fixation mechanism poses a moderate risk in multi-user or shared-access environments.

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.

Dovecot's text conversion script for OOXML attachments unsafely processes zip-style files, allowing authenticated attackers to index unintended system files and contaminate full-text search indexes with sensitive content. Open-Xchange Dovecot Pro is affected. The vulnerability results in information disclosure (CWE-200) with a CVSS score of 4.3 and requires prior authentication; no public exploit identified at time of analysis.

OX Dovecot Pro authentication server becomes disconnected when processing invalid base64 SASL data, causing all concurrent active authentication sessions to fail and enabling denial-of-service attacks against login infrastructure. Unauthenticated remote attackers can trigger this condition with minimal attack complexity by sending malformed base64 sequences to the SASL authentication handler. No public exploit code is currently available, and the vulnerability carries a CVSS score of 5.3 reflecting limited availability impact without confidentiality or integrity compromise.

Spring AI Redis vector store implementations expose sensitive data through unescaped TAG field filter injection in versions 1.0.0-1.0.4 and 1.1.0-1.1.3. Unauthenticated remote attackers can craft malicious filter expressions that bypass query boundaries in RediSearch TAG blocks, allowing extraction of unauthorized information from the vector database (CVSS 7.5 High, C:H). No public exploit identified at time of analysis, though the vulnerability is straightforward to exploit given its low attack complexity (AC:L).

BUFFALO Wi-Fi router products contain hidden debugging functionality that permits authenticated attackers with high-level privileges to execute arbitrary operating system commands remotely. The vulnerability affects an unspecified range of BUFFALO's router lineup and carries a CVSS score of 7.2, requiring high privileges (PR:H) but low attack complexity over the network. No public exploit identified at time of analysis, and EPSS data is not provided in available intelligence.

The cpp-httplib HTTP/HTTPS client library (versions prior to 0.39.0) leaks authentication credentials to arbitrary third-party servers when following cross-origin HTTP redirects. An attacker operating a malicious server can issue a 301/302/307/308 redirect to capture plaintext Basic Auth, Bearer Token, or Digest Auth credentials from the Authorization header. CVSS score of 7.4 reflects high confidentiality and integrity impact with network attack vector and high complexity; no public exploit identified at time of analysis.

Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.

Open WebUI versions prior to 0.8.6 disclose the server's absolute DATA_DIR path to any authenticated non-admin user via unsanitized filename handling in the speech-to-text transcription endpoint, which returns FileNotFoundError messages in HTTP 400 responses. This information disclosure affects all default deployments and requires only user-level authentication to trigger. The vulnerability has been patched in version 0.8.6, and no public exploit code or active exploitation has been identified at time of analysis.

Blog.Admin versions 8.0 and earlier expose sensitive administrator account information through an improper access control vulnerability in the getinfobytoken API endpoint. An attacker possessing a valid authentication token can bypass authorization checks to retrieve confidential administrator credentials and account details, potentially enabling lateral movement or privilege escalation attacks. No public exploit code or active exploitation has been confirmed at the time of analysis.

Pharmacy Product Management System 1.0 fails to validate financial input parameters in the add-stock.php file, permitting attackers to submit negative values for product prices and total costs. This business logic vulnerability corrupts financial records and allows manipulation of inventory asset valuations and procurement cost tracking. Publicly available exploit code exists; however, no CVSS score, EPSS data, or CISA KEV confirmation is available to assess active exploitation frequency.

SourceCodester Pharmacy Product Management System 1.0 fails to enforce inventory constraints in the add-sales.php module, allowing attackers to create sales transactions for quantities that exceed available stock levels. This business logic flaw enables overselling scenarios where the system processes orders without validating stock availability, potentially leading to negative inventory records and operational disruption. Publicly available exploit code exists demonstrating the vulnerability, though no CVSS scoring or active exploitation via CISA KEV has been confirmed.

Incus system container and virtual machine manager versions prior to 6.23.0 allow authenticated users with instance access to read and write arbitrary files as root on the host system through exploitation of pongo2 template processing. The vulnerability (scored CVSS 10.0 critical) stems from a bypassed chroot isolation mechanism that was intended to confine template operations to instance filesystems but instead permits unrestricted host filesystem access. No public exploit identified at time of analysis, though the vulnerability is tagged as Server-Side Template Injection (SSTI) with a GitHub security advisory published.

Incus versions prior to 6.23.0 fail to validate image fingerprints when downloading from simplestreams servers, enabling attackers with local privileges to poison the image cache and potentially cause other tenants to execute attacker-controlled container or virtual machine images instead of legitimate ones. The vulnerability requires local authentication and specific conditions but carries high integrity impact in multi-tenant environments; no active exploitation has been confirmed.

Signature forgery in node-forge npm package (all versions through v1.3.3) allows remote attackers to bypass RSASSA PKCS#1 v1.5 signature verification for RSA keys using low public exponent (e=3). Attackers can construct Bleichenbacher-style forged signatures by injecting malicious ASN.1 content within DigestInfo structures and exploiting missing padding length validation, enabling authentication bypass in systems relying on forge for cryptographic verification. Proof-of-concept code demonstrates successful forgery against forge while OpenSSL correctly rejects the same signature. CVSS score 7.5 (High) with network attack vector, low complexity, and no privileges required. No public exploit identified at time of analysis beyond the research POC.

A security vulnerability in A weakness (CVSS 5.5). Risk factors: public PoC available.

Red Hat OpenShift AI llama-stack-operator permits unauthorized cross-namespace access to Llama Stack service endpoints due to missing NetworkPolicy enforcement, enabling authenticated users in one namespace to view or modify sensitive data in another user's Llama Stack instances. CVSS 8.1 (High) reflects high confidentiality and integrity impact with low-privilege authenticated network access. No public exploit identified at time of analysis, though the authentication bypass weakness (CWE-653) is architecturally straightforward to leverage once cluster access is obtained.

Drupal File (Field) Paths module 7.x prior to 7.1.3 allows authenticated users to disclose other users' private files through filename-collision uploads that manipulate file URI processing, causing hook_node_insert() consumers such as email attachment modules to access incorrect file URIs and bypass access controls on sensitive files. The vulnerability affects the Drupal File (Field) Paths package as confirmed via CPE cpe:2.3:a:drupal:drupal_file_(field)_paths:*:*:*:*:*:*:*:*. No public exploit code or active exploitation data has been identified at the time of analysis.

Malformed DICOM files with non-standard VR types trigger uncontrolled memory allocation in Grassroots DICOM (GDCM) library, enabling remote denial-of-service attacks without authentication. CISA ICS-CERT issued an ICSMA advisory (26-083-01) highlighting impacts to medical imaging systems that rely on GDCM for DICOM parsing. The vulnerability allows heap exhaustion from a single malicious file read operation, with CVSS 7.5 (High severity, network-accessible, no privileges required). No public exploit identified at time of analysis.

An out-of-bounds read vulnerability in the UPnP service of TP-Link TL-WR841N v14 routers enables adjacent network attackers to crash the UPnP daemon without authentication, resulting in denial of service. Affected devices include firmware versions prior to EN_0.9.1 4.19 Build 260303 and US_0.9.1.4.19 Build 260312. Vendor patches are available. No public exploit identified at time of analysis, with CVSS:4.0 scoring 7.1 (High) reflecting adjacent network access requirements and high availability impact.

Improper handling of zero-length input in the libssh ssh_get_hexa() function enables remote denial of service against SSH daemons with GSSAPI authentication enabled and packet-level logging active (SSH_LOG_PACKET or higher verbosity). Unauthenticated remote attackers can trigger a per-connection daemon process crash by sending specially crafted GSSAPI authentication packets containing malformed OID data, affecting Red Hat Enterprise Linux versions 6 through 10 and OpenShift Container Platform 4. CVSS 6.5 (network-accessible, low complexity, partial integrity and availability impact); no public exploit code or active exploitation confirmed at time of analysis.

DataRow.Decode in github.com/jackc/pgproto3/v2 fails to validate field length parameters, allowing a malicious or compromised PostgreSQL server to send a DataRow message with a negative field length that triggers a slice bounds out of range panic in Go applications using this library. Affected applications experience denial of service through unexpected termination when connecting to an untrusted or compromised database server. No public exploit code or active exploitation has been confirmed; however, the attack requires only network access to a PostgreSQL endpoint that the vulnerable application connects to.

Authenticated attackers with low-level privileges can exfiltrate sensitive database information from InvenTree open source inventory management systems prior to version 1.2.6 by abusing unvalidated filter parameters in bulk operation API endpoints. The vulnerability enables blind boolean-based data extraction through Django ORM relationship traversal, achieving high confidentiality impact with changed scope per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (score 7.7). No public exploit identified at time of analysis, and vendor-released patches are available in versions 1.2.6 and 1.3.0.

Keycloak's User-Managed Access (UMA) 2.0 Protection API fails to enforce role-based access control on the permission tickets endpoint, allowing any authenticated user with a resource server client token to enumerate all permission tickets regardless of authorization level. This information disclosure vulnerability affects Red Hat Build of Keycloak across multiple versions and requires valid authentication to exploit, posing a moderate risk to multi-tenant environments where ticket enumeration could expose sensitive access control data. No public exploit code has been identified at time of analysis.

Tandoor Recipes versions prior to 2.6.0 allow unlimited brute-force password guessing attacks against any known username through API endpoints accepting BasicAuthentication headers. While Django AllAuth rate limiting protects the HTML login form (5 attempts per minute per IP), API endpoints completely bypass these controls, enabling high-speed credential stuffing with no account lockout. A proof-of-concept exploit exists and the attack is automatable per SSVC analysis, though no active exploitation is confirmed in CISA KEV.

Statamic CMS versions prior to 5.73.16 and 6.7.2 allow authenticated control panel users with access to Antlers-enabled fields to read sensitive application configuration values through template variable injection, exposing secrets such as API keys and database credentials. The vulnerability requires low-privilege authenticated access and network connectivity to the control panel, with a CVSS score of 6.5 reflecting moderate real-world risk. No public exploit code or active exploitation has been identified at the time of analysis.

Tandoor Recipes versions prior to 2.6.0 fail to strip EXIF metadata from WebP and GIF image uploads, exposing sensitive information such as GPS coordinates, timestamps, and camera details to all users viewing shared recipes. This information disclosure vulnerability affects any user uploading recipe photos, particularly those using modern smartphones that default to WebP format. The vulnerability is fixed in version 2.6.0.

Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.

OpenBao JWT/OIDC authentication with direct callback mode allows remote phishing attacks where attackers can hijack user sessions without confirmation prompts, affecting installations using the direct callback_mode configuration. The vulnerability stems from lack of user interaction requirements during authorization code flow authentication, enabling session fixation attacks where victims visiting attacker-controlled URLs automatically authenticate into the attacker's session. No public exploit identified at time of analysis, though the attack vector is network-based with low complexity requiring only user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). Vendor-released patch: version 2.5.2.

Cross-user data leakage in elixir-nodejs library versions prior to 3.1.4 allows authenticated users to receive sensitive data belonging to other users through a race condition in the worker protocol's request-response handling. The lack of request-response correlation causes stale responses to be delivered to unrelated callers in high-throughput environments, potentially exposing PII, authentication tokens, or private records. No public exploit identified at time of analysis, though the vulnerability is documented in GitHub issue #100 with technical details publicly available.

AVideo password verification API endpoint allows unauthenticated attackers to brute-force video access passwords at network speed with no rate limiting, enabling compromise of password-protected video content across the platform. The vulnerable endpoint pkg:composer/wwbn_avideo returns a boolean confirmation for any password guess without authentication, CAPTCHA, or throttling mechanisms, combined with plaintext password storage and loose equality comparison that further weakens defenses. Publicly available exploit code exists demonstrating rapid password enumeration against any video ID.

Unauthenticated information disclosure in AVideo Scheduler plugin exposes internal infrastructure details, admin-composed email campaigns, and user targeting mappings through three unprotected list.json.php endpoints. Remote attackers without authentication can retrieve all scheduled task callbacks with internal URLs and parameters, complete email message bodies, and user-to-email relationships by issuing simple GET requests. A public proof-of-concept exists demonstrating the vulnerability; patch availability has been confirmed by the vendor.

OpenFGA's condition-based caching mechanism can generate identical cache keys for different authorization check requests, allowing attackers to bypass access controls by triggering cache reuse of previously evaluated decisions. This affects deployments with relations that evaluate conditions and have caching enabled. Organizations should upgrade to OpenFGA v1.13.1 to remediate the cache poisoning vulnerability.

XML Digital Signature validation in the russellhaering/goxmldsig Go library can be bypassed due to a loop variable capture bug affecting versions prior to 1.6.0. Unauthenticated remote attackers can exploit this flaw to manipulate signature validation by crafting XML documents with multiple references in the SignedInfo block, causing the validator to use the wrong reference and accept invalid signatures. The CVSS score of 7.5 reflects high integrity impact with network attack vector and low complexity (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), though no public exploit has been identified at time of analysis.

Out-of-bounds read and write in libpng's ARM/AArch64 Neon-optimized palette expansion allows remote attackers to trigger memory corruption, information disclosure, and denial of service when processing malicious PNG files. libpng versions 1.6.36 through 1.6.55 are affected on ARM platforms with Neon optimization enabled. Version 1.6.56 contains the fix. No public exploit identified at time of analysis, with SSVC framework indicating no active exploitation, non-automatable attack vector, and partial technical impact.

A security vulnerability in versions 1.2.1 (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Mattermost Plugins versions 11.4 and earlier, including 10.11.11.0, fail to validate webhook request timestamps, enabling attackers with high privileges to replay webhook requests and corrupt Zoom meeting state within Mattermost deployments. The vulnerability carries a CVSS score of 2.2 with low attack complexity but requires high-privilege authentication; no public exploit has been identified at time of analysis, and CISA has not flagged this for active exploitation.

Data race conditions in EVerest Core versions before 2026.02.0 allow concurrent access to charging state during phase switching operations, potentially causing integrity violations or service interruptions on affected EV charging systems. An attacker with adjacent network access can trigger the race condition by initiating phase switches during active charging sessions, exploiting the unsafe concurrent execution between the state machine and switching requests. No patch is currently available for this vulnerability.

EVerest charging software stack versions prior to 2026.02.0 contain a data race condition leading to use-after-free memory corruption, triggered by EV plug-in/unplug events and authorization flows (RFID, RemoteStart, OCPP). Unauthenticated physical attackers with high complexity can exploit this to leak sensitive information or cause denial of service on affected charging infrastructure. No public exploit identified at time of analysis.

Concurrent access to an internal event queue in EVerest-core (EV charging software stack) enables remote attackers to corrupt critical data structures when CSMS GetLog or UpdateFirmware requests coincide with EVSE fault events, potentially causing information disclosure, data integrity issues, and high availability impact. The vulnerability affects all versions prior to 2026.02.0, for which a vendor patch is available. SSVC analysis indicates no current exploitation, non-automatable attack surface, and partial technical impact. EPSS data not provided; no public exploit identified at time of analysis.

Mattermost bulk export functionality fails to apply proper file permissions, allowing unprivileged local users on affected servers to read sensitive exported data. Mattermost versions 11.4.0, 11.3.x through 11.3.1, 11.2.x through 11.2.3, and 10.11.x through 10.11.11 are vulnerable (CVE-2026-3113, MMSA-2026-00593). An authenticated local attacker with login credentials can access bulk export files created by other users, leading to unauthorized information disclosure of potentially sensitive team and channel communications. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the vulnerability's automatable nature and low attack complexity warrant prompt patching.

Mattermost's mmctl command-line administration tool fails to sanitize ANSI and OSC escape sequences embedded in user-generated post content, enabling authenticated low-privilege attackers to inject malicious terminal control codes when administrators export or query messages. Exploitation allows screen manipulation, fake prompt injection, and clipboard hijacking against administrators running mmctl commands, potentially leading to secondary code execution if administrators are tricked into running injected commands. CISA SSVC framework indicates no current exploitation, non-automatable attack requiring high complexity and user interaction, but with total technical impact potential.

EVerest EV charging software prior to version 2026.02.0 contains a race condition in concurrent map access that can corrupt internal data structures when EV state-of-charge updates coincide with power meter refreshes and session termination events. Local attackers with physical access to charging equipment can trigger this condition to cause denial of service by crashing the charging system. Patch availability is limited to version 2026.02.0 and later.

EVerest EV charging software versions before 2026.02.0 contain a race condition in std::string handling triggered by concurrent EVCCID updates and OCPP session events, potentially leading to heap-use-after-free and denial of service. Local attackers with physical access to the charging infrastructure can exploit this timing-dependent vulnerability to crash the charging service. A patch is available in version 2026.02.0 or later.

Concurrent access to std::map<std::optional> in EVerest-Core versions prior to 2026.02.0 causes a data race condition that can corrupt container state during simultaneous EV state-of-charge updates, power meter periodic updates, and session termination events, resulting in denial of service of the EV charging stack. EVerest-Core (cpe:2.3:a:everest:everest-core) is the affected product, with patched version 2026.02.0 available. No public exploit code has been identified at time of analysis, and this vulnerability is not confirmed actively exploited; however, the condition is readily triggerable through normal charging operations combining multiple concurrent data sources.

Out-of-bounds vector access in EVerest EV charging software (everest-core versions before 2026.02.0) enables remote unauthenticated attackers to crash the charging station software or corrupt memory by sending crafted UpdateAllowedEnergyTransferModes messages from a Charging Station Management System (CSMS). CVSS 7.5 severity reflects network-accessible denial of service with high availability impact. SSVC assessment indicates no current exploitation and non-automatable attack; no public exploit identified at time of analysis.

Hardcoded credentials in HCL Aftermarket DPC version 1.0.0 enable authenticated low-privilege attackers with user interaction to extract sensitive secrets from source code or insecure repositories, resulting in high confidentiality compromise and complete denial of service. CVSS score 7.3 reflects network-accessible attack requiring low privileges and user interaction. No public exploit identified at time of analysis, with SSVC framework indicating no current exploitation and non-automatable attack characteristics.

HCL Aftermarket DPC version 1.0.0 is vulnerable to unauthenticated file discovery that allows remote attackers to read sensitive files from the system without user interaction beyond a single click, potentially enabling reconnaissance for follow-on attacks. The vulnerability carries a CVSS score of 6.5 (Medium) with high confidentiality impact but no integrity or availability consequences. No public exploit code or active exploitation has been reported at the time of analysis.

HCL Aftermarket DPC discloses sensitive system and software version information through banner responses, enabling attackers to enumerate deployed instances and tailor version-specific exploits. Aftermarket DPC version 1.0.0 is confirmed affected. The vulnerability requires user interaction and high attack complexity but results in partial confidentiality loss; no public exploit has been identified at the time of analysis.

HCL Aftermarket DPC is vulnerable to Cross Domain Script Include (CWE-829) that permits unauthenticated remote attackers to inject and execute malicious external scripts, enabling DOM tampering and theft of session credentials without user interaction. Affected versions include Aftermarket DPC 1.0.0. No public exploit code or active exploitation has been identified at time of analysis, though the attack vector is network-accessible and requires only user interaction (rendering this a moderate-impact integrity threat rather than a critical one).

HCL Aftermarket DPC version 1.0.0 contains a Cross-Origin Resource Sharing (CORS) misconfiguration that permits authenticated attackers with low privileges to access sensitive user information and potentially perform unauthorized actions on behalf of legitimate users through browser-based attacks. The vulnerability requires user interaction (such as social engineering to visit a malicious webpage) and operates within a single security context, limiting its scope to confidentiality impact with no integrity or availability consequences. No public exploit code has been identified at the time of analysis, and the low CVSS score of 2.6 reflects the high attack complexity and limited practical exploitability despite the theoretical risk of data exposure.

HCL Aftermarket DPC versions up to 1.0.0 contain an admin session concurrency vulnerability that allows authenticated attackers with low privileges to hijack or impersonate administrator sessions through exploitation of improper concurrent session handling. The vulnerability requires user interaction and has moderate attack complexity, resulting in partial confidentiality and availability impact. No public exploit has been identified at time of analysis, and CISA has not listed this in the KEV catalog, indicating limited real-world exploitation pressure despite the administrative access implications.

HCL Aftermarket DPC version 1.0.0 discloses internal IP addresses to unauthenticated remote attackers via a high-complexity attack vector requiring user interaction, enabling network reconnaissance but causing no direct confidentiality, integrity, or availability impact. No public exploit code has been identified; CISA has not flagged this vulnerability as actively exploited. While the CVSS score of 3.1 (low) reflects minimal immediate risk, the information disclosure enables attackers to map organizational network topology for follow-on attacks.

HCL Aftermarket DPC version 1.0.0 contains outdated or vulnerable dependencies (CWE-1104) that expose the application to known public exploits, enabling authenticated attackers with low privileges to obtain limited information disclosure. The vulnerability requires user interaction and carries a low CVSS score of 2.6, but represents a supply chain risk where publicly available exploits targeting the embedded libraries could be weaponized against deployments. No public exploit code has been independently confirmed, and CISA has not flagged this for active exploitation.

A SSRF vulnerability in A flaw (CVSS 3.1) that allows the attacker. Remediation should follow standard vulnerability management procedures.

This vulnerability is a memory leak in FreeBSD's TCP stack where the tcp_respond() function fails to properly free allocated memory buffers (mbufs) when challenge ACKs are not sent in response to crafted packets. FreeBSD systems of all versions are affected. An attacker with network access (either on-path with an established connection or able to establish one, or via spoofed packets) can trigger this leak repeatedly by sending specially crafted packets that exceed rate limits, causing heap exhaustion and potential denial of service through resource depletion.

The LeadConnector WordPress plugin before version 3.0.22 contains an authorization bypass vulnerability in a REST API endpoint, allowing unauthenticated attackers to overwrite existing data without authentication. This vulnerability affects an unknown vendor's LeadConnector product and has a publicly available proof-of-concept exploit, making it actively exploitable. The vulnerability enables unauthorized data manipulation, which could compromise business data integrity and customer information stored within the plugin.

The Elementor Website Builder plugin for WordPress contains an authorization bypass vulnerability in the is_allowed_to_read_template() function that incorrectly permits authenticated users with contributor-level privileges to read private and draft template content. Attackers can exploit this through the 'get_template_data' action of the 'elementor_ajax' endpoint by supplying a 'template_id' parameter, resulting in exposure of sensitive template information. The vulnerability affects all versions up to and including 3.35.7 with a CVSS score of 4.3 (low-to-moderate severity) and requires low-complexity exploitation with authenticated access.

Squid prior to version 7.5 contains an out-of-bounds read vulnerability in ICP (Internet Cache Protocol) traffic handling due to improper input validation, classified as CWE-125. Remote attackers can exploit this to leak small amounts of process memory potentially containing sensitive information by sending malformed ICP requests to deployments with explicitly enabled ICP support (non-zero icp_port configuration). The vulnerability affects all versions of Squid before 7.5, and while no CVSS score or EPSS data is currently available, the information disclosure impact and remote attack vector indicate moderate to significant risk for affected deployments.

Daylight Studio FuelCMS v1.5.2 allows remote attackers to exfiltrate password reset tokens through a mail splitting attack, enabling account takeover without authentication. The vulnerability exploits improper handling of email headers during the password reset workflow, permitting attackers to intercept or redirect sensitive reset tokens to attacker-controlled addresses. No public exploit code or active exploitation has been independently confirmed at time of analysis.