CVE Brief Security Intelligence

An insecure deserialization vulnerability in the OWASP ZAP ViewState add-on allows attackers to achieve arbitrary code execution via malicious serialized Java objects.

A PHP Object Injection vulnerability exists in the InspiryThemes RealHomes plugin for WordPress, potentially allowing authenticated subscribers to execute arbitrary code.

An integer overflow vulnerability in the Mojo component of Google Chrome could allow a remote attacker to trigger memory corruption.

Uncanny Automator contains an unauthenticated PHP Object Injection vulnerability in versions 7 and below, potentially allowing for remote code execution.

A security vulnerability exists in Dell Container Storage Modules (CSI PowerStore) version 2, potentially impacting the integrity of storage management operations.

Dell Display and Peripheral Manager (DDPM) for macOS versions prior to 2 contain a vulnerability that could lead to unauthorized system impacts.

The mise development tool manager contains a high-severity vulnerability potentially allowing for unauthorized system impact.

A vulnerability in the Blocksy Companion Pro WordPress plugin allows authenticated contributors to execute arbitrary code on the server.

The AVX2-optimized ML-KEM implementation in wolfSSL contains a comparison flaw during the decapsulation process that could lead to security compromises.

The FreeBSD KTLS receive path improperly decrypts records in place, leading to potential memory corruption due to unsafe mbuf modification.

The Teable v2 REST API lacks necessary permission metadata on ORPC endpoints, enabling authenticated users to bypass authorization controls.

A vulnerability exists in the KubeVirt migration proxy component of Red Hat OpenShift Virtualization that could lead to unauthorized system access.

A privilege escalation vulnerability in ThemeFusion's Fusion Builder allows users with Contributor roles to perform unauthorized actions.

A privilege escalation vulnerability in Abandoned Cart Pro for WooCommerce allows a subscriber-level user to escalate their privileges to administrative access.

A privilege escalation vulnerability in Frisbii Pay allows authenticated users with contributor-level access to escalate their permissions to administrative levels.

A SQL injection vulnerability in the Tourfic plugin allows authenticated subscriber-level users to execute arbitrary SQL commands against the database.

A SQL injection vulnerability in the wpForo Forum plugin allows authenticated contributors to execute arbitrary database queries.

A SQL injection vulnerability in the BestWebSoft Gallery plugin allows authenticated contributors to execute arbitrary database queries.

A SQL injection vulnerability in the WP Post Author plugin allows authenticated contributors to execute arbitrary database queries.

A SQL injection vulnerability exists in the Restaurant Menu by MotoPress plugin, allowing authenticated contributors to execute arbitrary SQL commands.

An SQL injection vulnerability in the WP Job Portal plugin allows authenticated contributors to execute arbitrary database queries.

The Contest Gallery plugin is affected by an authenticated SQL injection vulnerability, permitting contributors to run unauthorized SQL queries.

A SQL injection vulnerability in the Zip Recipes plugin for WordPress allows authenticated contributors to execute arbitrary database queries.

A SQL injection vulnerability in the Groundhogg WordPress plugin allows authenticated sales representatives to execute arbitrary database queries.

A heap-based buffer overflow vulnerability in the vtkDICOMItem::NewDataElement function of the vtk-dicom library can lead to arbitrary code execution.

A high-severity vulnerability exists in the Cudy LT300 router, potentially allowing unauthorized system access.

A high-severity vulnerability has been identified in OpenProject, a web-based project management platform, potentially leading to unauthorized data access.

A high-severity security vulnerability has been discovered in the Pagekit CMS, which could potentially lead to unauthorized access or site compromise.

This vulnerability is an unauthenticated Cross-Site Request Forgery (CSRF) flaw affecting the Eagle Booking plugin.

An unauthenticated Cross-Site Request Forgery (CSRF) vulnerability exists in the Paid Memberships Pro - Add Member From Admin plugin.

A security vulnerability has been identified in the Kestra open-source orchestration platform.

RustFS, a distributed object storage system, contains a vulnerability that may lead to significant security compromise.

BitFire Security versions 5 and below contain multiple unauthenticated vulnerabilities that allow for potential system compromise.

The Budibase low-code platform contains a vulnerability that may expose the system to unauthorized access or manipulation.

A security vulnerability in the AutoGPT workflow automation platform may expose continuous artificial intelligence agents to unauthorized manipulation.

A broken access control vulnerability in the devLXDInstancePatchHandler component of Canonical LXD allows unauthorized storage volume access between guests.

An unauthenticated broken access control vulnerability in the MailChimp Block plugin allows unauthorized users to perform sensitive actions without appropriate permissions.

A security vulnerability in the Budibase low-code platform may allow for unauthorized access or execution of administrative functions.

A high-severity security vulnerability has been identified in the Budibase low-code platform that requires immediate attention from system administrators.

A high-severity vulnerability exists within the RustFS distributed object storage system that necessitates immediate security patching.

A high-severity vulnerability has been disclosed in the OpenProject web-based project management software, requiring urgent administrative intervention.

An unauthenticated Cross-Site Request Forgery (CSRF) vulnerability exists in the Child Theme Wizard plugin, allowing unauthorized actions to be performed on behalf of a victim.

Daktronics VFC-DMP-5000 devices utilize default administrative credentials with weak authentication controls, posing a significant risk of unauthorized access.

The extract-zip library fails to validate symlink targets during the extraction of zip archives, potentially leading to arbitrary file system access.

Tribulant Newsletters plugin is vulnerable to a broken access control issue, potentially allowing unauthorized subscriber data manipulation.

A security flaw has been identified in the Red Hat build of Keycloak, potentially impacting authentication or authorization mechanisms.

A security vulnerability exists in HTMLy CMS through version 3, which may allow for unauthorized system access or information disclosure.

A vulnerability in socat versions 1 may allow for unauthorized access or system compromise due to improper handling of network connections.

A flaw in the Red Hat Keycloak Policy Enforcer allows for improper access control, potentially bypassing security constraints during authentication processes.

A missing authorization vulnerability in Royal Plugins' Royal MCP allows attackers to exploit incorrectly configured access control settings.

A critical Local File Inclusion (LFI) vulnerability exists in the MDTF plugin, allowing unauthenticated attackers to read sensitive files on the host server.

A security vulnerability has been identified in the LibreChat AI interface, requiring urgent review of the vendor's security updates to mitigate potential unauthorized access.

A security vulnerability in the Notepad++ text editor requires immediate attention to prevent potential exploitation of the application environment.

A security vulnerability has been identified in the Notepad++ source code editor that may require immediate attention from system administrators.

A high-severity security vulnerability has been identified in the Notepad++ source code editor that requires prompt remediation.

A critical memory vulnerability in the Imagination Graphics DDK allows improper GPU commands to trigger out-of-bounds memory access.

A security vulnerability has been identified in the SeaweedFS distributed storage system that may allow unauthorized access or impact system integrity.

A security vulnerability in the Glances cross-platform monitoring tool could potentially be leveraged by remote attackers to compromise system monitoring integrity.

An additional security vulnerability has been identified in the Glances monitoring tool that may permit unauthorized system-level interactions.

A security vulnerability has been identified in the Glances system monitoring tool that may allow unauthorized access or system compromise.