Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms.
Authenticated arbitrary file upload in Infility Global WordPress plugin versions ≤2.14.42 permits remote code execution. The upload_file function accepts spoofed MIME types without verifying file extensions, while import_data lacks capability checks, allowing subscriber-level users to upload malicious files (e.g., PHP webshells) to the server. CVSS:3.1 score 8.8 (High) reflects network-accessible, low-complexity exploitation requiring only low-privilege authentication. No public exploit identified at time of analysis. EPSS 0.35% indicates low observed exploitation activity.
Arbitrary root file overwrite in CloudLinux ai-bolit before v32.7.4 occurs when the scanner's malware de-obfuscation routines evaluate attacker-controlled content, enabling code injection that runs with the scanner's root privileges. A crafted file placed where ai-bolit will scan it triggers the flaw, letting an attacker overwrite arbitrary files as root and effectively take over the host. There is no public exploit identified at time of analysis, EPSS risk is modest (0.29%, 21st percentile), and it is not listed in CISA KEV.
Privilege escalation in Nebim V3 ERP versions 2.0.59 through 3.0.0 lets an authenticated database-level attacker pivot from SQL access to operating-system control because the application stack executes with unnecessary privileges (CWE-250). Reported through Turkey's USOM/CERT-TR (advisory TR-25-0450), the issue carries CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:H), and there is no public exploit identified at time of analysis, with EPSS at 0.09% (26th percentile).
Memory corruption via out-of-bounds write in Apple operating systems allows remote attackers to execute arbitrary code when victims process a malicious file. The vulnerability affects macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x), iOS/iPadOS (18.x, 26.x), tvOS, visionOS, and watchOS 26.x. Despite a high CVSS score of 8.8, EPSS data indicates only 0.05% exploitation probability (15th percentile), and no public exploit code or active exploitation is confirmed. The flaw stems from inadequate bounds checking (CWE-787) in file processing routines, requiring user interaction but no authentication, making it a realistic phishing or malicious download target.
A command injection vulnerability in gardenctl allows attackers with administrative privileges in a Gardener project to inject malicious commands through crafted credential values when non-POSIX shells (Fish, PowerShell) are used by service operators. The vulnerability affects gardenctl versions 2.11.0 and below, enabling attackers to break out of string contexts and execute arbitrary commands with potentially high impact on confidentiality, integrity, and availability. With an EPSS score of only 0.06% and no known exploitation in the wild or public POC, this represents a lower real-world risk despite the high CVSS score of 8.4.
macOS launch constraint bypass enables authenticated local users to execute code with elevated privileges on macOS Sequoia (up to 15.7.2) and macOS Tahoe (pre-26). The vulnerability requires low-complexity exploitation by a user with existing local access, allowing them to circumvent Apple's launch constraint security framework and achieve full system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with EPSS indicating only 0.02% probability of exploitation in the wild (5th percentile).
Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.
Local privilege escalation in macOS Sequoia (pre-15.7.3) and macOS Tahoe (pre-26.2) allows authenticated users with low-level privileges to gain root access via a permissions flaw. Apple addressed the issue with additional restrictions in the latest updates. EPSS score of 0.01% indicates minimal observed exploitation activity, and no public exploit identified at time of analysis.
Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.
Memory corruption in macOS kernel allows authenticated local users to execute arbitrary code or crash the system. Apple fixed the vulnerability via improved memory handling in macOS Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.1. With CVSS 7.8 (High severity) reflecting local attack vector requiring low privileges, and EPSS at 0.01% (2nd percentile), this represents a moderate real-world risk despite high CVSS scoring. No public exploit identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).
A buffer information disclosure vulnerability exists in the Aircompressor Java compression library affecting Snappy and LZ4 decompressor implementations. Versions 3.3 and below of Airlift Aircompressor allow remote attackers to read previous buffer contents through crafted compressed input, potentially leaking sensitive data from applications that reuse output buffers across multiple decompression operations. With an EPSS score of 0.19% (41st percentile), active exploitation appears low probability despite the network-accessible attack vector, and no public proof-of-concept is currently documented.
Mail header parsing flaw in Apple operating systems allows unauthenticated remote attackers to trigger persistent denial-of-service conditions across iOS, iPadOS, macOS, visionOS, and watchOS platforms. The vulnerability affects all major Apple OS releases prior to January 2025 patches (iOS/iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Sonoma 14.8.2/Tahoe 26.1, visionOS 26.1, watchOS 26.1). With EPSS exploitation probability at 0.19% (41st percentile) and no public exploit identified at time of analysis, real-world risk appears moderate despite the 7.5 CVSS score.
Servify Express, a Node.js package for starting Express servers, contains a denial of service vulnerability caused by the absence of size limits on JSON request bodies parsed by express.json(). Attackers can exploit this by sending extremely large payloads to cause memory exhaustion and crash the application process. With an EPSS score of 0.07% (21st percentile), active exploitation remains low-probability, though a patch is available and the vulnerability affects any internet-facing application using affected versions.
Password field disclosure in Apple operating systems allows remote observation of credentials during FaceTime screen sharing sessions. Affects iOS/iPadOS 18.x through 18.7.2, iOS/iPadOS 26.0-26.1, macOS Sequoia through 15.7.2, macOS Tahoe through 26.1, and visionOS through 26.1. Attackers with network access to FaceTime sessions can view password fields that should be masked, creating credential exposure risk during remote support or collaboration scenarios. EPSS score of 0.03% (10th percentile) indicates low automated exploitation probability, and no public exploit identified at time of analysis.
Physical access to SolarEdge SE3680H solar inverters allows privilege escalation, remote code execution, and information disclosure through unpatched Linux kernel vulnerabilities. Reported by DIVD CSIRT, this affects SE3680H firmware running outdated kernel subsystems. While CVSS 4.0 scores 7.0 with physical attack vector (AV:P), the presence of RCE and privilege escalation tags indicates high impact once physical proximity is achieved. No EPSS score, KEV listing, or public exploit identified at time of analysis, suggesting limited current exploitation risk for typical deployment scenarios.