CVE Brief Security Intelligence

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3

Unsafe deserialization vulnerability in MixPHP Framework 2

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

Unsafe deserialization vulnerability in MixPHP Framework 2

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1

A vulnerability exists in Chartbrew that may allow unauthorized access or impact data integrity due to its direct integration with databases and APIs.

A vulnerability in Chartbrew, an open-source data visualization tool, could potentially be leveraged by attackers to compromise connected data sources.

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation.

An identified vulnerability in Chartbrew may expose connected databases or APIs to unauthorized access or manipulation.

A vulnerability within the Chartbrew web application may allow attackers to exploit its database and API integration features.

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2

The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access

A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file

In Argo CD 3

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi does not properly detect circular references in policy definitions

A weakness has been identified in SourceCodester Advanced School Management System 1

The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization

A vulnerability has been found in SourceCodester Hotel Management System 1

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1

A vulnerability was identified in itsourcecode Electronic Judging System 1

A weakness has been identified in itsourcecode Courier Management System 1

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation

An issue was discovered in OpenStack ironic-python-agent 1

IBM Turbonomic prometurbo agent 8

IBM Langflow Desktop 1

AGL app-framework-binder (afb-daemon) through v19

AGL app-framework-binder (afb-daemon) through v19

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1

A security vulnerability has been detected in libssh2 up to 1

Traefik is an HTTP reverse proxy and load balancer

IBM Langflow Desktop 1

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation

miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1

U-SPEED N300 router V1

Buffer overflow vulnerability in socketcand 0

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1

A vulnerability was detected in code-projects for Plugin 4

A flaw has been found in UTT HiPER 1200GW up to 2

A vulnerability has been found in UTT HiPER 1200GW up to 2

A vulnerability was detected in Totolink NR1800X 9

A security vulnerability has been detected in TRENDnet TEW-821DAP 1

OpenAMP v2025

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function

A heap-based buffer overflow in libnv, caused by improper message size validation, allows for system crashes or potential privilege escalation.

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc

An issue in Krayin CRM v

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library

collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling

An issue was discovered in OpenStack Keystone 13 through 29

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive

SBC codec crash in Wireshark 4

RDP protocol dissector crash in Wireshark 4

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages

An issue in the component DirectIo64

A denial-of-service vulnerability exists in the U-SPEED N300 V1

Weaver (Fanwei) E-cology 9

CryptPad 2025

An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2

An issue was discovered in Vanetza V2X v26

AGL agl-service-can-low-level thru 17

An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus

An issue in Eprosima Micro-XREC-DDS Agent v

An issue in Eprosima Micro-XREC-DDS Agent v

An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers

A security vulnerability in JetBrains IntelliJ IDEA before 2024 may impact system integrity.

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3

A vulnerability has been found in Fujian Apex LiveBOS up to 2

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4

A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0

A vulnerability was detected in Flux159 mcp-game-asset-gen 0

Pallets Click, versions 8

SSCMS v7

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal

AGL agl-service-can-low-level thru 17

Profile import path traversal in Wireshark 4