| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host. |
| Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher. |
| Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking, causing the process to hang indefinitely. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1. |
| Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. |
| Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elementor: from n/a through <= 1.0.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through <= 1.5.4. |
| Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0. |
| Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. |
| Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9. |
| Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted source, a crafted rule string could achieve arbitrary code execution. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1. |
| Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. |
| Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. |
| Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. |
| Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. |
