CVE Catalog

A vulnerability exists in the Nextcloud Server and Nextcloud Enterprise Server within specific version ranges, related to the Circles app. The issue arises from a missing access check at the API level, which allows the addition of unknown circles by their ID to other circles. Although the complexity of circle IDs makes this vulnerability difficult to exploit intentionally, there is a possibility of tracking memberships if an ID is obtained from another source. Users are advised to upgrade to the latest versions to address this vulnerability.

A vulnerability in Nextcloud Collectives versions 2.6.0 prior to 4.3.0 allows view-only guests to access deleted pages from the trashbin. This occurs when a collective is shared view-only and previous pages are deleted. The issue has been resolved in version 4.3.0.

A vulnerability in the Nextcloud Files app for Android, versions 33.0.0 prior to 33.1.0, allows users to bypass the app's PIN code lock. After unlocking a locked Android phone, the back button could be used to navigate past the PIN prompt, potentially exposing sensitive files or information.

A vulnerability exists in CloudPirates Open Source Helm Charts GitHub Actions workflows, specifically in 'generate-schema.yaml', prior to commit fcf9302. The issue arises from unsafe handling of credentials during the checkout process, which exposes sensitive information, including a Personal Access Token and an SSH signing key, to fork-controlled code. This vulnerability allows attackers to extract the token from Git credentials and access the SSH key, potentially leading to unauthorized actions such as pushing code, modifying workflows, or forging signed commits.

A vulnerability exists in CloudPirates Open Source Helm Charts within the GitHub Actions workflow 'pull-request.yaml'. Prior to commit fcf9302, this workflow executed code controlled by attackers from forked pull requests in a privileged context. This behavior exposed repository secrets, including Docker Hub credentials and tokens, without requiring approval from maintainers. The issue has been patched in commit fcf9302.

A vulnerability exists in Go Billy, a filesystem abstraction library, in versions prior to 5.9.0 and 6.0.0-alpha.1. Multiple components may mishandle crafted or malformed input, causing panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These problems stem from inadequate validation and the absence of safety mechanisms like cycle detection, recursion limits, or defensive handling of unexpected states when dealing with untrusted repository data and filesystem structures.

A cross-origin WebSocket hijack vulnerability has been identified in Cline Kanban servers, specifically in versions prior to 2.13.0. This vulnerability allows any website visited by a developer to silently connect to the Kanban server's WebSocket endpoints without Origin header validation. As a result, sensitive data can be leaked in real-time, including workspace filesystem paths, task details, git branch information, and AI agent chat messages. Additionally, the vulnerability enables hijacking of active AI agent terminals by injecting prompts, leading to remote code execution. It also allows termination of running agent tasks via a control WebSocket.

A path traversal vulnerability has been identified in the WordPress Classified Listing plugin, specifically in versions through 5.3.8. This vulnerability allows for arbitrary file download, enabling attackers to download any file from the affected website, including sensitive files such as login credentials or backup files.

A DOM-based cross-site scripting vulnerability has been identified in the Liquid Web StellarWP GiveWP plugin, affecting versions through 4.14.5. This issue arises from improper input neutralization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A broken access control vulnerability has been identified in the WP Document Revisions plugin by Ben Balter, affecting versions through 3.8.1. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

A stored cross-site scripting vulnerability has been identified in the myCred WordPress plugin, affecting versions through 3.0.4. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A broken access control vulnerability has been identified in the Themefic Hydra Booking WordPress plugin, affecting versions through 1.1.41. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

An authentication bypass vulnerability has been identified in the WordPress Advanced Access Manager plugin, specifically in versions through 7.1.0. This vulnerability allows for URL encoding to be used to bypass authentication mechanisms within the plugin.

A vulnerability allowing the exposure of sensitive information has been identified in the Logtivity WordPress plugin, specifically in the Activity Logs, User Activity Tracking, and Multisite Activity Log features. This issue affects versions through 3.3.6.

A blind SQL injection vulnerability has been identified in the WP Directory Kit WordPress plugin, affecting versions through 1.5.1. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

A broken access control vulnerability has been identified in the WordPress GeoDirectory plugin, affecting versions through 2.8.157. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A vulnerability exists in European Space Agency (ESA) AnomalyMatch versions prior to 1.3.1, allowing attackers to execute arbitrary code by exploiting unsafe deserialization in the model checkpoint loader. The application loads model files from session directories using torch.load() with unrestricted deserialization, creating a risk when maliciously crafted checkpoint files are introduced into the workflow.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from reachable assert(0) calls in the near-RT RIC's stub message handlers for E2AP message types that are whitelisted but not implemented. A remote, unauthenticated attacker can exploit this vulnerability by sending a decodable E2AP PDU of such a type, such as E2nodeConfigurationUpdate, to crash the near-RT RIC process on port 36421. The message successfully passes whitelist validation but triggers an unconditional assertion failure in the handler, causing the process to abort and terminate the service.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises when the iApp receives an 'E42_RIC_SUBSCRIPTION_REQUEST' with an empty 'ricEventTriggerDefinition' field. The E42 layer decoder incorrectly accepts this as valid, creating a cross-layer validation mismatch. When the request is forwarded to the E2AP encoder, it asserts that the event trigger must be non-empty, causing the iApp process to crash. This vulnerability allows a remote, unauthenticated attacker to exploit the validation gap and terminate the iApp process via a SIGABRT signal, disrupting service.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises when the application receives duplicate E2_SETUP_REQUEST messages from the same or a spoofed E2 node. The iApp registry incorrectly handles duplicate node IDs by using an assertion to enforce uniqueness, rather than rejecting duplicates gracefully. This flaw allows a remote, unauthenticated attacker to crash the iApp process by sending two E2_SETUP_REQUESTs with identical E2 node configurations, causing the application to abort.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from a reachable assertion in the iApp message dispatcher, which validates incoming E2AP messages against a fixed whitelist of nine entries. A remote, unauthenticated attacker can exploit this vulnerability by sending any decodable E2AP Protocol Data Unit (PDU) with a message type not included in the whitelist. This exploitation causes the iApp process to crash by triggering a SIGABRT signal. In common deployments, the iApp and near-RT RIC share a single process, so this crash terminates the entire RIC service, disconnecting all E2 Nodes and xApps.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from hardcoded assertions that validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can exploit this vulnerability by sending a valid E2AP Protocol Data Unit (PDU) with an unexpected number of IEs, such as an E2setupRequest containing extra optional fields. This exploitation causes the near-RT RIC or iApp process to crash by terminating the process with a SIGABRT signal. The vulnerability exists because the decoder asserts exact IE counts instead of validating them against protocol-specified ranges, allowing variations in E2AP messages to be manipulated into causing a process-level crash.

A buffer overflow vulnerability has been identified in OpenSC versions through 0.26.1. This issue resides in the pkcs11-tool component, specifically within the test_kpgen_certwrite function of the pkcs11-tool.c file. The vulnerability allows for a global buffer overflow during key pair generation tests by improperly validating the length of the CKA_ID attribute returned from PKCS#11 tokens or smart cards. This flaw can be exploited remotely, although the attack's complexity is considered high.

A server-side request forgery (SSRF) vulnerability exists in Indrasishbanerjee AEM MCP Server versions prior to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. The vulnerability arises in the 'getAssetMetadata' function within 'src/mcp-server.ts', part of the Axios Request Flow. The issue allows remote attackers to manipulate the 'assetPath' argument, leading to unauthorized outbound requests from the server to an attacker-specified destination.

A command injection vulnerability has been identified in php-censor versions through 2.1.6. This issue resides in the Webhook Endpoint, specifically within the GitBuild model. The vulnerability allows for operating system command injection by manipulating the commitId parameter, which is passed unsanitized into shell commands. This flaw can be exploited remotely, and the injected commands are executed with root privileges in the default Docker deployment.

A vulnerability exists in a4m4 Student-Management-System versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The issue arises in the admin/deleteform.php file, where an unknown function improperly authorizes requests. This vulnerability allows unauthenticated users to delete student records remotely, potentially leading to significant data loss and integrity issues. The admin/updatedata.php script is also affected, allowing unauthorized modifications of student information. The absence of session validation in these scripts means that actions can be performed anonymously, without any logging or traceability.

An authentication bypass vulnerability has been identified in the A4m4 Student Management System in the admin directory. This flaw affects an unknown function within the admin endpoint component, in versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The vulnerability arises because the access control mechanism fails to properly terminate script execution after sending a redirect header. As a result, unauthorized users can access protected pages and administrative functionalities remotely. The issue has been publicly disclosed and exploited.

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-7001 MINI router, in firmware versions through 19.09.19A1. The issue arises in the API component, specifically within the 'httpd_debug.asp' file. The vulnerability is triggered by manipulating the 'Time' parameter, which is not properly validated before being processed by the 'sprintf' function. This oversight allows remote attackers to overflow a fixed-size buffer, potentially leading to arbitrary code execution or a denial-of-service condition.

A vulnerability allowing improper authorization has been identified in Decolua 9router versions through 0.4.0. The issue arises in the HTTP Header Handler component, specifically within the 'isAuthenticated' function of 'src/dashboardGuard.js'. The vulnerability can be exploited remotely by manipulating the 'Host' header, potentially allowing unauthorized access to sensitive API endpoints such as '/api/keys' and '/api/settings'.

A signed integer overflow vulnerability has been identified in Janet programming language, specifically in versions through 1.41.0. The issue arises in the 'unmarshal_one_fiber' function within 'src/core/marsh.c', where an attacker can manipulate serialized data to cause an overflow. This vulnerability can be exploited locally, leading to allocation-size corruption. The issue has been publicly disclosed, and a patch is available.

A heap-based memory corruption vulnerability has been identified in Poppler's Splash backend. This flaw arises from an integer overflow in the 'tilingPatternFill' function, which can be exploited by a remote attacker. When a maliciously crafted PDF file is processed, the overflow causes an undersized heap memory allocation, allowing for an out-of-bounds write. Such exploitation could lead to arbitrary code execution, unauthorized information disclosure, or a denial-of-service condition in the application handling the PDF.

A privilege escalation vulnerability has been identified in Tychon due to its OpenSSL component, which allows an unprivileged user on Windows to control the OPENSSLDIR variable. Tychon includes a privileged service that utilizes this OpenSSL component. By placing a specially-crafted openssl.cnf file in a designated path, a user may execute arbitrary code with SYSTEM privileges.

A critical remote code execution vulnerability has been identified in Disig Web Signer versions 2.0.3 prior to 2.5.3. This vulnerability affects the application on Windows, macOS, and Linux operating systems.

A privilege escalation vulnerability has been identified in the WordPress AIWU plugin, specifically in versions through 1.4.17. This vulnerability allows low-privileged users to escalate their privileges, potentially leading to full control of the website.

A path traversal vulnerability has been identified in the Rocketgenius Gravity Forms WordPress plugin, allowing for arbitrary file deletion. This issue affects versions of Gravity Forms through 2.10.0.1.

A reflected cross-site scripting vulnerability has been identified in the ThimPress LearnPress WordPress plugin, affecting versions through 4.3.6. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A DOM-based cross-site scripting vulnerability has been identified in the WP Statistics plugin by VeronaLabs, affecting versions through 14.16.6. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the site.

A stored cross-site scripting vulnerability has been identified in Lightweight Music Server (LMS) versions through 3.76.0. This vulnerability allows attackers to execute arbitrary JavaScript by embedding malicious HTML into media file metadata tags such as GENRE, ARTIST, or ALBUM. Once a crafted media file is introduced into the victim's library, the malicious payload is saved during the library scanning process. The executed content is rendered in the web interface without proper sanitization, exploiting the vulnerability.

A DOM-based cross-site scripting vulnerability has been identified in the VikBooking Hotel Booking Engine & PMS WordPress plugin, affecting versions through 1.8.8. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A missing authorization vulnerability has been identified in the Tomdever wpForo Forum plugin, affecting versions through 3.0.6. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized users performing actions reserved for higher privileges.

A reflected cross-site scripting vulnerability has been identified in the E2Pdf WordPress plugin, specifically in versions through 1.32.14. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A privilege escalation vulnerability has been identified in the WordPress Contest Gallery Pro plugin, affecting versions through 29.0.1. This vulnerability allows unauthorized users to gain elevated privileges, potentially leading to full control of the website.

A vulnerability in KAMSOFT KS-SOMED exists due to hard-coded credentials that grant unauthorized access to an FTP server hosting the application's update packages. This issue affects KS-SOMED modules 'KSPLUPDFTP.exe' versions prior to 30.00.00.056 and 'ANEKSKLIENT.EXE' versions prior to 29.00.02.026. With the hard-coded credentials, an attacker could upload a malicious update file that might be distributed and installed on client machines as a legitimate update.

A denial-of-service vulnerability has been identified in EURECOM FlexRIC version 2.0.0. The issue arises in the near-RT RIC component when it receives a RIC_SUBSCRIPTION_RESPONSE containing an unknown ric_id without a corresponding pending event. The response handling process, which relies on an assertion to verify the existence of a pending event, fails and causes the application to crash. This vulnerability can be exploited by a remote, unauthenticated attacker who sends a forged RIC_SUBSCRIPTION_RESPONSE over SCTP to port 36421.

A denial-of-service vulnerability has been identified in EURECOM FlexRIC version 2.0.0. The issue arises when an SCTP association is closed before an E2_SETUP_REQUEST is sent, causing the near-RT RIC to crash. This occurs because the RIC expects a mapping between the SCTP association and the E2 node to always be present during the cleanup process. A remote unauthenticated attacker can exploit this vulnerability by completing an SCTP handshake, disconnecting immediately, and without sending any E2AP message, thereby causing the RIC process to terminate.

A vulnerability exists in OpenShift Container Platform that allows non-privileged users to bypass ResourceQuota pod limits. Completed pods with a restartPolicy of 'Never' do not count towards ResourceQuota limits, and Kubernetes events are not scoped to these quotas. This flaw can be exploited by users who can create pods in a namespace, enabling them to generate a large volume of unscoped events that accumulate in etcd. This accumulation causes a degradation in API server performance across the cluster.

A security vulnerability allowing out-of-bounds read has been identified in Janet-lang's Janet programming language, specifically in versions up to 1.41.0. The issue arises in the 'doframe' function within 'src/core/debug.c', where the 'slot_index' from the symbol map is read without proper bounds checking. This flaw can be exploited locally by manipulating the 'slot_index' value in the symbol map, which is populated from untrusted marshaled data. The exploitation of this vulnerability could lead to unauthorized access to adjacent heap memory, potentially causing information disclosure or a denial-of-service condition by crashing the application.

A SQL injection vulnerability exists in the itsourcecode Content Management System version 1.0, specifically within the file /admin/edit_topic.php. The vulnerability arises because the application does not properly sanitize the 'topic_id' parameter, allowing attackers to inject malicious SQL queries. This issue can be exploited remotely, potentially leading to unauthorized database access, data manipulation, and other serious security risks.

A path traversal vulnerability has been identified in WhatsApp MCP version 0.0.1. The issue arises in the SendMessageRequest function within the whatsapp-bridge component, specifically in main.go. The vulnerability allows arbitrary file reads by manipulating the mediaPath argument, which is passed to the os.ReadFile() function without proper validation or sanitization. This exploitation could lead to unauthorized access to sensitive files on the server.

A SQL injection vulnerability has been identified in SourceCodester Computer Repair Shop Management System, specifically in version 1.0. The issue arises in the file '/admin/products/manage_product.php', where the 'id' parameter is not properly validated or sanitized. This flaw allows remote attackers to manipulate the parameter and execute malicious SQL queries, potentially leading to unauthorized data access or modification.