Security Vulnerabilities
Cross-Site Request Forgery (CSRF) in the resource-management feature of
ObjectPlanet Opinio 7.26 rev12562
allows to upload
files on behalf of the connected users and then access such files without authentication.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-12-02
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of
ObjectPlanet Opinio 7.26 rev12562 on
Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests
to an arbitrary destination.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-12-02
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited "Reply Tickets" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-12-02
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-12-02
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01717526; Issue ID: MSV-5591.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-12-02
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-02
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-02
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-02
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-02
In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-12-02