CVE Brief Security Intelligence

A out-of-bounds write vulnerability in Fortinet FortiOS 7

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

Adobe Commerce versions 2

Adobe Commerce versions 2

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network

Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5

Nginx UI is a web user interface for the Nginx web server

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network

protobufjs compiles protobuf definitions into JavaScript (JS) functions

Flight is an extensible micro-framework for PHP

Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6

ChurchCRM is an open-source church management system

Dell PowerScale InsightIQ, versions 6

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges

SSL verification is disabled in the DNS Cluster system

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network

HashiCorp Nomad and Nomad Enterprise prior to 2

ERPNext is a free and open source Enterprise Resource Planning tool

ERPNext is a free and open source Enterprise Resource Planning tool

GitLab has remediated an issue in GitLab EE affecting all versions from 18

GitLab has remediated an issue in GitLab EE affecting all versions from 18

GitLab has remediated an issue in GitLab EE affecting all versions from 16

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval

Joomla com_hdwplayer 4

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views &#8211; Display &amp; Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection

Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd

Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd

YetAnotherForum

Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page

The snorkel library thru v0

The snorkel library thru v0

The snorkel library thru v0

The superduper project thru v0

An access issue was addressed with additional sandbox restrictions

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network

AntSword is a cross-platform website management toolkit

SPIP versions prior to 4

Heym before 0

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture

Quark Drive before 0

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system

protobufjs-cli is the command line add-on for protobuf

Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform

vm2 is an open source vm/sandbox for Node

Next

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints

JunoClaw is an agentic AI platform built on Juno Network

vm2 is an open source vm/sandbox for Node

JunoClaw is an agentic AI platform built on Juno Network

JunoClaw is an agentic AI platform built on Juno Network

Atomic Alarm Clock 6

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way

JunoClaw is an agentic AI platform built on Juno Network

ssrfcheck is a library that checks if a string contains a potential SSRF attack

YetAnotherForum

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services

Session Fixation vulnerability allows Session Hijacking via crafted session ID