CVE Brief Security Intelligence

A high-severity vulnerability has been discovered in the PraisonAI multi-agent teams system.

A security vulnerability has been identified in the PraisonAI multi-agent teams system.

An Insecure Direct Object Reference (IDOR) vulnerability exists in the WCFM – Frontend Manager for WooCommerce plugin for WordPress.

A security vulnerability has been identified in the PraisonAI multi-agent teams system.

A security vulnerability has been discovered in the PraisonAI multi-agent teams system.

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to and including 2.

A high-severity vulnerability in the Electron framework could allow for unauthorized code execution or system compromise in desktop applications.

A high-severity security vulnerability in the Electron framework could facilitate unauthorized access or data compromise in affected desktop applications.

A vulnerability in the Electron framework has been identified that could allow for unauthorized actions within cross-platform desktop applications.

A late-disclosure vulnerability in Hirschmann HiOS devices prior to version 08 poses a high-severity risk to network infrastructure security.

The core-rs-albatross Rust implementation of the Nimiq Proof-of-Stake protocol contains a high-severity vulnerability affecting its consensus mechanism.

A security vulnerability in the Electron framework could allow attackers to perform unauthorized operations in applications built on the platform.

The Text to Speech for WP plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 1.

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'feed_data' parameter.

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'page_title' parameter.

The ProfilePress WordPress plugin is vulnerable to an unauthorized membership payment bypass, potentially allowing users to access restricted content without completing payment.

A vulnerability has been identified in the Electron framework, a platform for cross-platform desktop applications using web technologies.

A security issue has been identified in DokuWiki, a popular open-source wiki software, which could lead to unauthorized system access or data exposure.

A vulnerability has been found in code-projects Simple Laundry System 1

Mesop, a Python-based UI framework, contains a high-severity vulnerability that could allow for unauthorized access or manipulation of web applications.

A security vulnerability has been identified in the itsourcecode Online Enrollment System, which may allow attackers to compromise system integrity.

A security vulnerability has been identified in the MyBB Downloads Plugin, potentially leading to unauthorized access or system impact.

Piwigo, an open-source photo gallery application, contains a security vulnerability that could allow for unauthorized access or site compromise.

VPN Browser+ 1

A vulnerability was found in Tenda AC10 16

A vulnerability was identified in Tenda AC10 16

Cloudreve, a self-hosted file management system, is affected by a security vulnerability that could lead to unauthorized file access or administrative compromise.

A vulnerability in the Amazon Athena ODBC driver's browser-based authentication component allows for OS command injection, potentially leading to unauthorized code execution.

7 Tik 1

Wikipedia 12

OAuthenticator, used with JupyterHub for OAuth2 identity provision, contains a high-severity vulnerability that could allow for unauthorized authentication or privilege escalation.

A security flaw has been discovered in the UTT HiPER 1250GW router, which could allow for unauthorized system compromise.

A high-severity vulnerability has been identified in the Budibase open-source low-code platform that could lead to unauthorized access or system compromise.

A vulnerability in the Budibase platform could allow for unauthorized actions, potentially leading to a breach of the application environment.

Storage credentials are hardcoded in the mobile application and device firmware, allowing unauthorized parties to access stored data.

A security vulnerability has been identified in the Snes9K software, which may expose users to potential system compromise.

10-Strike LANState 8

An issue was discovered in BizTalk360 before version 11 that could allow for unauthorized access or system manipulation within the monitoring environment.

Hirschmann HiLCOS industrial networking devices are affected by a high-severity vulnerability in versions prior to version 8, potentially impacting critical network infrastructure.

Focalboard version 8 is affected by a high-severity vulnerability; however, the product was designated as unsupported at the time the CVE was assigned.

A high-severity vulnerability has been identified in the "prompts" library, potentially impacting applications that utilize this component for user input handling.

A high-severity vulnerability has been identified in the "prompts" component as utilized within Canon products, potentially affecting device security.

Hirschmann HiLCOS Classic Platform switches are affected by a high-severity vulnerability in versions prior to 09, impacting industrial network reliability.

The Amazon Athena ODBC driver contains a high-severity vulnerability due to improper neutralization of special elements in its authentication components.

IObit Advanced SystemCare 10

Spy Emergency build 23

NETGATE Registry Cleaner build 16

Netgate AMITI Antivirus build 23

IObit Malware Fighter 4

Hotspot Shield 6

sheed AntiVirus 2

A high-severity vulnerability exists in Fal products related to prompt handling. The flaw could allow for unauthorized input manipulation or system exploitation.

The "prompts" library, a popular Node.js package for interactive CLI prompts, contains a vulnerability that could lead to improper input handling.

An administrative endpoint is exposed without authentication, allowing remote attackers to access sensitive device management functions.

The Amazon Athena ODBC driver is vulnerable to resource exhaustion due to unlimited resource allocation within its parsing components during data processing.

The Amazon Athena ODBC driver fails to properly validate certificates within its identity provider (IdP) connection components, enabling potential interception.

The Amazon Athena ODBC driver contains insufficient security controls in its browser-based authentication components, potentially allowing for unauthorized session access.

Hirschmann Industrial HiVision version 08

A security flaw has been discovered in Tenda 4G03 Pro up to 1

A security weakness has been identified in the FedML-AI FedML framework, affecting versions up to 0.

A security vulnerability has been identified in Piwigo, an open-source photo gallery application for the web.

A security vulnerability has been identified in the Piwigo photo gallery application, potentially impacting web-based image hosting security.

Emlog is an open source website building system

MyBB Last User's Threads in Profile Plugin 1

Hirschmann Industrial HiVision versions 06