CVE Brief Security Intelligence

A security vulnerability has been identified in Coolify, an open-source tool for managing servers, applications, and databases.

A security vulnerability has been identified in the Coolify platform, an open-source tool used for self-hosting and managing applications and databases.

A type confusion vulnerability in Apple Safari was mitigated through the implementation of improved validation checks.

A use-after-free vulnerability in Apple Safari was addressed by the vendor through improved memory management practices.

A use-after-free vulnerability in Apple Safari was remediated via enhancements to the browser's internal memory management processes.

A security flaw exists in the vscode-java extension used within Red Hat OpenShift Dev Spaces, potentially impacting Java language support environments.

A security vulnerability has been identified in the Coolify self-hosted management platform that may allow for unauthorized system interaction.

A double-free memory corruption vulnerability exists in the libarchive RAR5 reader component within Red Hat Enterprise Linux 10.

A security vulnerability has been identified in the Coolify platform that may affect the security posture of self-hosted managed environments.

A security vulnerability exists in the JavaScript::Minifier::XS library, potentially allowing for arbitrary code execution or memory corruption.

A security vulnerability exists in the JavaScript::Minifier::XS library, potentially allowing for arbitrary code execution or memory corruption.

A high-severity vulnerability has been identified in Home Assistant Core that may allow unauthorized access or impact the security of the local automation environment.

A security vulnerability exists in phpUploader versions prior to 2, potentially allowing for unauthorized system interaction.

Apple Safari contains an input validation vulnerability that may lead to unexpected application behavior.

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to improper file path validation in the unserialize function.

The APCu Manager WordPress plugin contains a vulnerability that may allow unauthorized actions due to insufficient security controls.

A security vulnerability has been identified in the liftoff-sr CIPster software up to commit e8e9dba09bf56962807d3504b783ccdb6287f3e4.

A security vulnerability has been identified in the luci-proto-openvpn package, potentially impacting network security configurations.

Nitter's /video media proxy endpoint is vulnerable to URL validation bypass and HMAC key exposure, allowing unauthenticated attackers to proxy arbitrary content.

A vulnerability in the `rtapi_app` component of LinuxCNC linuxcnc-uspace allows for potential privilege escalation or unauthorized control of the machine controller.

Delta Electronics DTMSoft is vulnerable to an insecure deserialization of untrusted data, which could allow a remote attacker to execute arbitrary code on the host system.

The OpenWrt Luci-app-tailscale-community package is susceptible to command injection, potentially allowing unauthorized system command execution.

The Edimax EW-7478APC wireless access point contains a security vulnerability that may expose the device to unauthorized manipulation.

A security flaw has been identified in the Edimax EW-7478APC wireless access point, potentially impacting device security and administrative integrity.

A security vulnerability has been identified in the Edimax EW-7478APC wireless access point that requires urgent investigation and remediation.

An improper neutralization vulnerability exists within the Snowpark annotation processor callback template in the Snowflake CLI, potentially allowing for code injection.

A security vulnerability has been identified in versions of FrontAccounting prior to 2, necessitating an immediate update to maintain system integrity.

A security flaw exists in the Edimax EW-7478APC router, potentially allowing unauthorized access or system compromise.

A vulnerability has been identified in the Edimax EW-7478APC, requiring immediate attention to prevent potential exploitation.

A vulnerability in the Edimax EW-7478APC has been reported, posing a significant risk to network security.

A relative path traversal vulnerability in libzypp allows attackers to manipulate repository metadata processing.

An OS command injection vulnerability in the AVTECH DGM3103SCT web management console allows authenticated users to execute arbitrary commands with root privileges.

SzafirHost exhibits an archive verification inconsistency between JarFile and JarInputStream parsers, potentially allowing for the execution of malicious native libraries.

Pinpoint is affected by an unspecified security vulnerability that requires urgent attention from administrators.

SigNoz contains a security vulnerability that may allow for unauthorized system interaction or compromise.

RPG MAKER MV and MZ are affected by an unspecified security vulnerability that could impact project files or execution environments.

Snowflake CLI versions prior to 3 contain an improper neutralization vulnerability that could allow attackers to inject malicious content.

The leandrocp MDEx software contains an allocation of resources without limits or throttling vulnerability, which may lead to excessive resource consumption.

The IPv6 Neighbor Discovery handlers in the Zephyr RTOS contain a vulnerability that may lead to memory corruption or instability.

A high-severity vulnerability exists in ruoyi-vue-pro through 2026 that may allow for unauthorized system interaction or compromise.

A high-severity vulnerability in FrontAccounting before version 2 may expose the application to unauthorized access or security bypass.

A high-severity security vulnerability in FrontAccounting before version 2 may facilitate unauthorized system impact or data access.

A vulnerability exists within the agentic coding tool Claude Code that may allow for unauthorized access or code execution.

A security vulnerability has been identified in NLTK version 3 that may lead to potential system compromise.

A directory traversal or unauthorized file access vulnerability exists within the Zephyr HTTP server when using the static-filesystem resource type.

Modoboa versions prior to 2 contain an unspecified security vulnerability that requires immediate attention from system administrators.

The Helix3 plugin for Joomla contains an insecure AJAX handler that allows unauthenticated attackers to perform unauthorized file operations and configuration changes.

A security vulnerability has been identified in fast-uri version 2, which may impact applications relying on this library for URI parsing and processing.

A vulnerability in the libtiff library used within Red Hat Enterprise Linux 10 may allow for memory corruption or arbitrary code execution.

A vulnerability in SourceCodester Class and Exam Timetabling System allows for potential unauthorized access or system compromise.

A vulnerability in SourceCodester Class and Exam Timetabling System may allow for unauthorized system interaction or data exposure.

A security weakness in SourceCodester Inventory Management System could allow for unauthorized system access or data manipulation.

A security weakness has been identified in the code-projects Real State Services application that could potentially lead to system compromise.

A vulnerability has been detected in the itsourcecode Online Hotel Management System that may expose the system to unauthorized access or manipulation.

A security flaw has been found in the itsourcecode Online Hotel Management System, which may allow for unauthorized system interaction.

A security vulnerability has been identified in the itsourcecode Online Hotel Management System, potentially allowing for unauthorized system interaction.

An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the RealMag777 BEAR plugin, allowing for the injection of malicious scripts into web pages.

A broken access control vulnerability in the Swings Wallet System for WooCommerce allows subscriber-level users to perform unauthorized actions.

An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Link Whisper Free plugin, allowing attackers to inject malicious scripts into web pages.

An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Jobify theme/plugin, allowing attackers to inject malicious scripts into web pages.

An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Landing Page Builder plugin, allowing attackers to inject malicious scripts into web pages.

This vulnerability is an unauthenticated Cross-Site Scripting (XSS) flaw in the ARForms plugin, which could allow attackers to execute arbitrary scripts in a user's browser session.

A security vulnerability exists in FrontAccounting versions prior to 2, which may allow for unauthorized access or system compromise.

An unauthenticated vulnerability has been identified in ACL versions prior to 2, potentially allowing attackers to bypass security constraints.

The attr utility before version 2 contains a vulnerability requiring investigation.

The yelp-xsl package contains an overly permissive Content Security Policy (CSP) implementation, potentially leading to security bypasses.

Epiphyt Embed Privacy is affected by a path traversal vulnerability that may allow unauthorized access to sensitive files.

PBackupVSS is impacted by a security vulnerability that poses a high risk to system stability and data integrity.

Gigamon GVOS v5 contains a vulnerability that may expose the system to unauthorized access or operational disruption.