CVE Brief Security Intelligence

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and including, 1

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() function in all versions up to, and including, 3

Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data

A security flaw has been discovered in PHPGurukul User Management System 1

A vulnerability was found in PHPGurukul Online Course Registration 3

A vulnerability was determined in PHPGurukul Small CRM 4

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally

The CBIS/NCS Manager API is vulnerable to an authentication bypass

An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user

The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint

A security flaw has been discovered in D-Link DIR-825 up to 2

A command injection vulnerability in COMFAST CF-XR11 (firmware V2

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network settings or modifying users' access to the device

Hardcoded credentials in default configuration of PPress 0

Server-side template injection (SSTI) vulnerability in PPress 0

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties

An issue was discovered in PPress 0

Mattermost versions 10

A vulnerability was found in whuan132 AIBattery up to 1

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication

An issue was discovered in Tenda AC6 US_AC6V1

AliasVault is a privacy-first password manager with built-in email aliasing

Parameters are not validated or sanitized, and are later used in various internal operations

Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal

StorageGRID (formerly StorageGRID Webscale) versions prior to 11

A vulnerability was identified in SourceCodester Hotel Reservation System 1

A weakness has been identified in itsourcecode Online Discussion Forum 1

A security vulnerability has been detected in itsourcecode Online Discussion Forum 1

A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1

A vulnerability was determined in itsourcecode Student Information Management System 1

An issue in ClipBucket 5

A vulnerability was found in SourceCodester Responsive E-Learning System 1

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1

LinkAce is a self-hosted archive to collect website links

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON

A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS