Information Disclosure

SourceCodester Open Source Clinic Management System version 1.0 contains a critical SQL injection vulnerability in the /email_config.php file affecting the 'email' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or system compromise. Public disclosure and exploit code availability significantly elevate real-world risk.

Missing authorization vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408 that allows unauthenticated remote attackers to modify critical system settings without any credentials or user interaction. This is a high-severity integrity violation (CVSS 7.5) affecting HR management infrastructure; attackers can alter configurations that may impact payroll, employee records, access controls, and compliance functions. No exploitation complexity is required (AC:L, PR:N), making this vulnerability immediately exploitable in real-world environments.

CVE-2025-48783 is an external control of file name or path vulnerability (CWE-73) in the delete file function of Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408, allowing unauthenticated remote attackers to delete arbitrary files by manipulating file path parameters. The vulnerability has a CVSS score of 7.5 with high integrity impact, enabling attackers to perform unauthorized file deletion without authentication. Exploitation requires only network access and no user interaction, making this a significant threat to organizations using affected HRD system versions.

A remote code execution vulnerability in the download file function of Soar Cloud HRD Human Resource Management System (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.

Critical path traversal vulnerability (CWE-23) that allows unauthenticated remote attackers to read, write, or delete arbitrary files on affected servers with a CVSS score of 9.8. The vulnerability requires no user interaction, has low attack complexity, and grants complete confidentiality, integrity, and availability impact. Without access to KEV status, EPSS scores, POC details, or specific CPE identifiers from the provided data, this appears to be a severe vulnerability affecting multiple server-side products; confirmation of active exploitation status and patch availability requires cross-referencing official vendor security advisories.

CVE-2025-48911 is an improper permission assignment vulnerability in a note sharing module that allows local attackers with user interaction to compromise system availability and potentially access sensitive information. The vulnerability has a CVSS score of 8.2 (High) with a broad scope impact, though specific affected products, patch status, and exploitation telemetry are not provided in the available intelligence sources. Without KEV confirmation or EPSS data, the real-world exploitation risk cannot be definitively assessed, but the local attack vector and user interaction requirement suggest this is less critical than remote, unauthenticated vulnerabilities.

Bypass vulnerability in device management channels that allows unauthenticated attackers on adjacent networks to compromise service confidentiality and cause minor availability impact. The vulnerability affects device management implementations across multiple vendors (specific products require vendor advisories to identify). While no active exploitation in the wild has been confirmed in public KEV databases at time of analysis, the 7.1 CVSS score and high confidentiality impact warrant immediate attention for organizations managing devices on trusted networks.

CVE-2025-48908 is a security vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.

WebAssembly exception handling vulnerability in the arkweb v8 module that prevents proper capture of specific Wasm exception types, potentially allowing attackers to bypass security controls or trigger unexpected application behavior. The vulnerability affects arkweb's V8 integration layer and requires network access but high attack complexity to exploit. While the CVSS score of 8.1 indicates high severity with potential impacts to confidentiality, integrity, and availability, real-world exploitability depends on whether active exploitation or proof-of-concept code exists.

A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

A security vulnerability in for WordPress is vulnerable to Full Path Disclosure in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

A security vulnerability in SystemUI (CVSS 4.8) that allows access. Remediation should follow standard vulnerability management procedures.

IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2024-22330 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Critical information disclosure vulnerability in Microsoft Power Automate that allows unauthenticated remote attackers to expose sensitive information and escalate privileges across a network without requiring user interaction. With a CVSS score of 9.8 and an unauthenticated attack vector, this vulnerability represents an immediate and severe risk to organizations using Power Automate; exploitation is likely being actively pursued given the severity metrics and network-accessible nature of the vulnerability.

A security vulnerability in the GNU C Library (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

A security vulnerability in the GNU C Library (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

A remote code execution vulnerability in A vulnerability classified as critical (CVSS 5.3). Risk factors: public PoC available.

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

A security vulnerability in Next.js applications. In Auth0 Next.js SDK (CVSS 7.7). High severity vulnerability requiring prompt remediation.

A security vulnerability in Deno (CVSS 5.3). Risk factors: public PoC available. Vendor patch is available.

A security vulnerability in FreshRSS (CVSS 4.3). Risk factors: public PoC available. Vendor patch is available.

FreshRSS versions prior to 1.26.2 suffer from an information disclosure vulnerability that allows unauthenticated remote attackers to enumerate server directories and infer installed software versions (such as PHP versions) without requiring privileges or user interaction. This information leakage can be weaponized for reconnaissance to identify additional attack surfaces. The vulnerability has a CVSS 3.1 score of 7.5 (High) with a network attack vector and no complexity barriers, making it trivially exploitable at scale.

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

Man-in-the-middle vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) caused by insufficient SSH host key validation, allowing unauthenticated remote attackers to impersonate NDFC-managed devices and intercept SSH traffic. This vulnerability affects Cisco NDFC deployments and could lead to credential capture and device impersonation with a CVSS score of 8.7 (High). Without confirmed KEV status or public POC availability noted in standard databases, organizations should prioritize patching based on CVSS severity and the network-accessible nature of the vulnerability (AV:N).

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.

CVE-2025-48960 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Path traversal in Airleader MASTER enables reading embedded sensitive data.

Local code execution vulnerability in Delta Electronics CNCSoft-G2 resulting from insufficient file validation when processing user-supplied files. An authenticated local attacker can craft a malicious file that, when opened by a user, executes arbitrary code with the privileges of the affected application. This vulnerability has a CVSS score of 7.3 (High) and requires local access and user interaction, making it a significant risk for organizations deploying CNCSoft-G2 in manufacturing or industrial control environments.

Buffer overflow vulnerability (CWE-787) in Delta Electronics CNCSoft that allows local authenticated users to execute arbitrary code by opening a specially crafted malicious file. The vulnerability requires user interaction (file opening) but results in complete compromise of the affected process with high impact to confidentiality, integrity, and availability. No KEV status, EPSS score, or confirmed active exploitation data is available in the provided intelligence.

Local arbitrary code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. An attacker with local access can craft a malicious file that, when opened by a user, executes arbitrary code with the privileges of the CNCSoft process. With a CVSS score of 7.3 and CWE-787 (Out-of-bounds Write) classification, this represents a significant local privilege escalation risk, though exploitation requires user interaction and local access.

Local privilege escalation vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While the CVSS score of 7.3 is moderate-to-high, the attack requires local access and user interaction, limiting immediate widespread impact; however, the high integrity and confidentiality impact (CWE-787: Out-of-bounds Write) warrants prompt patching.

CVE-2024-13967 is an authentication bypass vulnerability in EIBPORT V3 KNX web server that allows unauthenticated attackers to access sensitive configuration pages through the integrated web interface. Affects EIBPORT V3 KNX and EIBPORT V3 KNX GSM through version 3.9.8. Successful exploitation enables complete compromise of the device including confidentiality, integrity, and availability of configuration settings and potentially the entire KNX installation.

A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remediation should follow standard vulnerability management procedures.

A arbitrary file access vulnerability in ClientProvider in Samsung Internet installed on non-Samsung Device (CVSS 4.9) that allows local attackers. Remediation should follow standard vulnerability management procedures.

A arbitrary file access vulnerability in SyncClientProvider in Samsung Internet installed on non-Samsung Device (CVSS 4.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.

A security vulnerability in Bluetooth (CVSS 4.0) that allows local attackers. Remediation should follow standard vulnerability management procedures.

A security vulnerability in fingerprint trustlet (CVSS 5.2) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.

A security vulnerability in fingerprint trustlet (CVSS 5.2) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

A security vulnerability in ScreenCapture for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

A security vulnerability in ThemeManager (CVSS 5.5) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.

Privilege escalation vulnerability in Zscaler Client Connector for macOS versions prior to 4.2.0.241, caused by improper verification of loaded libraries. A local attacker with standard user privileges can exploit this weakness without user interaction to gain elevated system privileges, potentially compromising system integrity and confidentiality. The CVSS 7.3 score reflects the moderate-to-high severity of local privilege escalation with high impact on confidentiality and integrity.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Rejected reason: Not used. No vendor patch available.

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue.

Auth bypass in DataEase BI tool before 2.10.10.

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in common system directories (/bin, /usr/bin, etc.), allowing local attackers with low privileges to execute arbitrary code via executable files in non-blacklisted directories and achieve full system compromise. The vulnerability affects enterprise AI assistant deployments and has a high CVSS score of 8.8 reflecting significant impact potential; exploitation requires local access but no user interaction.

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue.

A security vulnerability in quequnlong shiyi-blog (CVSS 5.3). Risk factors: public PoC available.

Credential exposure in IBM QRadar Suite 1.10.12.0-1.11.2.0.

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

CVE-2025-1334 is a security vulnerability (CVSS 4.0) that allows web pages. Remediation should follow standard vulnerability management procedures.

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.

Path traversal vulnerability in Python's tarfile module extraction filters that allows attackers to bypass the 'data' and 'tar' filter protections, enabling symlink targets to point outside the extraction directory and permitting modification of file metadata. This affects any application using TarFile.extractall() or TarFile.extract() with filter='data' or filter='tar' on untrusted tar archives, as well as Python 3.14+ users relying on the new 'data' default filter. The vulnerability has a CVSS score of 7.5 (High) with high integrity impact, though exploitation requires an attacker to control the tar archive contents.

CVE-2025-4138 is a security vulnerability (CVSS 7.5) that allows the extraction filter. High severity vulnerability requiring prompt remediation.

Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malformed EHT (Extremely High Throughput) operation information element. An unauthenticated remote attacker can trigger a temporary service disruption by sending a specially crafted beacon frame, affecting WiFi 6E and later devices. With a CVSS score of 7.5 and high availability impact, this vulnerability requires no user interaction and is network-accessible, making it a notable threat to wireless infrastructure and client devices, though there is currently no evidence of active exploitation in the wild.

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoLTE and VoWiFi call processing. When a malicious or malformed RTCP (Real-time Transport Control Protocol) packet is received during an active call, the vulnerable system leaks sensitive information to a network-adjacent attacker without requiring authentication or user interaction. The CVSS 8.2 rating reflects high confidentiality impact with partial availability degradation; exploitation likelihood and real-world activity status require cross-referencing with EPSS and KEV data.

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processing that allows unauthenticated remote attackers to leak sensitive data through malicious goodbye (BYE) RTCP packets. The vulnerability affects multiple VoIP and real-time communication products processing RTCP traffic; attackers can extract confidential information across the network without authentication or user interaction, and may also cause limited availability impact. The high CVSS score of 8.2 reflects the severe confidentiality impact and network-based attack vector, though exploitation complexity is low.

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that occurs when decoding packets with malformed header extensions. An attacker on the network can send specially crafted RTP packets to trigger memory disclosure, potentially exposing sensitive information while also causing minor availability impact. The vulnerability affects multiple implementations of RTP protocol handling across various media processing frameworks and VoIP applications; while there is no confirmed active KEV status or public exploit code documented, the high CVSS score (8.2) combined with network accessibility (CVSS:3.1/AV:N) indicates significant real-world risk to exposed services.

Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs when the CSRC (Contributing Source) count header field is improperly validated, allowing an attacker to read sensitive memory contents. The vulnerability affects any system processing RTP streams with malformed headers and has a high CVSS score of 8.2 due to the combination of high confidentiality impact and network accessibility without authentication; no patch availability, KEV status, EPSS score, or active exploitation details are currently documented.

CVE-2025-49164 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

CVE-2025-49163 is a security vulnerability (CVSS 6.7) that allows booting an arbitrary image. Remediation should follow standard vulnerability management procedures.

CVE-2025-49162 is a security vulnerability (CVSS 6.4) that allows file overwrite. Remediation should follow standard vulnerability management procedures.

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.

tar-fs versions prior to 3.0.9, 2.1.3, and 1.16.5 contain a path traversal vulnerability (CWE-22) that allows attackers to extract tar archives outside the intended directory using specially crafted tarballs. This affects all users of vulnerable tar-fs versions with network-accessible extraction endpoints; the high CVSS 8.7 score reflects the integrity impact and network-accessible attack vector, though no KEV status or widespread public exploits have been confirmed at this time.

Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.

Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.

Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.

A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

A security vulnerability in SignXML (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.

A remote code execution vulnerability in MyBB (CVSS 5.3) that allows attackers. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

MyBB versions prior to 1.8.39 contain a local file inclusion (LFI) vulnerability in the upgrade component due to improper input validation (CWE-22). This vulnerability allows authenticated administrators or unauthenticated attackers with access to an unlocked installer to read arbitrary files from the server filesystem. The vulnerability requires either the installer to be accessible via re-installation or the attacker to have administrative privileges, significantly limiting real-world exploitability despite the CVSS 7.2 score.

A security vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before (CVSS 6.5). Risk factors: public PoC available.

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

Directory Traversal in HPE StoreOnce backup storage software. One of 6 critical CVEs.