| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attackers can exploit the unsanitized passing of wavedrom block content to window.eval() in the VS Code webview context to abuse the extension's message passing and invoke arbitrary file writes on the local filesystem. |
| OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually. |
| A stack‑based
buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where
the device fails to properly validate the number of XML user nodes during
request processing. An authenticated attacker can send a specially crafted
ONVIF request containing an excessive number of user entries to trigger memory
corruption.
Successful
exploitation may cause the ONVIF management service to terminate unexpectedly,
resulting in a denial‑of‑service (DoS) condition that disrupts device
configuration and management functions. |
| On Tapo
C520WS v2, restricted accounts (for example, hub users) are intended to execute
only a limited set of low‑sensitivity operations. Due to a logic flaw in the
device’s API authorization mechanism, an attacker can craft requests that
leverage legitimate “method mapping” behavior to bypass whitelist restrictions,
allowing restricted operations to be masked as permitted requests and executed.
Successful
exploitation may allow an attacker (with access to a restricted account) to
execute unauthorized sensitive operations.
Depending on the operation invoked, impact could include device
resets, unintended configuration changes, or disruption of normal operation,
leading to loss of availability and integrity of the device. |
| An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory handling behavior.
Successful exploitation may cause the ONVIF management service to crash, resulting in DoS condition that impacts normal device operation. |
| A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. |
| A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 8009845b577d8a2c4bbf4fdd8e8913799a714be6. It is suggested to install a patch to address this issue. |
| A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. |
| A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance. |
| A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called f83e0dcaf8cf18de94828341b0a1a61a86c75baf. A patch should be applied to remediate this issue. |
| Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via crafted Fory serialized data.
Users are recommended to upgrade to version 1.1.0 or later, which fixes this issue. |
| A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. |
| A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used. |
| A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting when a victim visits the archive URL. |
| A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. |
| WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. |
| When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. |
| A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause the underlying query to fall back to returning unintended model fields.
For the New Users widget, this could allow a non-site-admin user to obtain user e-mail addresses even when user e-mail disclosure was disabled by configuration. For the New Organisations widget, crafted field selection could similarly result in unintended organisation fields being included in the dashboard response.
The issue was caused by applying field filtering and redaction in a way that could leave the selected field list empty. The patch ensures that the allowed field list is built safely, that restricted fields such as user e-mail addresses are removed before user-supplied field selection is processed, and that an empty field selection falls back only to the permitted default fields.
Impact:
An authenticated low-privileged user with access to the affected dashboard widgets may be able to disclose restricted user or organisation metadata, including user e-mail addresses depending on configuration. |
| When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes.
This only affects users who allow API access from untrusted networks. |
