CVE Brief Security Intelligence

OpenSTAManager, an open-source technical assistance and invoicing software, contains a high-severity security vulnerability.

A high-severity vulnerability has been identified in the OpenSTAManager technical assistance and invoicing software.

A high-severity vulnerability has been discovered in the PraisonAI multi-agent teams system.

Improper authentication in the Azure SRE Agent allows an unauthorized network-based attacker to disclose sensitive information.

A security vulnerability has been identified in the PraisonAI multi-agent teams system.

The phpMyFAQ open-source FAQ application contains a vulnerability that could compromise the integrity and security of the web application.

An Insecure Direct Object Reference (IDOR) vulnerability exists in the WCFM – Frontend Manager for WooCommerce plugin for WordPress.

A security vulnerability has been identified in the PraisonAI multi-agent teams system.

A security vulnerability has been discovered in the PraisonAI multi-agent teams system.

Hirschmann HiOS Switch Platform version 09 contains a high-severity vulnerability that affects the security of the network switching infrastructure.

A high-severity vulnerability in the Electron framework could allow for unauthorized code execution or system compromise in desktop applications.

DbGate, a cross-platform database manager, is affected by a high-severity vulnerability that could allow for unauthorized database access or manipulation.

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal.

A high-severity security vulnerability in the Electron framework could facilitate unauthorized access or data compromise in affected desktop applications.

Tinyauth, an authentication and authorization server, contains a high-severity vulnerability that may compromise identity management.

A vulnerability in the Electron framework has been identified that could allow for unauthorized actions within cross-platform desktop applications.

A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in Balena Etcher for Windows prior to version 2, potentially allowing for unauthorized file operations.

The xmldom JavaScript module, used for XML parsing and serialization, contains a high-severity vulnerability that could impact applications relying on this module.

A late-disclosure vulnerability in Hirschmann HiOS devices prior to version 08 poses a high-severity risk to network infrastructure security.

The core-rs-albatross Rust implementation of the Nimiq Proof-of-Stake protocol contains a high-severity vulnerability affecting its consensus mechanism.

A security vulnerability in the Electron framework could allow attackers to perform unauthorized operations in applications built on the platform.

A bug in the handling of POST requests within Apache Traffic Server can trigger a system crash under specific conditions, leading to a denial-of-service.

Apache Traffic Server is vulnerable to HTTP request smuggling when processing malformed chunked transfer-encoding messages.

A security issue has been identified in DokuWiki, a popular open-source wiki software, which could lead to unauthorized system access or data exposure.

A vulnerability has been identified in Projectworlds Car Rental Project 1.0, potentially allowing for unauthorized data access or system manipulation.

A remote attacker can trigger an out-of-bounds read in the C decapsulation path of X-Wing HPKE by supplying a short encapsulated key, potentially causing a crash or memory disclosure.

Rack, the modular Ruby web server interface, is affected by a high-severity vulnerability that could impact the security of Ruby-based web applications.

A security vulnerability has been identified in Rack, a modular Ruby web server interface, which could allow attackers to compromise the integrity of web applications.

A security flaw in the Rack modular Ruby web server interface has been identified, potentially allowing for unauthorized interference with web application processing.

Mesop, a Python-based UI framework, contains a high-severity vulnerability that could allow for unauthorized access or manipulation of web applications.

A security flaw has been discovered in DefaultFuction Content-Management-System 1 that could lead to unauthorized system access or data manipulation.

A weakness in the itsourcecode Online Enrollment System 1 has been identified, potentially exposing sensitive enrollment data to unauthorized parties.

Piwigo, an open-source photo gallery application, contains a security vulnerability that could allow for unauthorized access or site compromise.

An issue discovered in Mbed TLS 3 could compromise the security of encrypted communications, potentially allowing for data decryption or interception.

A vulnerability in OpenSSH versions prior to 10 has been identified, which could allow for unauthorized access or information disclosure during SSH sessions.

A high-severity vulnerability has been identified in Endian Firewall version 3, which could allow attackers to bypass security controls or gain unauthorized access.

A security flaw in Endian Firewall version 3 has been discovered, potentially allowing for remote exploitation and compromise of the firewall appliance.

A critical-range vulnerability has been identified in Endian Firewall version 3, which could be exploited to compromise the network security gateway.

A security vulnerability in Endian Firewall version 3 has been identified, which could allow a remote attacker to compromise the appliance and the network it protects.

A security vulnerability exists in Endian Firewall version 3. This flaw could potentially allow an attacker to compromise the security appliance and gain unauthorized access to the network.

A critical security flaw has been identified in Endian Firewall version 3. If exploited, this vulnerability allows for significant unauthorized operations on the target security appliance.

Endian Firewall version 3 contains a high-severity vulnerability. Attackers may exploit this flaw to gain unauthorized access or cause a denial of service on the firewall device.

The Hirschmann HiSecOS web server version 03 contains a high-severity vulnerability that could allow for unauthorized access or remote code execution.

Cloudreve, a self-hosted file management system, is affected by a security vulnerability that could lead to unauthorized file access or administrative compromise.

A vulnerability in the Amazon Athena ODBC driver's browser-based authentication component allows for OS command injection, potentially leading to unauthorized code execution.

Hirschmann HiSecOS web server version 05 is vulnerable to a high-severity security flaw that could compromise the integrity of the management interface.

A heap overflow vulnerability in Hirschmann HiLCOS web interfaces allows unauthenticated remote attackers to trigger a denial-of-service condition via crafted requests.

Stored API keys in a temporary browser client are not marked as protected, allowing for credential extraction via JavaScript console errors or other system faults.

A high-severity vulnerability has been identified in the TRENDnet TEW-657BRM router, potentially allowing for remote compromise.

A second high-severity security flaw has been discovered in the TRENDnet TEW-657BRM router, increasing the risk of device exploitation.

A memory handling vulnerability exists in the affected software that could allow for unauthorized code execution or system instability through the processing of malformed data.

A high-severity vulnerability involving improper memory handling has been identified, which could lead to arbitrary code execution if exploited by a malicious actor.

An issue in the affected software's memory handling logic has been addressed, which previously allowed for potential system compromise through memory corruption.

OAuthenticator, used with JupyterHub for OAuth2 identity provision, contains a high-severity vulnerability that could allow for unauthorized authentication or privilege escalation.

A vulnerability involving the improper handling of symbolic links (symlinks) could allow an attacker to access or modify files outside of the intended directory.

A high-severity vulnerability has been identified in the Budibase open-source low-code platform that could lead to unauthorized access or system compromise.

A vulnerability in the Budibase platform could allow for unauthorized actions, potentially leading to a breach of the application environment.

A high-severity vulnerability has been discovered in Postiz, an AI-powered social media scheduling tool, which could lead to unauthorized access or data exposure.

A command injection vulnerability in a console interface allows attackers to execute arbitrary commands on the underlying system.

Storage credentials are hardcoded in the mobile application and device firmware, allowing unauthorized parties to access stored data.

SillyTavern, a user interface for large language models and image generation, contains a vulnerability that could allow for unauthorized technical manipulation within the local environment.

An issue was discovered in BizTalk360 before version 11 that could allow for unauthorized access or system manipulation within the monitoring environment.

A permissions issue has been addressed in the affected software that previously allowed for unauthorized access to restricted resources or functions.

Hirschmann HiLCOS industrial networking devices are affected by a high-severity vulnerability in versions prior to version 8, potentially impacting critical network infrastructure.

A high-severity vulnerability has been identified in Keycloak, an open-source identity and access management solution, which could compromise authentication integrity.

SillyTavern, a local interface for AI generation models, is affected by a high-severity vulnerability that could lead to unauthorized system interactions.

A vulnerability in goshs, a SimpleHTTPServer written in Go, could allow for unauthorized file access or remote exploitation.

The Go MCP SDK improperly utilizes the standard encoding/json library, potentially leading to unexpected behavior during JSON parsing or serialization in Model Context Protocol implementations.

OneUptime, an open-source monitoring and observability platform, contains a vulnerability that could impact the security of its monitoring environment.

Focalboard version 8 is affected by a high-severity vulnerability; however, the product was designated as unsupported at the time the CVE was assigned.

A high-severity vulnerability has been identified in the "prompts" library, potentially impacting applications that utilize this component for user input handling.

A high-severity vulnerability has been identified in the "prompts" component as utilized within Canon products, potentially affecting device security.

Hirschmann HiLCOS Classic Platform switches are affected by a high-severity vulnerability in versions prior to 09, impacting industrial network reliability.

Glances, a cross-platform system monitoring tool, is affected by a vulnerability that may allow for unauthorized information disclosure or system interference.

Kiro IDE is vulnerable to unsanitized input during web page generation in the Kiro Agent webview, which could lead to code execution or data theft.

The Amazon Athena ODBC driver contains a high-severity vulnerability due to improper neutralization of special elements in its authentication components.

A high-severity vulnerability exists in Fal products related to prompt handling. The flaw could allow for unauthorized input manipulation or system exploitation.

OpenClaw contains an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths.

A security flaw has been identified in Keycloak that could compromise identity and access management processes.

A high-severity vulnerability has been identified in the Suricata network IDS/IPS engine that may impact traffic inspection.

A security flaw in the Suricata IDS/IPS engine could permit attackers to interfere with network traffic analysis and security enforcement.

The Suricata engine is vulnerable to a flaw that could result in a denial of service or the bypass of network security policies.

A vulnerability in Suricata's network engine could allow an attacker to bypass intrusion detection signatures or crash the inspection service.

A high-severity flaw in the Suricata engine could compromise the reliability of network intrusion detection and prevention.

A vulnerability identified in the Suricata network engine could be exploited to disrupt security monitoring or bypass detection mechanisms.

A race condition vulnerability was addressed through the implementation of additional validation checks to prevent concurrent processing errors.

A permissions issue in multiple Infor products has been addressed with additional restrictions to prevent unauthorized access.

A vulnerability related to improper state management has been addressed with improved logic to ensure consistent security enforcement.

A security issue was resolved by implementing improved validation checks to prevent unauthorized access or data manipulation.

Haraka, a high-performance Node.js-based SMTP server, contains a vulnerability that could affect mail processing and security.

A high-severity vulnerability has been identified in Hirschmann EagleSDV version 05, potentially impacting industrial network security.

The "prompts" library, a popular Node.js package for interactive CLI prompts, contains a vulnerability that could lead to improper input handling.

An administrative endpoint is exposed without authentication, allowing remote attackers to access sensitive device management functions.

The Amazon Athena ODBC driver is vulnerable to resource exhaustion due to unlimited resource allocation within its parsing components during data processing.

A security flaw has been identified in the Keycloak identity and access management platform.

A security vulnerability exists in Sudo through version 1.x that could allow for unauthorized actions or privilege escalation.

The Amazon Athena ODBC driver fails to properly validate certificates within its identity provider (IdP) connection components, enabling potential interception.

The Amazon Athena ODBC driver contains insufficient security controls in its browser-based authentication components, potentially allowing for unauthorized session access.

A security flaw has been identified in Keycloak, an open-source identity and access management solution, which could compromise authentication processes.

A security vulnerability has been identified in the huimeicloud hm_editor software.