CVE Catalog

A vulnerability in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows improper access control, enabling user-mode processes to interact with the PCTCoreDriver WDM device interface and execute privileged IOCTL handlers. This issue arises because the driver does not implement a secure access control policy, leaving the device interface exposed to unprivileged processes. As a result, a local attacker with the ability to load the affected driver can exploit this vulnerability to perform sensitive operations, such as accessing credentials from lsass.exe or terminating protected processes.

A vulnerability in the Linux kernel's CIFS (Common Internet File System) implementation allows userspace to create keys that bypass kernel-originating input checks. This is achieved by using the request_key or add_key system calls to inject authority-bearing fields, such as process ID, user ID, and upcall target, into the CIFS SPNEGO key descriptions. The CIFS upcall handler then processes these fields as if they originated from the kernel, potentially leading to unauthorized actions or access.

A vulnerability exists in Sulu, an open-source PHP content management system, prior to versions 2.6.23 and 3.0.6. The issue arises because the password reset token and API key generation processes utilize a weak cryptographic hash algorithm. This vulnerability has been addressed in the mentioned versions.

A vulnerability in Nextcloud Forms prior to version 5.2.6 allows users to access form submissions of other users due to a missing permissions check. This issue has been addressed in version 5.2.6.

A vulnerability in Nextcloud Talk prior to versions 21.1.10, 22.0.11, and 23.0.3 allows low-privileged users to mute the microphones of other users during calls, but only when the High-performance Backend is not installed. This issue has been addressed in the mentioned patched versions.

A vulnerability exists in the Nextcloud Team Folders (Groupfolders) application, affecting versions 17.0.0 prior to 17.0.15, 18.0.0 prior to 18.1.12, 19.0.0 prior to 19.1.16, 20.0.0 prior to 20.1.11, and 21.0.0 prior to 21.0.4. The issue allows users with READ and CREATE permissions, but without UPDATE permissions, to rename files in team folders. This bypass of rename restrictions is due to inadequate rule checking in the application's access control list (ACL) management.

A vulnerability exists in Nextcloud's End-to-End Encryption feature, specifically in versions 1.15.0 prior to 1.15.4, 1.16.0 prior to 1.16.3, 1.17.0 prior to 1.17.1, and 1.18.0 prior to 1.18.1. This issue allows a malicious user with access to an encrypted files drop link to inadvertently drop files into other encrypted folders belonging to the share owner. However, this vulnerability does not permit reading or modifying of other files.

A vulnerability exists in Nextcloud Server versions 32.0.0 prior to 32.0.9 and 33.0.0 prior to 33.0.3, as well as in Nextcloud Enterprise Server versions 26.0.0, 27.0.0, 28.0.0, 29.0.0, 30.0.0, 31.0.0, 32.0.0, and 33.0.0. When a malicious user has access to a file share, they can use the share token to access chunked uploads directly, revealing temporary part files of ongoing uploads.

A vulnerability exists in the User OIDC app for Nextcloud, specifically in versions 0.3.0 prior to 3.1.0, 5.0.0 prior to 5.1.0, and 6.0.0 prior to 6.4.0. The issue arises from a missing signature verification in the handling of OpenID Connect (OIDC) user authentication, which allows a malicious ID4me authority to impersonate any user. This vulnerability could lead to unauthorized identification and potentially allow for further exploitation within the application.

A vulnerability exists in the Nextcloud Server and Nextcloud Enterprise Server within specific version ranges, related to the Circles app. The issue arises from a missing access check at the API level, which allows the addition of unknown circles by their ID to other circles. Although the complexity of circle IDs makes this vulnerability difficult to exploit intentionally, there is a possibility of tracking memberships if an ID is obtained from another source. Users are advised to upgrade to the latest versions to address this vulnerability.

A vulnerability in Nextcloud Collectives versions 2.6.0 prior to 4.3.0 allows view-only guests to access deleted pages from the trashbin. This occurs when a collective is shared view-only and previous pages are deleted. The issue has been resolved in version 4.3.0.

A vulnerability in the Nextcloud Files app for Android, versions 33.0.0 prior to 33.1.0, allows users to bypass the app's PIN code lock. After unlocking a locked Android phone, the back button could be used to navigate past the PIN prompt, potentially exposing sensitive files or information.

A vulnerability exists in CloudPirates Open Source Helm Charts GitHub Actions workflows, specifically in 'generate-schema.yaml', prior to commit fcf9302. The issue arises from unsafe handling of credentials during the checkout process, which exposes sensitive information, including a Personal Access Token and an SSH signing key, to fork-controlled code. This vulnerability allows attackers to extract the token from Git credentials and access the SSH key, potentially leading to unauthorized actions such as pushing code, modifying workflows, or forging signed commits.

A vulnerability exists in CloudPirates Open Source Helm Charts within the GitHub Actions workflow 'pull-request.yaml'. Prior to commit fcf9302, this workflow executed code controlled by attackers from forked pull requests in a privileged context. This behavior exposed repository secrets, including Docker Hub credentials and tokens, without requiring approval from maintainers. The issue has been patched in commit fcf9302.

A vulnerability exists in Go Billy, a filesystem abstraction library, in versions prior to 5.9.0 and 6.0.0-alpha.1. Multiple components may mishandle crafted or malformed input, causing panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These problems stem from inadequate validation and the absence of safety mechanisms like cycle detection, recursion limits, or defensive handling of unexpected states when dealing with untrusted repository data and filesystem structures.

A cross-origin WebSocket hijack vulnerability has been identified in Cline Kanban servers, specifically in versions prior to 2.13.0. This vulnerability allows any website visited by a developer to silently connect to the Kanban server's WebSocket endpoints without Origin header validation. As a result, sensitive data can be leaked in real-time, including workspace filesystem paths, task details, git branch information, and AI agent chat messages. Additionally, the vulnerability enables hijacking of active AI agent terminals by injecting prompts, leading to remote code execution. It also allows termination of running agent tasks via a control WebSocket.

A path traversal vulnerability has been identified in the WordPress Classified Listing plugin, specifically in versions through 5.3.8. This vulnerability allows for arbitrary file download, enabling attackers to download any file from the affected website, including sensitive files such as login credentials or backup files.

A DOM-based cross-site scripting vulnerability has been identified in the Liquid Web StellarWP GiveWP plugin, affecting versions through 4.14.5. This issue arises from improper input neutralization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A broken access control vulnerability has been identified in the WP Document Revisions plugin by Ben Balter, affecting versions through 3.8.1. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

A stored cross-site scripting vulnerability has been identified in the myCred WordPress plugin, affecting versions through 3.0.4. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A broken access control vulnerability has been identified in the Themefic Hydra Booking WordPress plugin, affecting versions through 1.1.41. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

An authentication bypass vulnerability has been identified in the WordPress Advanced Access Manager plugin, specifically in versions through 7.1.0. This vulnerability allows for URL encoding to be used to bypass authentication mechanisms within the plugin.

A vulnerability allowing the exposure of sensitive information has been identified in the Logtivity WordPress plugin, specifically in the Activity Logs, User Activity Tracking, and Multisite Activity Log features. This issue affects versions through 3.3.6.

A blind SQL injection vulnerability has been identified in the WP Directory Kit WordPress plugin, affecting versions through 1.5.1. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

A broken access control vulnerability has been identified in the WordPress GeoDirectory plugin, affecting versions through 2.8.157. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A vulnerability exists in European Space Agency (ESA) AnomalyMatch versions prior to 1.3.1, allowing attackers to execute arbitrary code by exploiting unsafe deserialization in the model checkpoint loader. The application loads model files from session directories using torch.load() with unrestricted deserialization, creating a risk when maliciously crafted checkpoint files are introduced into the workflow.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from reachable assert(0) calls in the near-RT RIC's stub message handlers for E2AP message types that are whitelisted but not implemented. A remote, unauthenticated attacker can exploit this vulnerability by sending a decodable E2AP PDU of such a type, such as E2nodeConfigurationUpdate, to crash the near-RT RIC process on port 36421. The message successfully passes whitelist validation but triggers an unconditional assertion failure in the handler, causing the process to abort and terminate the service.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises when the iApp receives an 'E42_RIC_SUBSCRIPTION_REQUEST' with an empty 'ricEventTriggerDefinition' field. The E42 layer decoder incorrectly accepts this as valid, creating a cross-layer validation mismatch. When the request is forwarded to the E2AP encoder, it asserts that the event trigger must be non-empty, causing the iApp process to crash. This vulnerability allows a remote, unauthenticated attacker to exploit the validation gap and terminate the iApp process via a SIGABRT signal, disrupting service.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises when the application receives duplicate E2_SETUP_REQUEST messages from the same or a spoofed E2 node. The iApp registry incorrectly handles duplicate node IDs by using an assertion to enforce uniqueness, rather than rejecting duplicates gracefully. This flaw allows a remote, unauthenticated attacker to crash the iApp process by sending two E2_SETUP_REQUESTs with identical E2 node configurations, causing the application to abort.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from a reachable assertion in the iApp message dispatcher, which validates incoming E2AP messages against a fixed whitelist of nine entries. A remote, unauthenticated attacker can exploit this vulnerability by sending any decodable E2AP Protocol Data Unit (PDU) with a message type not included in the whitelist. This exploitation causes the iApp process to crash by triggering a SIGABRT signal. In common deployments, the iApp and near-RT RIC share a single process, so this crash terminates the entire RIC service, disconnecting all E2 Nodes and xApps.

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from hardcoded assertions that validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can exploit this vulnerability by sending a valid E2AP Protocol Data Unit (PDU) with an unexpected number of IEs, such as an E2setupRequest containing extra optional fields. This exploitation causes the near-RT RIC or iApp process to crash by terminating the process with a SIGABRT signal. The vulnerability exists because the decoder asserts exact IE counts instead of validating them against protocol-specified ranges, allowing variations in E2AP messages to be manipulated into causing a process-level crash.

A buffer overflow vulnerability has been identified in OpenSC versions through 0.26.1. This issue resides in the pkcs11-tool component, specifically within the test_kpgen_certwrite function of the pkcs11-tool.c file. The vulnerability allows for a global buffer overflow during key pair generation tests by improperly validating the length of the CKA_ID attribute returned from PKCS#11 tokens or smart cards. This flaw can be exploited remotely, although the attack's complexity is considered high.

A server-side request forgery (SSRF) vulnerability exists in Indrasishbanerjee AEM MCP Server versions prior to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. The vulnerability arises in the 'getAssetMetadata' function within 'src/mcp-server.ts', part of the Axios Request Flow. The issue allows remote attackers to manipulate the 'assetPath' argument, leading to unauthorized outbound requests from the server to an attacker-specified destination.

A command injection vulnerability has been identified in php-censor versions through 2.1.6. This issue resides in the Webhook Endpoint, specifically within the GitBuild model. The vulnerability allows for operating system command injection by manipulating the commitId parameter, which is passed unsanitized into shell commands. This flaw can be exploited remotely, and the injected commands are executed with root privileges in the default Docker deployment.

A vulnerability exists in a4m4 Student-Management-System versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The issue arises in the admin/deleteform.php file, where an unknown function improperly authorizes requests. This vulnerability allows unauthenticated users to delete student records remotely, potentially leading to significant data loss and integrity issues. The admin/updatedata.php script is also affected, allowing unauthorized modifications of student information. The absence of session validation in these scripts means that actions can be performed anonymously, without any logging or traceability.

An authentication bypass vulnerability has been identified in the A4m4 Student Management System in the admin directory. This flaw affects an unknown function within the admin endpoint component, in versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The vulnerability arises because the access control mechanism fails to properly terminate script execution after sending a redirect header. As a result, unauthorized users can access protected pages and administrative functionalities remotely. The issue has been publicly disclosed and exploited.

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-7001 MINI router, in firmware versions through 19.09.19A1. The issue arises in the API component, specifically within the 'httpd_debug.asp' file. The vulnerability is triggered by manipulating the 'Time' parameter, which is not properly validated before being processed by the 'sprintf' function. This oversight allows remote attackers to overflow a fixed-size buffer, potentially leading to arbitrary code execution or a denial-of-service condition.

A vulnerability allowing improper authorization has been identified in Decolua 9router versions through 0.4.0. The issue arises in the HTTP Header Handler component, specifically within the 'isAuthenticated' function of 'src/dashboardGuard.js'. The vulnerability can be exploited remotely by manipulating the 'Host' header, potentially allowing unauthorized access to sensitive API endpoints such as '/api/keys' and '/api/settings'.

A signed integer overflow vulnerability has been identified in Janet programming language, specifically in versions through 1.41.0. The issue arises in the 'unmarshal_one_fiber' function within 'src/core/marsh.c', where an attacker can manipulate serialized data to cause an overflow. This vulnerability can be exploited locally, leading to allocation-size corruption. The issue has been publicly disclosed, and a patch is available.

A heap-based memory corruption vulnerability has been identified in Poppler's Splash backend. This flaw arises from an integer overflow in the 'tilingPatternFill' function, which can be exploited by a remote attacker. When a maliciously crafted PDF file is processed, the overflow causes an undersized heap memory allocation, allowing for an out-of-bounds write. Such exploitation could lead to arbitrary code execution, unauthorized information disclosure, or a denial-of-service condition in the application handling the PDF.

A privilege escalation vulnerability has been identified in Tychon due to its OpenSSL component, which allows an unprivileged user on Windows to control the OPENSSLDIR variable. Tychon includes a privileged service that utilizes this OpenSSL component. By placing a specially-crafted openssl.cnf file in a designated path, a user may execute arbitrary code with SYSTEM privileges.

A critical remote code execution vulnerability has been identified in Disig Web Signer versions 2.0.3 prior to 2.5.3. This vulnerability affects the application on Windows, macOS, and Linux operating systems.

A privilege escalation vulnerability has been identified in the WordPress AIWU plugin, specifically in versions through 1.4.17. This vulnerability allows low-privileged users to escalate their privileges, potentially leading to full control of the website.

A path traversal vulnerability has been identified in the Rocketgenius Gravity Forms WordPress plugin, allowing for arbitrary file deletion. This issue affects versions of Gravity Forms through 2.10.0.1.

A reflected cross-site scripting vulnerability has been identified in the ThimPress LearnPress WordPress plugin, affecting versions through 4.3.6. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A DOM-based cross-site scripting vulnerability has been identified in the WP Statistics plugin by VeronaLabs, affecting versions through 14.16.6. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the site.

A stored cross-site scripting vulnerability has been identified in Lightweight Music Server (LMS) versions through 3.76.0. This vulnerability allows attackers to execute arbitrary JavaScript by embedding malicious HTML into media file metadata tags such as GENRE, ARTIST, or ALBUM. Once a crafted media file is introduced into the victim's library, the malicious payload is saved during the library scanning process. The executed content is rendered in the web interface without proper sanitization, exploiting the vulnerability.

A DOM-based cross-site scripting vulnerability has been identified in the VikBooking Hotel Booking Engine & PMS WordPress plugin, affecting versions through 1.8.8. This issue arises from improper input sanitization during web page generation, allowing malicious actors to inject and execute scripts on the affected site.

A missing authorization vulnerability has been identified in the Tomdever wpForo Forum plugin, affecting versions through 3.0.6. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized users performing actions reserved for higher privileges.

A reflected cross-site scripting vulnerability has been identified in the E2Pdf WordPress plugin, specifically in versions through 1.32.14. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.