CVE Catalog

A vulnerability allowing authentication bypass has been identified in Prefect version 3.6.19. The issue arises from improper handling of URL path exemptions for health check probes, which allows unauthenticated access to certain API endpoints. The authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This vulnerability enables an attacker to create resources with names ending in 'health' or 'ready' and access them without authentication. Affected endpoints include those for variables, flows, work pools, work queues, and deployments. This flaw can lead to unauthorized access to sensitive information stored in Prefect Variables, such as API keys and database credentials.

A reflected cross-site scripting vulnerability has been identified in the hiWeb Migration Simple plugin for WordPress, affecting all versions through 2.0.0.1. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if an administrator is tricked into clicking a link.

A stored cross-site scripting vulnerability has been identified in the FPW Category Thumbnails plugin for WordPress, affecting all versions through 1.9.5. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Subscriber-level access or higher to inject arbitrary scripts. These scripts are executed when an administrator accesses the plugin's settings page.

A vulnerability exists in the Route resource of Red Hat OpenShift that allows for controlled injection into the HAProxy configuration. This issue arises from inadequate validation of the spec.path YAML stanza in Route documents, potentially leading to remote code execution.

A reflected cross-site scripting vulnerability has been identified in the Rognone plugin for WordPress, affecting versions through 0.6.2. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link.

A reflected cross-site scripting vulnerability has been identified in the Rognone plugin for WordPress, affecting versions through 0.6.2. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link or performing a similar action.

A stored cross-site scripting vulnerability has been identified in the WP Nano AD plugin for WordPress, affecting all versions through 1.31. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator-level access to inject arbitrary scripts. This vulnerability is present in multi-site installations where unfiltered HTML is disabled.

A vulnerability exists in the Really Simple Security WordPress plugin in versions prior to 9.5.10.1, where the second-factor authentication challenge is not properly enforced in two REST endpoints. This flaw allows an attacker who knows a user's password to bypass the email OTP requirement and gain a WordPress authentication session for that user.

A privilege escalation vulnerability has been identified in the Kirki WordPress plugin, specifically in versions 6.0.0 to 6.0.6. This vulnerability allows unauthenticated attackers to take over user accounts by exploiting the password reset functionality. The plugin improperly validates email addresses, enabling attackers to redirect password reset links intended for other users to their own email accounts.

An authorization bypass vulnerability has been identified in MLflow version 3.9.0 when using basic authentication. The issue arises because the application fails to enforce authorization checks for several Gateway API 'list' endpoints. Specifically, the 'BEFORE_REQUEST_HANDLERS' dictionary does not include necessary entries for 'ListGatewaySecretInfos', 'ListGatewayEndpoints', and 'ListGatewayModelDefinitions'. As a result, any authenticated user can enumerate all gateway secrets, endpoints, and model definitions, exposing sensitive information such as API keys, endpoint configurations, and proprietary model definitions to unauthorized users.

A server-side request forgery (SSRF) vulnerability has been identified in nextlevelbuilder GoClaw versions through 3.11.3. The issue resides in the TTS Configuration Endpoint, specifically within the Import function of the file internal/http/tts_config.go. This vulnerability allows authenticated users with administrative privileges to inject malicious API base URLs, which the application backend subsequently contacts without proper validation. As a result, external attackers can exploit this to interact with internal resources, such as private subnets or cloud metadata services.

A server-side request forgery (SSRF) vulnerability has been identified in DedeCMS version 5.7.88. The issue arises in the base64_decode function within the file download.php, when the Link argument is manipulated. This vulnerability allows for remote exploitation.

A buffer overflow vulnerability has been identified in the UPnP DeletePortMapping() command of the Zyxel VMG4005-B50B router. This vulnerability affects firmware versions through 5.13(ABRL.5.4)C0. An adjacent attacker could exploit this vulnerability to cause a temporary denial-of-service condition, disrupting the UPnP functionality of the device. The issue can only be exploited within a LAN or WLAN environment.

A buffer overflow vulnerability has been identified in the Zyxel VMG4005-B50B router, specifically in the UPnP AddPortMapping() command. This vulnerability affects firmware versions through 5.13(ABRL.5.4)C0. An adjacent attacker could exploit this vulnerability to cause a temporary denial-of-service condition, disrupting the UPnP functionality of the device. The issue can only be exploited within a LAN or WLAN environment.

A stored cross-site scripting vulnerability has been identified in the WordPress plugin 'Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)' in all versions through 4.9. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject arbitrary web scripts into pages. The injected scripts execute when a user accesses the compromised page.

A SQL injection vulnerability has been identified in the Itsourcocode Fees Management System version 1.0. The issue arises in the file '/manage_payment.php', where the 'id' parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, but requires authentication.

A stored cross-site scripting vulnerability has been identified in 1Panel CordysCRM versions through 1.4.1. The issue arises in the ModuleFormController component, specifically within the Save function of the ModuleFormService.java file. The vulnerability allows remote attackers to inject malicious scripts by manipulating the Description argument, which is not properly validated before being saved. This injected script is executed when the form is accessed, leading to a cross-site scripting attack.

A deserialization vulnerability has been identified in FoundationAgents MetaGPT versions through 0.8.2. The issue arises in the Message.check_instruct_content function within metagpt/schema.py. By manipulating the 'mapping' argument, an attacker can execute arbitrary code during the deserialization process. This vulnerability is limited to local execution. The problem has been publicly disclosed, and a proof-of-concept exploit is available.

A race condition vulnerability has been identified in Open5GS versions through 2.7.6, specifically within the AMF component's NGAP Handover functionality. The issue arises in the 'gmm_state_security_mode' function, where the application fails to properly manage concurrent security procedures as mandated by 3GPP specifications. This oversight allows for the simultaneous execution of NAS Security Mode Command and N2 handover procedures, potentially leading to mismatches in security contexts between the network and user equipment. The vulnerability can be exploited remotely, although the attack's complexity is considered high.

A Cross-Site Scripting (XSS) vulnerability has been identified in the GeniexWebView component of the Transsion AI Assistant Lifestyle application, available on Android. This vulnerability exists in all versions of the application and allows remote attackers to execute arbitrary JavaScript in the context of the WebView by crafting a specific web_action_data URL parameter.

A stored cross-site scripting vulnerability has been identified in the Simple Custom Login Page plugin for WordPress, affecting versions through 1.0.3. The issue arises from inadequate input sanitization of color option values in the plugin's settings. These values were registered without a proper sanitization callback and were output into a <style> block on the login page using an incorrect escaping method. This flaw allows authenticated attackers with administrator-level access to inject arbitrary CSS, which is then rendered for all unauthenticated visitors, potentially leading to UI redress and credential phishing attacks.

A local file inclusion vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue arises in the index.php file, where the application fails to properly validate the 'page' parameter. This flaw allows for null byte injection, bypassing file extension restrictions and enabling the inclusion of arbitrary files. The vulnerability can be exploited remotely, potentially leading to information disclosure or even remote code execution through log poisoning.

A local file inclusion vulnerability has been identified in SourceCodester Pizzafy Ecommerce System version 1.0. The issue resides in the admin index.php file, where the page parameter is not properly validated, allowing remote attackers to include files from the server. This vulnerability could be exploited to read sensitive files or, in conjunction with other attacks, execute arbitrary code.

A command injection vulnerability has been identified in the elunez eladmin application, specifically in versions through 2.7. The issue resides in the Application Deployment Module, within the file App.java. The vulnerability allows for remote exploitation by manipulating the uploadPath argument, leading to unauthorized command execution. This flaw stems from inadequate input validation and has been publicly disclosed, with an available exploit.

An authentication bypass vulnerability has been identified in NousResearch hermes-agent versions through 2026.4.23. The issue arises in the Credential Pool Synchronization component, specifically within the _sync_anthropic_entry_from_credentials_file method of agent/credential_pool.py. This vulnerability allows improper authentication by overwriting distinct credential entries with a single token from a global credentials file, thereby merging multiple accounts into one and disrupting expected authorization boundaries. The vulnerability must be exploited locally.

A cross-site scripting (XSS) vulnerability has been identified in CicadasCMS versions prior to commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The issue resides in the Task Scheduling Management Module, specifically within the ScheduleJobController.java file. The vulnerability arises because the '/system/schedule/save' interface does not properly sanitize the 'jobName' parameter, allowing attackers to inject malicious JavaScript. This injected script is stored in the database and executed in the browser when an administrator or a user with relevant permissions accesses the task list or scheduling monitoring page.

A vulnerability exists in the Slider Revolution WordPress plugin, specifically in versions 6.0.0 through 6.7.55 and 7.0.0 through 7.0.14. The issue arises from the plugin's failure to properly verify user authorization for certain actions, enabling authenticated attackers with Contributor-level access or higher to deactivate any active plugin on the site.

A vulnerability allowing sensitive information exposure has been identified in the Slider Revolution plugin for WordPress, specifically in versions 7.0.0 to 7.0.14. The issue arises through the 'slider.get.full' AJAX action, where authenticated attackers with Contributor-level access and above can access sensitive data. This includes raw social media API credentials such as the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook App ID, all of which can be extracted from any configured slider's settings.

A stack-based buffer overflow vulnerability has been identified in Orthanc DICOM Server versions through 1.12.10. The issue arises in the DCMTK Parser component, specifically within the DcmItem::read function of the file FromDcmtkBridge.cpp. The vulnerability can be exploited locally by uploading a DICOM file containing deeply nested sequences, which leads to a stack overflow and crashes the Orthanc process. This vulnerability is particularly severe in clinical environments where Orthanc is used for patient imaging.

A cross-site scripting (XSS) vulnerability has been identified in 1Panel CordysCRM versions through 1.6.2. The issue resides in the 'RequestParamTrimConfig.java' file, where an unknown function fails to properly validate or encode user input, allowing remote exploitation. This vulnerability has been publicly disclosed and can be exploited by injecting malicious JavaScript into the announcement content, which is then executed in the browser of any user who views the announcement.

A SQL injection vulnerability has been identified in the itsourcecode Fees Management System version 1.0. The issue arises in the file '/manage_fee.php', where the 'id' parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, but requires authentication.

A cross-site scripting (XSS) vulnerability has been identified in the itsourcecode Fees Management System version 1.0. The issue arises in the index.php file, where user-supplied input through the 'page' parameter is not properly sanitized before being reflected in the output. This flaw allows attackers to inject and execute arbitrary JavaScript in the context of the user's browser session. The vulnerability can be exploited remotely without authentication, simply by convincing a user to click on a malicious link.

A vulnerability in eLabFTW versions prior to 5.4.2 allows authenticated users to unintentionally access the titles of resources outside their authorized scope through numeric reference searches. While this could lead to unauthorized disclosure of sensitive information if confidential data is included in resource titles, such as project names or patient identifiers, access to the actual protected content remains blocked by authorization checks.

A critical vulnerability exists in Langroid versions prior to 0.63.0, specifically within the SQLChatAgent component. This issue allows for prompt injection that influences SQL execution by the agent. When the agent is granted a database role with code execution or filesystem access privileges, such as PostgreSQL's pg_execute_server_program, MySQL's FILE, or MSSQL's xp_cmdshell, an attacker can manipulate the agent's input to execute harmful commands. This exploitation can lead to remote code execution on the database host by using specific SQL dialect commands, like 'COPY ... FROM PROGRAM'. The vulnerability has been patched in version 0.63.0, which restricts SQLChatAgent to a whitelist of safe SQL operations and blocks dangerous patterns, although the previous unrestricted behavior can be restored for trusted deployments.

A buffer overflow vulnerability has been identified in the Secure Processor area of various chipsets, leading to memory corruption while using Strongbox. This vulnerability allows for local exploitation.

A memory corruption vulnerability has been identified in various chipsets of Qualcomm Snapdragon processors. This issue arises from a missing bounds check when using Strongbox, which can lead to memory corruption. The vulnerability is present in chipsets such as Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, and several others, allowing local attackers to exploit this vulnerability and potentially cause memory corruption.

A vulnerability exists in various chipsets used in Qualcomm products, allowing memory corruption by accessing shared buffers without proper validation of concurrent user-mode input changes. This issue arises from a time-of-check time-of-use (TOCTOU) race condition, where the timing of input modification and buffer access can be manipulated, leading to memory corruption.

A memory corruption vulnerability has been identified in various chipsets of Qualcomm products, including mobile platforms and certain wireless communication chipsets. This vulnerability arises from an out-of-bounds write issue while processing multiple IOCTL commands for escape operations, which could potentially be exploited to cause memory corruption.

A memory corruption vulnerability has been identified in Qualcomm DSP Service while processing IOCTL calls for escape operations. This issue involves an out-of-bounds read, which can lead to memory corruption.

Prior to version 9.3.0, Kiteworks Secure Data Forms contains multiple SQL injection vulnerabilities. These vulnerabilities could be exploited by an authenticated attacker with the FormBuilder role to access or modify other users' form definitions and certain global configuration parameters.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated user to access the metadata of resources belonging to other users, due to inadequate authorization checks on resource ownership.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows authenticated users to modify resources belonging to other users, as the application fails to properly enforce authorization checks on resource ownership. Exploitation of this issue enables users to add arbitrary submissions to forms owned by others.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated user to improperly modify permissions on resources belonging to other users, due to inadequate authorization checks on resource ownership.

A stored cross-site scripting vulnerability has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated attacker to execute arbitrary JavaScript in the sessions of other users, specifically within the Thank You Page configuration.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows an authenticated user to modify resources belonging to other users, due to inadequate authorization checks on resource ownership.

A reflected cross-site scripting vulnerability has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows external attackers to deceive users into executing arbitrary JavaScript code. The issue resides in the logging module, which has since been removed.

An assertion failure vulnerability has been identified in SGLang version 0.5.10.post1, specifically within the Inference HTTP Endpoint component. The issue arises in the 'lora_manager.py' file, where the 'lora_path' argument can be manipulated, leading to a reachable assertion. This vulnerability allows for a denial-of-service condition, as the server becomes unresponsive after the assertion failure. The vulnerability can be exploited remotely, but requires a complex attack strategy.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Online Hospital Management System version 1.0. The issue arises in the file viewdoctortimings.php, where the delid parameter is processed without proper ownership verification. This flaw enables low-privileged users to delete doctor timing records belonging to other doctors. The deletion is executed without session validation, potentially allowing unauthenticated users to perform the action remotely.

A null pointer dereference vulnerability has been identified in ggml-org Whisper.cpp versions prior to 1.8.2. The issue arises in the function whisper_model_load within ggml/src/ggml.c, where the loader fails to validate model parameters before use. This flaw allows a crafted model file to cause an unconditional process abort, creating a potential denial-of-service scenario. The vulnerability requires local exploitation, and a proof-of-concept exploit has been made public.

A SQL injection vulnerability exists in the itsourcecode Fees Management System version 1.0, specifically within the manage_course.php file. The issue arises from improper validation of the 'id' parameter, allowing remote attackers to inject malicious SQL queries. Exploitation of this vulnerability could lead to unauthorized database access, data manipulation, and potential leakage of sensitive information.