Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated…
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator rol…
An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.
Note: Software versions which ha…
A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not eval…
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or…
A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver…
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa…
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limi…
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Su…
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control me…
An authenticated iControl SOAP user may be able to obtain information of other accounts.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD pack…
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path …
When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is als…
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cros…
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the c…
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio…
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp c…
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack…
WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design …
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u…
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a…
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen…
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loo…
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the…
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic…
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properl…
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat…
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat…
ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to…
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may be…
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another adminis…
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all …
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of…
Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reu…
When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and inste…
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differ…
libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a …
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SM…
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of…
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_ajax_action' fu…
The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitiz…
The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and inc…
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by…
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all ver…
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, a…
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verific…
The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and 'alg_wc_cog_produc…
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission_message' parameter in …
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output esc…
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This mak…
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for …
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when …
After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se…
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio…
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted.
This is…
An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and …
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access…
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari…
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in…
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. Th…
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users …
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade…
mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker…
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
