CVE Brief Security Intelligence

Google go-attestation contains an improper validation vulnerability regarding index, position, or offset inputs, potentially leading to memory corruption or instability.

Spring Statemachine's persistence backends fail to enforce a class allowlist during deserialization, enabling potential remote code execution.

A vulnerability exists in NocoDB that may allow unauthorized access to database configurations or data.

A vulnerability exists within the Deno JavaScript/TypeScript runtime that may allow for unauthorized system-level interactions.

An improper output neutralization flaw in upKeeper Instant Privilege Access allows for log injection, tampering, or forging by an attacker.

Adobe Acrobat Reader 2020 is subject to a security vulnerability that may allow for unauthorized system impact if exploited by an attacker.

A missing symlink validation vulnerability in Language Servers for AWS allows for arbitrary file writes outside of the intended workspace trust boundary.

The Ultimate Member plugin for WordPress is vulnerable to account takeover via password reset link disclosure.

The Welcome Software Publishing plugin for WordPress is vulnerable to arbitrary options updates, potentially leading to privilege escalation.

A vulnerability in the Infility Global WordPress plugin may allow for unauthorized actions due to insufficient input validation.

Daytona contains a high-severity vulnerability within its infrastructure runtime for AI-generated code execution.

A high-severity security vulnerability exists within the Daytona infrastructure runtime, impacting AI-generated code execution environments.

NetComm NF20MESH routers are vulnerable to authenticated remote code execution via shell metacharacter injection in the username parameter.

The CPython tarfile module fails to handle EOF in streaming mode, allowing attackers to trigger an infinite loop via a malicious archive.

A high-severity vulnerability exists in FasterXML jackson-databind, potentially allowing unauthorized data manipulation or system compromise.

A high-severity security vulnerability in the FasterXML jackson-databind library could allow unauthorized system access through improper data-binding.

A security vulnerability has been identified in the Caddy server platform. The specific technical details regarding the nature of the flaw remain under investigation.

A security vulnerability has been identified in the Caddy server platform. The specific technical details regarding the nature of the flaw remain under investigation.

An authentication bypass vulnerability in NetComm NF20MESH routers allows unauthenticated attackers to gain administrative access via a hardcoded AES-256 key used for session cookies.

A vulnerability in the tarfile module of CPython allows for insecure handling of tar archives.

A denial-of-service vulnerability exists in the Elixir Plug framework's nested-parameter decoder due to inefficient algorithmic complexity.

A security vulnerability exists in OpenRemote software versions prior to 1.0, potentially exposing the system to unauthorized access.

A vulnerability exists within the Traefik HTTP reverse proxy and load balancer that may expose the system to unauthorized access or service disruption.

A security flaw has been identified in the Traefik HTTP reverse proxy that may impact its load balancing and traffic management capabilities.

A security vulnerability in the Traefik reverse proxy and load balancer could potentially be leveraged to compromise protected backend resources.

A security vulnerability has been identified in the n8n workflow automation platform that may allow for unauthorized access or system impact.

A security vulnerability has been identified in the n8n workflow automation platform that could potentially be leveraged to impact system integrity.

Style Dictionary, a build system for creating cross-platform styles, contains a prototype pollution vulnerability starting in version 4.

Langflow contains a critical vulnerability related to the deployment of AI-powered agents and workflows that may allow for unauthorized system interaction.

Revive Adserver 6 contains a vulnerability involving missing input validation during the saving of delivery limitations, which may lead to unauthorized system impacts.

Revive Adserver 6 is susceptible to a vulnerability involving improper validation of user input when saving delivery limitations, potentially allowing for unauthorized system modifications.

The n8n workflow automation platform contains a vulnerability that may allow for unauthorized system interaction or data exposure.

CafePlus by AKIN Software suffers from a missing authentication vulnerability, potentially allowing unauthorized access to critical functions.

A vulnerability in Anthropic’s Claude Desktop Cowork handling of VM images may allow for unauthorized operations or system interference.

Open WebUI contains a high-severity security vulnerability that could potentially allow unauthorized access or system compromise.

Crawl4AI, an open-source web scraping tool, contains a high-severity vulnerability that could be exploited to compromise host system security.

A high-severity vulnerability in the Open WebUI platform could allow unauthorized actors to compromise the security and integrity of the self-hosted AI service.

A security vulnerability has been identified in the n8n workflow automation platform that may allow for unauthorized system interaction.

A security flaw in the Open WebUI platform could allow an attacker to exploit input handling mechanisms, potentially leading to unauthorized operations.

A vulnerability in the Revive Adserver software allows for potential exploitation due to a lack of proper input sanitization in the zone-include function.

A security vulnerability exists in the n8n workflow automation platform that may allow for unauthorized system interaction.

A security vulnerability in the yt-dlp command-line utility may allow for arbitrary code execution or unauthorized system access during media processing.

A high-severity vulnerability in the yt-dlp utility could lead to unauthorized code execution during the processing of media streams.

Flowise versions prior to 3 are susceptible to an unspecified security vulnerability.

Capgo versions prior to 12 are affected by an unspecified vulnerability requiring immediate attention.

FlatPress is vulnerable to stored Cross-Site Scripting (XSS) via comment and contact form fields due to improper output encoding in Smarty templates.

Picklescan contains an unspecified vulnerability that may pose a significant security risk to users of the software.

Picklescan contains an unspecified vulnerability that may pose a significant security risk to users of the software.

Picklescan contains an unspecified vulnerability that may pose a significant security risk to users of the software.

A security vulnerability exists in picklescan that may allow for unauthorized code execution or data manipulation.

Capgo contains a high-severity security vulnerability that could lead to unauthorized system access or data exposure.

Crawl4AI is impacted by a security vulnerability that could permit unauthorized actions, requiring immediate attention from administrators.

A vulnerability in the foreman-mcp-server component of Red Hat Satellite may allow for unauthorized system interaction.

A security flaw in the RTK-AI command output filtering and compression mechanism may lead to improper handling of data sent to LLM contexts.

Language Servers for AWS contain a vulnerability related to improper trust boundary enforcement, potentially allowing unauthorized access.

Open WebUI is a self-hosted artificial intelligence platform that contains an unspecified security vulnerability requiring immediate attention.

A security vulnerability exists in Pivotal CRM that may allow unauthorized access or impact system integrity.