CVE Brief Security Intelligence

The Popup builder with Gamification plugin for WordPress is vulnerable to SQL Injection via REST API endpoints. This allows attackers to execute arbitrary SQL commands.

Azure Arc Elevation of Privilege Vulnerability allows an authenticated attacker to gain higher administrative permissions than intended within the Azure environment.

phpMyChat Plus 1

Azure Functions Information Disclosure Vulnerability allows an attacker to gain unauthorized access to sensitive information, potentially leading to further compromise of the cloud environment.

A flaw in the Certificate Management feature of Cisco Meeting Management allows authenticated attackers to upload files and execute commands with root privileges.

A vulnerability in the text rendering subsystem of Cisco TelePresence CE and RoomOS allows unauthenticated remote attackers to cause a denial of service (DoS) condition.

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion (LFI). This allows attackers to read sensitive files from the server's filesystem.

Mitsubishi Electric FREQSHIP-mini for Windows contains an incorrect default permissions vulnerability, potentially allowing unauthorized local users to gain elevated system privileges.

A security issue was discovered in ingress-nginx where the `nginx

ProficySCADA for iOS 5

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15

Apache Answer is vulnerable to the exposure of Private Personal Information (PPI) to unauthorized actors. This flaw could lead to a breach of user privacy.

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5

A vulnerability was found in itsourcecode Student Management System 1

A vulnerability was determined in itsourcecode Student Management System 1

IBM Aspera Console 3

Autodesk 3ds Max is vulnerable to arbitrary code execution via an Untrusted Search Path flaw when opening a maliciously crafted project directory.

Rockwell Automation Studio 5000 Logix Designer version 30 contains a high-severity vulnerability that could impact industrial control system (ICS) configuration and security.

BartVPN 1 contains a high-severity vulnerability that could allow an attacker to compromise the secure communication channel or escalate privileges on the host system.

Shrew Soft VPN Client 2 is vulnerable to a high-severity security flaw that could lead to local privilege escalation or the compromise of secure network tunnels.

Autodesk 3ds Max is vulnerable to a stack-based buffer overflow when parsing maliciously crafted GIF files, which could lead to arbitrary code execution.

Autodesk 3ds Max is vulnerable to a stack-based buffer overflow when parsing maliciously crafted GIF files, which could lead to arbitrary code execution.

n8n is an open source workflow automation platform

Alist, a file list program powered by Gin and Solidjs, contains a high-severity vulnerability that could lead to unauthorized file access or system compromise.

Axigen Mail Server before 10

jizhiCMS 1

Tanium addressed an improper input validation vulnerability in Deploy

Heap-based buffer overflow vulnerability in the image module

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary

A vulnerability in the 'Compressing' Node.js library could allow for arbitrary file manipulation during the compression or decompression process.

Odin Secure FTP Expert 7

10-Strike Network Inventory Explorer 8

Out-of-bounds write vulnerability in the camera module

UAF concurrency vulnerability in the graphics module

A security flaw in Melange, a tool for building apk packages using declarative pipelines, could allow for unauthorized actions during the build process.

n8n is an open source workflow automation platform

OpenSlides, a web-based presentation and assembly system, is affected by a high-severity vulnerability that could impact the management of agendas and elections.

AutoGPT, an AI agent orchestration platform, is affected by a high-severity vulnerability that could compromise automated workflows. Administrators should refer to vendor advisories for specific details.

Edimax EW-7438RPn-v3 Mini 1

A second high-severity vulnerability has been identified in the Melange apk package builder's declarative pipeline system.

Autodesk 3ds Max is vulnerable to memory corruption when parsing a maliciously crafted RGB file, potentially leading to arbitrary code execution.

Autodesk 3ds Max contains an out-of-bounds write vulnerability when processing maliciously crafted GIF files, which may result in arbitrary code execution.

A maliciously crafted USD file, when loaded into Autodesk Arnold or 3ds Max, triggers an Out-of-Bounds Write vulnerability, potentially leading to arbitrary code execution.

Autodesk 3ds Max is subject to a memory corruption vulnerability when parsing maliciously crafted RGB files, potentially allowing for remote code execution.

A high-severity vulnerability in melange affects how declarative pipelines build apk packages, posing a significant risk to supply chain integrity.

The Godot MCP server, used for interacting with the Godot game engine, contains a vulnerability that could lead to unauthorized interactions or system compromise.

The iccDEV color management libraries are vulnerable to a flaw during the processing of ICC profiles, which could lead to memory corruption or arbitrary code execution.

The iccDEV color management libraries contain a high-severity vulnerability that could be triggered by malformed ICC profiles, leading to system instability or code execution.

A vulnerability in the iccDEV color management libraries could allow an attacker to execute arbitrary code by processing a specially crafted ICC profile.

A critical flaw in the iccDEV libraries and tools allows for potential exploitation during the manipulation and application of ICC color management profiles.

A high-severity security vulnerability exists in Wing FTP Server 6 that could allow an attacker to compromise server integrity. The flaw likely involves improper handling of system resources.

Amiti Antivirus 25 contains a high-severity security flaw that may allow an attacker to bypass security features. This vulnerability could lead to local system compromise.

NETGATE Data Backup 3 is affected by a security vulnerability that could compromise backup data integrity. The flaw is rated high severity due to its potential impact on data availability.

TexasSoft CyberPlanet 6 contains a high-severity security vulnerability that could lead to unauthorized system control. The flaw affects the management capabilities of the software.

Easy-Hide-IP 5 is affected by a high-severity security vulnerability that could result in information disclosure or traffic interception. The flaw undermines the core privacy features of the product.

ProShow Producer 9 contains a high-severity security vulnerability that could lead to arbitrary code execution. This flaw is particularly dangerous when processing specially crafted project files.

NCP Secure Entry Client 9 is affected by a high-severity vulnerability that could compromise VPN tunnel security. This flaw could allow for unauthorized access to internal network resources.

Alps Pointing-device Controller 8 contains a high-severity vulnerability that could allow for local privilege escalation. This flaw resides in the driver-level software.

Garena GCafé 3 is affected by a high-severity security vulnerability that could lead to unauthorized administrative access. The flaw impacts the management of café networks.

Adaware Web Companion version 4 contains a high-severity security vulnerability that could allow for unauthorized system modifications. The flaw affects the software's ability to protect web traffic.

A security vulnerability exists in Wacom WTabletService 6 that could allow for unauthorized actions. The flaw resides in the core service handling tablet input and driver communications.

Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance

A vulnerability in the n8n open-source workflow automation platform could allow for unauthorized access or execution. The flaw affects the core automation engine and its handling of workflow data.

The OpenClaw personal AI assistant contains a high-severity vulnerability that could allow for unauthorized access or system manipulation.

A high-severity vulnerability in apko affects the building and publishing of OCI container images, potentially compromising container security.

Another high-severity vulnerability has been identified in the apko container build tool, impacting the security of OCI image generation.

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service

Apollo Server is vulnerable to a security flaw that may allow unauthorized GraphQL operations or data exposure.

Nsauditor 3

UltraVNC Launcher 1

UltraVNC Viewer 1

ZOC Terminal 7

Edimax EW-7438RPn-v3 Mini 1

pgAdmin versions 9

Open5GS, an open-source implementation for 5G Core and EPC, is affected by a security flaw in versions up to 2. This vulnerability may impact mobile core network stability.

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients