| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions. |
| Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. |
| Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions. |
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. |
| Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions. |
| Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. |
| Subscriber Broken Access Control in Bookify <= 1.1.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. |
| Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. |
| Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. |
| Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. |
| A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file. |
| Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure. |
| A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash. |
| Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigger an exception during plugin installation to bypass sanitization routines, causing malicious paths to be stored unsanitized and subsequently passed to include(), which combined with file upload functionality escalates to arbitrary code execution in the context of the web server user. |
| Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict challenge text, bypassing protections on login, registration, and other functionality from automated abuse. |
| Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the database backup API exposed by dbbak.php. Attackers can inject a crafted payload through the username parameter during login to abuse the encryption oracle in logging_ctl::logging_more(), obtain a legitimately signed token, and use it to bypass authorization for database export and import operations, with the additional ability to trigger a race condition to impersonate arbitrary users. |
| In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.
Affected versions:
Spring AI 1.0.0 through 1.0.x (fix 1.0.9).
Spring AI 1.1.0 through 1.1.x (fix 1.1.8). |
