| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability is fixed in 5.8.1. |
| RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path (UploadPartCopy). A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenant isolation in multi-user / multi-tenant deployments. This vulnerability is fixed in alpha.90. |
| Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended. This vulnerability is fixed in 7.3.2 and 8.0.5. |
| Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member (ADMIN or MEMBER) to modify the start_date and target_date of ANY issue across the entire Plane instance, regardless of workspace or project membership. The endpoint fetches issues by ID without filtering by workspace or project, enabling cross-boundary data modification. This vulnerability is fixed in 1.3.0. |
| pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set in set_config_value() uses incorrect option names ssl_cert and ssl_key, while the actual configuration option names are ssl_certfile and ssl_keyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with SETTINGS permission to overwrite the SSL certificate and key file paths. Additionally, the ssl_certchain option was never added to the admin-only set at all. This vulnerability is fixed in 0.5.0b3.dev97. |
| PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal to any file on the system. This vulnerability is fixed in 1.5.113. |
| Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. |
| Memory-safety vulnerability in github.com/jackc/pgx/v5. |
| pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix() for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended extraction directory. The correct function os.path.commonpath() was added to the codebase in the CVE-2026-32808 fix (commit 5f4f0fa) but was never applied to _safe_extractall(), making this an incomplete fix. This vulnerability is fixed in 0.5.0b3.dev97. |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles (ManageGroups) can inject arbitrary SQL statements through the NewRole parameter and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0. |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7. |
| An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform. |
| An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform. |
| Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by an attacker and is directly included in a system command, i.e., an attack can occur via malicious filenames after uploading a .zip file and clicking Process Images. |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0. |
| A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users. |
| An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI interface can overwrite stack memory to hijack program control flow and achieve limited arbitrary code execution. However, the impact is limited to the active attack session: the device's secure boot mechanism prevents persistent firmware modification, the crypto engine isolates cryptographic keys from direct firmware access, and all modifications are lost upon device reboot or loss of physical access. |
| The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface. |
| The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded tokens which are publicly exposed in the plugin's JavaScript. This makes it possible for unauthenticated attackers to trigger the backup upload queue processing, potentially causing unexpected backup transfers to configured cloud storage targets and resource exhaustion. |
| Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application. |
