| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions. |
| Unauthenticated PHP Object Injection in Valiance <= 1.2 versions. |
| Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions. |
| Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. |
| Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. |
| Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. |
| Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. |
| An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. |
| In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account. |
| In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files. |
| JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code. |
| A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade `apache-airflow-providers-sftp` to 5.8.1 or later. |
| The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user. |
| The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request |
| A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server. |
| Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions. |
| Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions. |
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. |
| Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions. |
| Unauthenticated Local File Inclusion in Gat <= 1.16 versions. |
