Information Disclosure

Critical vulnerability in aftermarket KIA-branded smart keyless entry systems (primarily distributed in Ecuador) that use fixed, reusable learning codes for lock/unlock operations, enabling replay attacks to gain unauthorized vehicle access. The vulnerability affects an unknown manufacturer's generic smart key fob transmitter and has a CVSS score of 9.4 with critical impact across confidentiality, integrity, and availability. While KEV status and active exploitation data are not yet confirmed, the trivial nature of replay attacks against static codes and the high CVSS vector suggest significant real-world risk requiring immediate user awareness and manufacturer patching.

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.

OpenC3 COSMOS versions before v6.0.2 contain hardcoded credentials embedded in the Service Account, allowing unauthenticated remote attackers to gain complete system compromise without any user interaction. This critical vulnerability has a CVSS score of 9.8 (critical severity) with a network attack vector, and given the nature of hardcoded credentials in a mission-critical space operations software, real-world exploitation risk is extremely high for organizations still running vulnerable versions.

A security vulnerability in OpenC3 COSMOS (CVSS 7.5) that allows attackers. Risk factors: public PoC available.

A remote code execution vulnerability in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 (CVSS 2.5) that allows an attacker who can conduct a man-in-the-middle attack. Remediation should follow standard vulnerability management procedures.

A arbitrary file access vulnerability in RICOH Streamline NX (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

CVE-2024-38823 is a security vulnerability (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

User enumeration vulnerability affecting web management interfaces where usernames are limited to device identifiers (10-digit numerical values). An unauthenticated remote attacker can enumerate valid user accounts by systematically testing digit sequences, potentially gaining information disclosure and limited system manipulation capabilities. The CVSS 8.6 rating reflects high confidentiality impact, though patch status and active exploitation details require vendor-specific assessment.

A remote code execution vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

A privilege escalation vulnerability in AVEVA PI Connector for CygNet (CVSS 4.4) that allows a miscreant with elevated privileges. Remediation should follow standard vulnerability management procedures.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.

vantage6 servers auto-generate JWT secret keys using UUID1, a predictable algorithm that lacks cryptographic strength, allowing attackers to forge authentication tokens and gain unauthorized access to the privacy-preserving analysis platform. This affects all vantage6 versions prior to 4.11.0 where users have not manually defined a strong JWT secret. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, as attackers can impersonate legitimate users without needing privileges or user interaction.

Critical authentication bypass vulnerability in vantage6 (an open-source federated learning and privacy-enhancing technology framework) that allows attackers with valid authenticated session access to brute-force user passwords through the change password endpoint without rate limiting or account lockout protections. An attacker can enumerate passwords infinitely by calling the password change route repeatedly, receiving detailed error messages indicating password correctness. The vulnerability affects vantage6 versions prior to 4.11 and carries a CVSS score of 9.8 (critical severity).

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

Dell Smart Dock Firmware versions prior to 01.00.08.01 contain an insertion of sensitive information into log file vulnerability (CWE-532) that allows local attackers without privileges to read confidential data through log file access. This is a moderate-to-high severity information disclosure issue (CVSS 7.1) affecting physical/local access scenarios; while not remotely exploitable, the lack of privilege requirements and cross-system scope impact make this a meaningful risk for shared device environments.

CVE-2024-7562 is an elevated privilege vulnerability in InstallShield-generated Standalone MSI installers when multiple InstallScript custom actions are configured. An authenticated local attacker can exploit this to gain high-privilege code execution on the target system. All supported versions (InstallShield 2023 R2, 2022 R2, and 2021 R2) are affected; KEV status and active exploitation data were not provided in available intelligence sources, though the local attack vector and privilege escalation impact suggest moderate real-world risk.

The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files.

CVE-2025-49199 is a security vulnerability (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.

A security vulnerability in application uses a weak password (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.

The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.

Cleartext credential transmission vulnerability where a server accepts authentication methods that transmit credentials over unencrypted channels, allowing network-based attackers to intercept and expose user credentials without requiring authentication or user interaction. The vulnerability affects any server implementation supporting plaintext credential transmission over HTTP or other unencrypted protocols. This is a high-severity confidentiality issue (CVSS 7.5) with network-accessible attack vector and no complexity requirements, making it exploitable by unauthenticated remote attackers through passive network interception.

Critical SQL injection vulnerability in XWiki that allows unauthenticated remote attackers to execute arbitrary SQL queries against Oracle databases by exploiting insufficient validation of native SQL functions (DBMS_XMLGEN, DBMS_XMLQUERY) in Hibernate query processing. The vulnerability affects XWiki versions before 16.10.2, 16.4.7, and 15.10.16, with a CVSS score of 9.8 indicating critical severity and complete compromise of confidentiality, integrity, and availability. This is a pre-authentication remote code execution vector with no user interaction required.

CVE-2025-49189 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

CVE-2025-49188 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

CVE-2025-49187 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures.

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

A information disclosure vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

CVE-2025-49183 is an unencrypted HTTP communication vulnerability in a REST API that exposes all traffic to network-level interception, allowing unauthenticated attackers to gather sensitive information and exfiltrate media files without authentication or user interaction required. The vulnerability affects systems using unencrypted REST API endpoints and carries a CVSS 7.5 score reflecting high confidentiality impact; real-world exploitation risk depends on network positioning and whether the affected API handles sensitive data or privileged operations.

Critical credential exposure vulnerability where admin login credentials and property configuration passwords are embedded directly in source code, enabling unauthenticated remote attackers to gain full administrative access to the affected application. The vulnerability has a CVSS score of 7.5 (High) with a network attack vector requiring no privileges or user interaction. While specific KEV/EPSS data and POC availability are not provided in the input, the presence of hardcoded credentials in source code represents a severe and often easily discoverable weakness that typically sees rapid exploitation once disclosed.

CVE-2025-49181 is an authorization bypass vulnerability in an unspecified API endpoint that allows unauthenticated remote attackers to read sensitive information via HTTP GET requests and modify service configuration (log paths, TCP ports) via HTTP POST requests, potentially causing denial of service. With a CVSS score of 8.6 and network-accessible attack vector requiring no authentication, this vulnerability presents a significant risk to exposed instances; KEV/EPSS/POC status cannot be confirmed from provided data, warranting immediate investigation of affected infrastructure.

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Archive::Unzip::Burst, a Perl module for ZIP file extraction (versions 0.01-0.09), bundles a vulnerable version of the InfoZip library affected by three critical memory corruption vulnerabilities (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141). An unauthenticated remote attacker can exploit these vulnerabilities by crafting a malicious ZIP file to achieve arbitrary code execution with a CVSS score of 9.8, representing critical severity. The vulnerability requires no user interaction or special privileges and can be exploited over the network.

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.

A security vulnerability in CryptX (CVSS 9.8). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Mojolicious::Plugin::CSRF version 1.03 generates CSRF tokens using weak entropy sources (process ID, current time, and a single rand() call hashed with MD5), allowing attackers to predict or brute-force valid CSRF tokens and bypass CSRF protections. This affects Perl web applications using this specific plugin version. The vulnerability is not currently listed in CISA KEV, but the weak randomness makes token prediction feasible without requiring user interaction or high attack complexity.

A security vulnerability in The (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

CVE-2025-0163 is a security vulnerability (CVSS 5.3) that allows a remote attacker. Remediation should follow standard vulnerability management procedures.

CVE-2025-4922 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

A security vulnerability in A password (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.

Rejected reason: CVE-2025-41662 is considered redundant or unnecessary and thus should be withdrawn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CVE-2025-26412 is a security vulnerability (CVSS 6.8) that allows an attacker. Remediation should follow standard vulnerability management procedures.

CVE-2025-29756 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.  This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain. Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a reflected Cross-Site Scripting (XSS) vulnerability in form field handling that allows low-privileged attackers to inject malicious JavaScript. When a victim visits a page containing the vulnerable field with attacker-controlled input, the script executes in their browser context, enabling session hijacking and credential theft. The vulnerability has a CVSS score of 8.7 (High) and requires user interaction but no special privileges beyond basic AEM access.

CVE-2025-26521 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Critical authentication bypass vulnerability in ArchiverSpaApi ASP.NET applications caused by hard-coded JWT signing keys. An unauthenticated remote attacker can forge valid JWT tokens to bypass authentication and gain unauthorized access to protected API endpoints, potentially leading to data exfiltration, modification, or denial of service. The CVSS 8.1 score reflects high confidentiality, integrity, and availability impact, though the attack complexity is rated as high, suggesting some technical prerequisites.

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines - Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

A security vulnerability in External control of file name or path in Windows Security App (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.