CVE Brief Security Intelligence

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper

pyLoad is a free and open-source download manager written in Python

Directus is a real-time API and App dashboard for managing SQL database content

Directus is a real-time API and App dashboard for managing SQL database content

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards

Directus is a real-time API and App dashboard for managing SQL database content

Kados R10 GreenBee is vulnerable to SQL injection via the menu_lev1 parameter, allowing unauthenticated attackers to execute arbitrary database queries.

Kados R10 GreenBee contains an SQL injection vulnerability in the mng_profile_id parameter, enabling attackers to manipulate database queries.

Kados R10 GreenBee is susceptible to SQL injection via the 'id_to_modify' parameter, allowing unauthorized database query manipulation.

Kados R10 GreenBee is vulnerable to unauthenticated SQL injection via the user2reset parameter, facilitating unauthorized database interaction.

Kados R10 GreenBee contains an SQL injection vulnerability in the language_tag parameter, allowing attackers to manipulate database queries.

Kados R10 GreenBee contains an SQL injection vulnerability in the id_to_delete parameter, enabling unauthorized database query manipulation.

Kados R10 GreenBee is susceptible to SQL injection via the sort_direction parameter, allowing for unauthorized database query manipulation.

Kados R10 GreenBee is vulnerable to SQL injection via the id_project parameter, allowing attackers to manipulate database queries.

Kados R10 GreenBee is susceptible to SQL injection via the filter_user_mail parameter, allowing unauthorized database query manipulation.

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters

A security vulnerability has been identified in the Apache VA MAX software platform.

UniSharp Laravel File Manager v2

Brave CMS is an open-source CMS

OpenSTAManager is an open source management software for technical assistance and invoicing

Core FTP 2 contains an unspecified vulnerability that requires immediate remediation to prevent potential security compromise.

CMSsite 1

C4G Basic Laboratory Information System 3

ChurchCRM is an open-source church management system

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing

Distribution is a toolkit to pack, ship, store, and deliver container content

Brave CMS is an open-source CMS

WeGIA is a Web manager for charitable institutions

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024

A critical security vulnerability exists within the Code-Projects News Website Script that may allow for unauthorized system interaction.

BentoML is a Python library for building online serving systems optimized for AI apps and model inference

curl_cffi is the a Python binding for curl

A flaw has been found in Tenda M3 1

A security flaw has been discovered in Tenda CH22 1

A weakness has been identified in Tenda CH22 1

A flaw has been found in Tenda i12 1

A vulnerability was identified in Tenda CX12L 16

A security flaw has been discovered in Tenda CX12L 16

A weakness has been identified in Tenda CX12L 16

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026

BentoML is a Python library for building online serving systems optimized for AI apps and model inference

Plunk is an open-source email platform built on top of AWS SES

Advance Gift Shop Pro Script 2

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse

GLPI is a free asset and IT management software package

A vulnerability was determined in Tenda CX12L 16

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection

A critical vulnerability has been discovered in the UTT HiPER 1250GW router, potentially allowing for unauthorized system access.

A security vulnerability has been identified in the Belkin F9K1122 router, potentially exposing it to unauthorized interference.

A high-severity vulnerability has been identified in the Belkin F9K1015 router, requiring immediate attention from security administrators.

A security vulnerability has been identified in the Belkin F9K1015 router, necessitating immediate security review and patching.

A security vulnerability has been identified in the Belkin F9K1015, requiring immediate attention to mitigate potential unauthorized access.

A security vulnerability has been identified in the Belkin F9K1015, requiring immediate attention to mitigate potential unauthorized access.

A security flaw has been identified in the Belkin F9K1015, necessitating immediate review and firmware updates.

A security vulnerability has been detected in the Belkin F9K1015, requiring immediate security attention.

A vulnerability has been detected in the Belkin F9K1015, requiring immediate security attention.

A vulnerability in the Mattermost Plugin Legal Hold allows for potential security bypasses in version 1 and earlier.

Homarr is an open-source dashboard

Memory corruption when decoding corrupted satellite data files with invalid signature offsets

R i386 3

River Past Video Cleaner 7

Xlight FTP Server 3

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable

Mobile Next is an MCP server for mobile development and automation

ResourceSpace 8

qdPM 9

PilusCart 1

Ask Expert Script 3

OpenDocMan 1

Vim is an open source, command line text editor

Ferret is a declarative system for working with web data

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists

RealTerm Serial Terminal 2

Twitch Studio version 0

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation

Memory corruption while preprocessing IOCTL request in JPEG driver

Memory corruption while processing a frame request from user

Memory Corruption when retrieving output buffer with insufficient size validation

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory

Memory Corruption when handling power management requests with improperly sized input/output buffers

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection

OpenAirInterface V2

GLPI is a free asset and IT management software package

Distribution is a toolkit to pack, ship, store, and deliver container content

Fedify is a TypeScript library for building federated server apps powered by ActivityPub

fast-jwt provides fast JSON Web Token (JWT) implementation

defu is software that allows uers to assign default properties recursively

ZLMediaKit is a streaming media service framework