CVE Brief Security Intelligence

A race condition or improper cleanup vulnerability in the Linux kernel's VFIO PCI driver can occur during device shutdown if DMABUFs are not properly cleaned before the function is disabled.

HCL Traveler for Microsoft Outlook (HTMO) contains an unspecified vulnerability that may allow for unauthorized access or system impact.

The Splash Sport Club WordPress theme contains a Local File Inclusion (LFI) vulnerability that allows authenticated contributors to access sensitive files on the server.

A Local File Inclusion (LFI) vulnerability exists in the Goya Core platform, allowing authenticated contributors to potentially access sensitive files on the host server.

The WordPress Frontend File Manager Plugin is susceptible to an authenticated arbitrary file deletion vulnerability in versions up to and including 23.

A pre-authentication bypass vulnerability exists in Apache Kerby, allowing attackers to circumvent security checks by sending unsupported PA-DATA types.

A high-severity security vulnerability has been identified in the Envoy proxy, which may impact cloud-native service configurations and infrastructure security.

A high-severity security vulnerability has been discovered in the Envoy edge and service proxy, necessitating urgent review and remediation for affected cloud environments.

A security vulnerability exists in the Envoy edge and service proxy, potentially impacting cloud-native application infrastructure.

A security vulnerability has been identified in the Envoy edge and service proxy, which may affect cloud-native application deployments.

An unauthenticated remote information disclosure vulnerability in the Ollama model quantization engine allows unauthorized heap memory access.

An unauthenticated broken authentication vulnerability exists in the CorvusPay WooCommerce Payment Gateway plugin, potentially allowing unauthorized access to payment processes.

A SQL injection vulnerability exists in the WP All Import plugin that can be exploited by an authenticated administrator to execute arbitrary database queries.

A SQL injection vulnerability in the Ays Popup box plugin allows an authenticated administrator to execute arbitrary database commands.

A memory management flaw in the Linux kernel iommu/vt-d subsystem could lead to NULL pointer dereferences or reference count corruption.

A vulnerability in the Zephyr RTOS IP socket recvmsg() implementation could allow for memory corruption or unauthorized data handling.

A vulnerability in the FFmpeg RASC video decoder component (decode_dlta) may lead to memory corruption during the processing of malformed media files.

A resource management flaw in the Linux kernel drm/xe driver allows for a potential use-after-free condition due to improper ordering of device cleanup during stream closure.

A use-after-free vulnerability exists in the Linux kernel enetc network driver related to improper DMA memory management.

A security vulnerability exists within the Kestra orchestration platform, requiring immediate review of the vendor's security advisory.

A vulnerability exists within the Kestra event-driven orchestration platform that may allow for unauthorized system interaction.

A high-severity vulnerability has been identified in the RustFS distributed object storage system that may impact data security.

A vulnerability in the Imagination Graphics DDK allows for an out-of-bounds write crash via maliciously crafted GPU shader code.

A vulnerability exists in Peplink InControl 2 that may allow for unauthorized access or system compromise.

RustDesk fails to properly clear capability flags during file-transfer sessions, potentially allowing unauthorized control message execution.

SupportCandy contains an Insecure Direct Object Reference (IDOR) vulnerability that may allow authenticated subscribers to access unauthorized data.

A security vulnerability exists in the Notepad++ source code editor that may allow for unauthorized system impact.

A security vulnerability has been identified in the Notepad++ source code editor that could potentially be leveraged to compromise user systems.

A flaw in the Linux kernel Btrfs file system handling causes improper dirty page management during transaction aborts, potentially leading to system instability.

A vulnerability has been identified in OpenProject, an open-source project management platform, that may expose the system to unauthorized access or manipulation.

A security vulnerability exists within the Dragonfly in-memory data store that may impact the confidentiality or integrity of cached application data.

A vulnerability has been discovered in the Labstack Echo Go web framework that may facilitate unauthorized access or bypasses in web applications built using this framework.

A vulnerability exists in Podman, a tool for managing OCI containers and pods, which may allow for unauthorized system interaction.

A vulnerability in the Safetica Endpoint Client's ProcessMonitorDriver kernel driver may allow for unauthorized local privilege escalation.

The Ads by WPQuads plugin for WordPress is susceptible to unauthenticated sensitive data exposure due to insufficient access control.

A broken access control vulnerability in the Gutenverse Companion plugin allows unauthenticated attackers to bypass security restrictions.

An unauthenticated sensitive data exposure vulnerability exists in the Object Cache 4 everyone plugin, potentially leaking internal system data.

A broken access control vulnerability in the Five Star Restaurant Menu plugin allows unauthenticated attackers to bypass security checks.

An unauthenticated broken access control vulnerability exists in the All-In-One Intranet plugin, potentially allowing unauthorized access to restricted site data.

An unauthenticated sensitive data exposure vulnerability in the Trinity Backup plugin may allow attackers to access or retrieve sensitive information without proper authorization.

A broken access control vulnerability in the Syncee Premium Dropshipping & Wholesale plugin allows unauthenticated users to bypass security checks and access restricted functionality.

An unauthenticated broken access control vulnerability in the Stylish Cost Calculator plugin allows unauthorized users to perform restricted actions.

An unauthenticated broken access control vulnerability in the Paymob for WooCommerce plugin enables unauthorized users to access restricted plugin functionality.

An unauthenticated sensitive data exposure vulnerability in the Print Invoice & Delivery Notes for WooCommerce plugin allows unauthorized access to private customer documents.

The Subscriptions for WooCommerce plugin contains an unauthenticated broken access control vulnerability, allowing unauthorized access to restricted subscription data.

Toolset Forms is vulnerable to unauthenticated Insecure Direct Object References (IDOR), enabling attackers to access or manipulate objects without proper authorization.

The Panorama Viewer plugin for WordPress is susceptible to a Local File Inclusion (LFI) vulnerability exploitable by users with Contributor-level access.

Johnson & Johnson Campus Recruiting contains an improper access control vulnerability allowing unauthorized viewing of sensitive student data and interviewer notes.

Johnson & Johnson Audit Tracking Management System (ATMS) contains an access control vulnerability that enables unauthorized viewing of confidential meeting minutes and transcripts.

A vulnerability exists in the Zephyr real-time operating system's BSD-sockets `getaddrinfo()` implementation, potentially impacting network communication security.

Budibase contains a security vulnerability within its low-code platform architecture that requires immediate administrative review and patching.

The Enable CORS plugin contains an unauthenticated backdoor that allows remote attackers to bypass security controls and gain unauthorized access to the affected environment.

Budibase contains a security vulnerability within its low-code platform that requires urgent review to prevent unauthorized system interaction.

A broken access control vulnerability in the Tribulant Newsletters plugin allows unauthenticated attackers to bypass security restrictions.

MyBB contains a security vulnerability that may allow unauthorized access or impact system integrity depending on the specific implementation.