Remote Code Execution

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to systems using the authentik identity provider when it is set up with certain reverse proxies like Traefik or Caddy. This can happen if the attacker sends a specially crafted cookie, allowing them to access resources without proper credentials, but it only affects versions prior to the specified updates.

This vulnerability allows an attacker with specific permissions to run arbitrary code on the authentik server, potentially taking control of the system. It affects versions from 2021.3.1 up to just before 2025.8.6, 2025.10.4, and 2025.12.4, and requires the attacker to have permission to view certain property mappings or policies.

An attacker can exploit this vulnerability to overwhelm a system by repeatedly opening and closing WebTransport streams, which leads to excessive memory use because the system fails to properly clean up closed streams. This issue occurs in versions prior to 0.10.0, so updating to the latest version is essential to prevent this problem.

An attacker can exploit a flaw in the webtransport-go software to send an excessively large message, causing the system to use up all available memory and potentially crash or slow down. This requires the attacker to send a large payload, but since there’s no limit on the size, they can easily overwhelm the system if they have enough bandwidth.

This vulnerability allows an attacker to upload a specially crafted ZIP file that contains another ZIP file with a malicious executable, which can then be extracted and run on the server. If the server has weak security settings, this could lead to remote code execution, allowing the attacker to take control of the system or access sensitive data.

An attacker can exploit a flaw in the MCP Python SDK to send unauthorized requests to a local server running without authentication, potentially accessing sensitive resources or executing commands on behalf of the user. This vulnerability occurs only if the server is set up on localhost without proper security measures, making it critical to avoid running such servers without authentication.

An attacker can exploit this vulnerability to send unauthorized requests to a local MCP server running on a user's machine, potentially accessing sensitive resources or tools. This can happen if the server is running without authentication on localhost and does not have DNS rebinding protection enabled, which is a risky setup that should be avoided.

This vulnerability allows an attacker to remotely execute commands on the DIR-823 router by exploiting a flaw in the settings interface, which fails to properly filter input. To take advantage of this, the attacker needs access to the router's settings, potentially through an unsecured network or by guessing login credentials.

This vulnerability allows an attacker to take over a user's session without needing any interaction from them, which can lead to unauthorized access to sensitive information. It affects several versions of Adobe Commerce, so if you're using one of those versions, it's critical to update immediately to prevent exploitation.

This vulnerability allows an attacker to exploit the Linux kernel's scheduling system to insert a class into a data structure twice, potentially causing the system to enter an infinite loop and prevent packet processing. To take advantage of this, the attacker must use specific configurations with the Hierarchical Fair Service Curve (HFSC) and Token Bucket Filter (TBF) settings.

This vulnerability allows an attacker to inject malicious JavaScript into the API key overview, which can then execute when another user views that section. It affects all authenticated users before version 2.0.0, as there were no permissions to restrict access, but if a user is the only one using Gokapi, they are not at risk.

An attacker can exploit a flaw in Gokapi to upload a file with malicious JavaScript in its name, which runs every time the upload list is viewed, potentially allowing them to execute harmful actions on the server. This vulnerability primarily affects systems before version 2.0.0, where all authenticated users could access and modify all files, making it easier for an attacker if multiple users are present.

An attacker could potentially access sensitive search tokens from the lock file of websites using the Tina CMS command line interface before version 1.6.2, which could allow them to manipulate or access restricted content. If your site uses search functionality, it's crucial to upgrade to the latest version and change your search token immediately to prevent exploitation.

This vulnerability allows an attacker to cause a denial of service by sending specially crafted XML input to the fast-xml-parser, which can lead to the application becoming unresponsive. It specifically affects versions prior to 4.4.1 and requires the application to use the vulnerable currency.js component to be exploited.

An attacker can create a specially crafted image file that, when processed by OpenJPEG, can overwhelm the system's resources and cause it to crash, leading to a denial of service. This vulnerability requires the target system to open the malicious image file for the attack to succeed.

This vulnerability allows an attacker to inject malicious JavaScript into the OpenProject application, potentially compromising other users' accounts. To exploit this, the attacker needs permissions to edit work packages and add attachments, and they could use this to target a System Admin for privilege escalation.

This vulnerability allows an attacker to disable the security features that protect the Zscaler Client Connector, potentially letting them uninstall the software without proper authorization. This issue occurs when an uninstall password is set, and it affects versions of the software prior to 4.2.0.209 on Windows systems.

An attacker can potentially decrypt sensitive data or forge signatures using a server's certificate if they can make many connections to a server running the cryptlib library with RSA key exchange enabled. However, this vulnerability is only relevant in specific testing scenarios and is not typically present in standard deployments.

This vulnerability allows an attacker to inject malicious scripts into the website, which can then execute in the browsers of high-privilege users like administrators. It occurs because the plugin fails to properly clean up the page parameter before displaying it, making it particularly risky for sites using older versions of the plugin.

This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users of the Gravity Master Product Enquiry plugin for WooCommerce, potentially leading to unauthorized actions or data theft. It can be exploited by anyone without needing to log in, as long as they can trick users into clicking on a specially crafted link.