Security Vulnerabilities
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
CVSS Score
3.8
EPSS Score
0.0
Published
2026-03-16
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-03-16
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-16
Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges.
This issue was fixed in version 1.4.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-16
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-16
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
CVSS Score
3.7
EPSS Score
0.0
Published
2026-03-16
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.
This issue was fixed in version 1.4.6.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-16
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account.
This issue was fixed in version 1.4.6.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-16
Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.
This issue was fixed in version 1.4.6.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-16
Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser.
This issue was fixed in version 1.4.6.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-16