CVE Brief Security Intelligence

The Hono web application framework is affected by a high-severity vulnerability that could impact any JavaScript runtime environment it supports.

WPGraphQL provides a GraphQL API for WordPress sites

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5

A vulnerability in the SNMP subsystem of Cisco Nexus 9000 Series switches could allow an authenticated attacker to cause a denial of service condition.

A vulnerability in the EVPN Layer 2 ingress packet processing of Cisco Nexus switches allows an adjacent attacker to trigger a disruptive Layer 2 traffic loop.

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUF_Admin_Settings::check_filetype_and_ext' function and in the 'Admin_Tools::check_filetype_and_ext' function in all versions up to, and including, 4

A privilege escalation vulnerability in Cisco Catalyst SD-WAN Manager allows an authenticated, local attacker with low-level privileges to gain root access to the underlying operating system.

WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1

The minimatch library, a JavaScript utility for glob matching, is vulnerable to a flaw that could result in application instability or unauthorized processing of malicious expressions.

A second high-severity vulnerability in the minimatch JavaScript library could lead to system resource exhaustion or security bypasses when processing glob expressions.

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6

VMware Aria Operations contains a command injection vulnerability that could allow an attacker to execute arbitrary commands on the affected system.

VMware Aria Operations contains a stored cross-site scripting vulnerability

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device

A flaw has been found in itsourcecode School Management System 1

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research

OpenEMR is a free and open source electronic health records and medical practice management application

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1

LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research

OpenEMR is a free and open source electronic health records and medical practice management application

A vulnerability was found in Tenda F453 1

A vulnerability was determined in Tenda F453 1

A vulnerability was identified in Tenda F453 1

A security flaw has been discovered in Tenda F453 1

A weakness has been identified in Tenda F453 1

rldns is an open source DNS server

FreeRDP is a free implementation of the Remote Desktop Protocol

FreeRDP is a free implementation of the Remote Desktop Protocol

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16

hoppscotch is an open source API development ecosystem

The installer of FinalCode Client provided by Digital Arts Inc

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14

telnetd in GNU inetutils through 2

Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing

Deserialization of untrusted data in the LanguageModel class of Flair from versions 0

Buffer overflow in parallel HNSW index build in pgvector 0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection

In JetBrains YouTrack before 2025

OpenEMR is a free and open source electronic health records and medical practice management application

Zed, a code editor, has an extension installer allows tar/gzip downloads

Agenta is an open-source LLMOps platform

Agenta is an open-source LLMOps platform

Initiative is a self-hosted project management platform

esm

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via Code Injection (CAPEC-242)

A vulnerability exists in Copeland XWEB Pro version 1

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts

OpenEMR is a free and open source electronic health records and medical practice management application

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies

Golioth Pouch version 0

Initiative is a self-hosted project management platform

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

An OS command injection vulnerability exists in XWEB Pro version 1

In OCaml before 4

The installer of FinalCode Client provided by Digital Arts Inc

An issue in fastCMS before v

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models

Plane is an an open-source project management tool

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd

Koa is middleware for Node

Discourse is an open source discussion platform

Discourse is an open source discussion platform

Umbraco Engage is a business intelligence platform

Initiative is a self-hosted project management platform

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests

Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies

A vulnerability was identified in z-9527 admin 1

Vikunja is an open-source self-hosted task management platform