CVE Brief Security Intelligence

The Hono web application framework is affected by a high-severity vulnerability that could impact any JavaScript runtime environment it supports.

WPGraphQL provides a GraphQL API for WordPress sites

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the `wpgsi_callBackFuncAccept` and `wpgsi_callBackFuncUpdate` REST API functions in all versions up to, and including, 3

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5

A vulnerability in the SNMP subsystem of Cisco Nexus 9000 Series switches could allow an authenticated attacker to cause a denial of service condition.

The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1

A vulnerability in the EVPN Layer 2 ingress packet processing of Cisco Nexus switches allows an adjacent attacker to trigger a disruptive Layer 2 traffic loop.

A use-after-free vulnerability in the DOM: Core & HTML component could allow for memory corruption and potential code execution via malicious web content.

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0

Dell Wyse Management Suite, versions prior to WMS 5

OpenEMR is a free and open source electronic health records and medical practice management application

A privilege escalation vulnerability in Cisco Catalyst SD-WAN Manager allows an authenticated, local attacker with low-level privileges to gain root access to the underlying operating system.

WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android

Incorrect boundary conditions in the JavaScript: WebAssembly component

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript

A high-severity vulnerability in the Piwigo open-source photo gallery application could allow attackers to compromise the integrity and confidentiality of the web-based application.

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1

The minimatch library, a JavaScript utility for glob matching, is vulnerable to a flaw that could result in application instability or unauthorized processing of malicious expressions.

A second high-severity vulnerability in the minimatch JavaScript library could lead to system resource exhaustion or security bypasses when processing glob expressions.

VMware Aria Operations contains a command injection vulnerability that could allow an attacker to execute arbitrary commands on the affected system.

VMware Aria Operations contains a stored cross-site scripting vulnerability

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device

A vulnerability has been found in itsourcecode Document Management System 1

Dell Wyse Management Suite, versions prior to WMS 5

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research

WWBN AVideo is an open source video platform

OpenEMR is a free and open source electronic health records and medical practice management application

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research

OpenEMR is a free and open source electronic health records and medical practice management application

A security flaw has been discovered in itsourcecode News Portal Project 1

A weakness has been identified in itsourcecode News Portal Project 1

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1

A vulnerability was detected in itsourcecode College Management System 1

A flaw has been found in itsourcecode College Management System 1

A vulnerability has been found in itsourcecode Document Management System 1

A vulnerability was found in itsourcecode News Portal Project 1

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials

A vulnerability was determined in Tenda F453 1

A vulnerability was identified in Tenda F453 1

A security flaw has been discovered in Tenda F453 1

A weakness has been identified in Tenda F453 1

A security vulnerability has been detected in Tenda F453 1

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities

pypdf is a free and open-source pure-python PDF library

rldns is an open source DNS server

FreeRDP is a free implementation of the Remote Desktop Protocol

FreeRDP is a free implementation of the Remote Desktop Protocol

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16

The installer of FinalCode Client provided by Digital Arts Inc

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing

Buffer overflow in parallel HNSW index build in pgvector 0

Use-after-free in the Storage: IndexedDB component

MindsDB, an AI engineering platform, is affected by a high-severity vulnerability that could lead to unauthorized access or platform compromise.

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface

EventSentry versions prior to 6

The SPIP interface_traduction_objets plugin versions prior to 2

In JetBrains YouTrack before 2025

OpenEMR is a free and open source electronic health records and medical practice management application

Zed, a code editor, has an extension installer allows tar/gzip downloads

Agenta is an open-source LLMOps platform

Agenta is an open-source LLMOps platform

OpenEMR is a free and open source electronic health records and medical practice management application

changedetection

esm

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts

Karakeep is a elf-hostable bookmark-everything app

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials

OpenEMR is a free and open source electronic health records and medical practice management application

RustFS is a distributed object storage system built in Rust

OpenEMR is a free and open source electronic health records and medical practice management application

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies

The installer of FinalCode Client provided by Digital Arts Inc

Plane is an an open-source project management tool

Information disclosure, mitigation bypass in the Settings UI component

TOTOLINK X5000R V9

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface

Fiber is an Express inspired web framework written in Go

Wasmtime is a runtime for WebAssembly

Wasmtime is a runtime for WebAssembly

Koa is middleware for Node

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies

A vulnerability was identified in z-9527 admin 1

Vikunja is an open-source self-hosted task management platform

Coturn is a free open source implementation of TURN and STUN Server

Vikunja is an open-source self-hosted task management platform