Arcane: Missing admin authorization on global variables endpoint

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or ...

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` function. This is due to the `wp_ajax_nopriv_eel_register` AJAX handler iterating the attacker-co...

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it pos...

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty

containerd user ID handling bypass allows runAsNonRoot evasion

js-libp2p: Memory DoS via subscription flood of unique topics

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Twig: Sandbox property and method bypass via object-destructuring assignment

JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin,...

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created wi...

Russh: Unchecked CryptoVec allocation and growth handling is reachable

MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss