Command injection in nektos/act (GitHub Actions local runner) allows attackers to execute arbitrary code by embedding deprecated workflow commands in untrusted input. Act versions prior to 0.2.86 unconditionally process ::set-env:: and ::add-path:: commands that GitHub Actions disabled in 2020, enabling PATH hijacking and environment variable injection when workflows echo PR titles, branch names, or commit messages. Publicly available exploit code exists with working proof-of-concept demonstrating NODE_OPTIONS and LD_PRELOAD injection vectors. This creates a critical supply chain risk where workflows safe on GitHub Actions become exploitable when developers test them locally with act.
Server-side request forgery in LibreChat 0.8.2-rc2 through 0.8.2 allows authenticated users to access internal network resources via incomplete DNS validation bypass. Despite a prior SSRF patch, the current hostname validation fails to check if DNS resolution points to private IP addresses, enabling attackers to reach internal RAG APIs and cloud metadata endpoints. CVSS 7.7 with network-based attack vector and low complexity. EPSS data not available; no confirmed active exploitation (not listed in CISA KEV). Patch released in version 0.8.3-rc1.
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate...
A path traversal vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Command injection in Flannel's experimental Extension backend allows authenticated Kubernetes users with node annotation privileges to execute arbitrary commands as root on all flannel nodes in the cluster. This affects Flannel versions prior to 0.28.2 using the Extension backend; other backends (vxlan, wireguard) are unaffected. No public exploit identified at time of analysis, but CVSS 7.5 reflects high impact once node annotation access is achieved. EPSS data not available for this recent CVE (2026 designation appears to be error; actual 2025 advisory).
OTCMS versions 7.66 and earlier contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /admin/read.php endpoint's AnnounContent parameter, enabling remote attackers to craft arbitrary HTTP requests targeting internal services or external systems without requiring credentials. The vulnerability is documented in public security research; however, no CVSS score, EPSS probability, or confirmed active exploitation status is available from CISA KEV data at this time.
OX Dovecot Pro ManageSieve service crashes when processing AUTHENTICATE commands with SASL initial responses using literal format, enabling unauthenticated remote attackers to repeatedly crash the service and deny availability to legitimate users (CVSS 7.5, High availability impact). The vulnerability affects OX Dovecot Pro installations with ManageSieve enabled. No public exploit identified at time of analysis, and EPSS data was not provided in available intelligence.
OX Dovecot Pro managesieve-login process crashes repeatedly due to memory exhaustion triggered by unauthenticated attackers sending crafted messages. The vulnerability enables remote denial of service against the managesieve protocol without authentication (CVSS:3.1/AV:N/AC:L/PR:N/UI:N), with a CVSS score of 7.5 (High severity). No public exploit identified at time of analysis, and the vendor has released a security advisory with remediation guidance.
Unauthenticated remote attackers can read arbitrary files from servers running the awesome-llm-apps Beifong AI News and Podcast Agent backend by exploiting a path traversal vulnerability in the stream-audio endpoint (routers/podcast_router.py, function stream_audio). The endpoint concatenates user-controlled path parameters directly into filesystem paths without validation, allowing attackers to traverse directory structures and disclose sensitive configuration files, credentials, and other confidential data. No public exploit code or active exploitation has been independently confirmed at the time of this analysis.
Cypher injection in Spring AI Neo4j vector store (versions 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3) allows unauthenticated remote attackers to access confidential data stored in Neo4j databases. The vulnerability exists in Neo4jVectorFilterExpressionConverter where user-controlled filter expression keys are embedded into Cypher property accessors without proper backtick escaping, enabling attackers to break out of the intended property context and execute arbitrary Cypher queries. CVSS score of 7.5 reflects high confidentiality impact with network accessibility and low attack complexity, though no public exploit has been identified at time of analysis.
Remote memory-exhaustion denial of service in OX Dovecot Pro (versions up to and including 2.3.0) lets an unauthenticated network attacker exhaust process memory by sending NOOP commands containing thousands of nested parentheses. Each such command consumes roughly 1 MB, and by withholding the terminating line-feed the attacker keeps the allocation alive; ~1000 concurrent connections from even a single source IP can pin around 1 GB, breaching the process VSZ limit and killing the service along with its proxied connections. There is no public exploit identified at time of analysis (EPSS 0.04%, percentile 12; CISA SSVC exploitation=none), but the vector is trivial and a vendor patch is available.
Handlebars.js template engine crashes Node.js processes when compiling templates containing unregistered decorator syntax (e.g., {{*n}}), enabling single-request denial-of-service attacks against applications that accept user-supplied templates. The vulnerability affects the npm package handlebars (pkg:npm/handlebars) and has CVSS score 7.5 (AV:N/AC:L/PR:N/UI:N). A functional proof-of-concept demonstrating the crash exists in the public advisory, confirming exploit code is publicly available. No active exploitation (CISA KEV) has been reported at time of analysis.
Cookie leakage in Happy DOM JavaScript library (all versions prior to 20.8.9) allows remote attackers to steal authentication cookies across origins when fetch() is invoked with credentials:include. The vulnerability stems from the library incorrectly attaching cookies from the current page origin (window.location) rather than the request target URL, enabling cross-origin cookie exfiltration. EPSS data not available, but exploitation requires no authentication (PR:N) with low complexity (AC:L), making this readily exploitable. Upstream fix available (PR/commit); released patched version not independently confirmed.
Spring AI Redis vector store implementations expose sensitive data through unescaped TAG field filter injection in versions 1.0.0-1.0.4 and 1.1.0-1.1.3. Unauthenticated remote attackers can craft malicious filter expressions that bypass query boundaries in RediSearch TAG blocks, allowing extraction of unauthorized information from the vector database (CVSS 7.5 High, C:H). No public exploit identified at time of analysis, though the vulnerability is straightforward to exploit given its low attack complexity (AC:L).
Grafana's OpenFeature feature toggle evaluation endpoint can be forced into an out-of-memory condition by submitting unbounded values, enabling remote denial-of-service attacks against the monitoring platform. The vulnerability is network-accessible, requires no authentication (CVSS AV:N/AC:L/PR:N), and has been assigned a CVSS score of 7.5 with high availability impact. No public exploit identified at time of analysis, and authentication requirements confirm unauthenticated access per the CVSS vector PR:N.
Sensitive credential disclosure in Grafana (versions in the 9.3.0-11.6.x, 12.0.x-12.4.x lines) exposes the stored passwords of all direct (non-proxied) data sources whenever the public dashboards feature is enabled, even for data sources never referenced by any dashboard. Reported by Grafana with a vendor patch available, the flaw lets unauthenticated viewers of a public dashboard harvest backend data-source credentials (CVSS 7.5, C:H). There is no public exploit identified at time of analysis, and EPSS is very low (0.01%) with CISA SSVC rating exploitation as none.
Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.
Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.19 enables remote authenticated attackers to achieve code execution via the formSetCfm function. The vulnerability is triggered through POST requests to /goform/setcfm by manipulating the funcpara1 parameter. A publicly available exploit code exists, significantly lowering the barrier to exploitation for attackers with low-privilege credentials.
Stack-based buffer overflow in Tenda AC7 router firmware 15.03.06.44 allows authenticated remote attackers to execute arbitrary code via crafted Time parameter to /goform/SetSysTimeCfg endpoint. Publicly available exploit code exists. EPSS data not available, but exploitation requires low attack complexity with network access and low privileges (CVSS:4.0 AV:N/AC:L/PR:L). This is a critical pre-authentication boundary issue in consumer router infrastructure with confirmed POC, warranting immediate patching for affected deployments.
A SSRF vulnerability (CVSS 7.4). High severity vulnerability requiring prompt remediation.
MyTube versions prior to 1.8.69 suffer from an authorization bypass in the `/api/settings/import-database` endpoint that allows low-privilege authenticated users to upload and replace the application's SQLite database entirely, resulting in complete application compromise. The vulnerability affects self-hosted instances of MyTube and extends to other POST routes using the same flawed authorization mechanism. No public exploit code or active exploitation has been confirmed at time of analysis, but the fix is available in version 1.8.69.
The cpp-httplib HTTP/HTTPS client library (versions prior to 0.39.0) leaks authentication credentials to arbitrary third-party servers when following cross-origin HTTP redirects. An attacker operating a malicious server can issue a 301/302/307/308 redirect to capture plaintext Basic Auth, Bearer Token, or Digest Auth credentials from the Authorization header. CVSS score of 7.4 reflects high confidentiality and integrity impact with network attack vector and high complexity; no public exploit identified at time of analysis.
Venueless instances allow authenticated users with 'update world' permissions to exfiltrate chat messages from direct messages or other worlds' channels via a flaw in the reporting feature, provided the attacker can obtain the target channel's internal UUID. This cross-world information disclosure affects Pretix Venueless across versions prior to patching, and exploitability is constrained by the requirement to discover internal identifiers that are not typically exposed to unauthorized users.
Cross-site scripting in Home Assistant's mobile phone remaining charge time sensor allows authenticated attackers to inject malicious scripts via crafted sensor names imported from Android Auto. Affecting Home Assistant versions 2025.02 through 2026.00, this vulnerability requires low attack complexity and privileged access but relies on user interaction to execute stored XSS payloads. A vendor-released patch is available in version 2026.01, with EPSS data unavailable and no confirmed active exploitation at time of analysis.
Cross-site scripting in Home Assistant's Map card component allows authenticated users to inject malicious JavaScript through device entity names, executing arbitrary code in victims' browsers when they hover over map information points. Affects Home Assistant versions 2020.02 through 2026.0.x, with fix released in version 2026.01. No public exploit identified at time of analysis, though CVSS E:P indicates proof-of-concept code exists. EPSS data not available, but exploitation requires authenticated access and user interaction (hovering), limiting practical attack surface.
JavaScript code injection in Windmill's NativeTS executor allows workspace administrators to achieve remote code execution by embedding malicious payloads in environment variable values. The vulnerability (CWE-94) stems from improper sanitization of single quotes when interpolating workspace environment variables into JavaScript string literals, enabling arbitrary code execution in all NativeTS scripts within the affected workspace. Windmill versions prior to 1.664.0 are affected. CVSS 7.3 reflects high confidentiality, integrity, and availability impact, though exploitation requires high privileges (workspace admin role). Publicly available exploit code exists, though no confirmed active exploitation (CISA KEV) at time of analysis.
Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Remote Code Execution and Arbitrary File Read in Metabase Enterprise Edition allows authenticated administrators to execute arbitrary code and read sensitive files via malicious serialization archives. Affected versions span at least 1.47 through 1.59.3, with patches released in versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4. The vulnerability exploits the POST /api/ee/serialization/import endpoint by injecting INIT properties into H2 JDBC specifications within crafted serialization archives, triggering arbitrary SQL execution during database synchronization. Authentication as an admin is required (CVSS PR:H), and the vulnerability has been confirmed exploitable on Metabase Cloud infrastructure.
Stack buffer overflow in LSC Indoor Camera V7.6.32 ONVIF GetStreamUri function allows unauthenticated remote attackers to cause denial of service or execute arbitrary code by sending a crafted SOAP request with an oversized Protocol parameter in the Transport element, bypassing input validation and corrupting the stack return instruction pointer.
OS command injection in NEC Platforms Aterm wireless router series (models WX1500HP and WX3600HP) permits authenticated network attackers with high privileges to execute arbitrary operating system commands on affected devices. The vulnerability requires user interaction and high attack complexity (CVSS 4.0 score 7.1), with no public exploit identified at time of analysis. NEC Platforms has published a security advisory detailing the issue.
Multiple NEC Aterm wireless router models are vulnerable to OS command injection that enables network-based attackers with high privileges and user interaction to execute arbitrary operating system commands. The vulnerability carries a CVSS 4.0 score of 7.1 and affects at least eight router models in the Aterm series including WG2600HS, WF1200CR, WG1200CR, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX3000HP2. No public exploit identified at time of analysis, though exploitation requires both elevated privileges and user interaction which reduces immediate risk.
Multiple shell injection and untrusted search path vulnerabilities in Wazuh agent and manager (versions 2.1.0 through 4.7.x) enable remote code execution through malicious configuration parameters. Authenticated attackers with high privileges can inject commands via logcollector configuration files, maild SMTP server tags, and Kaspersky AR script parameters. The CVSS 4.0 score of 7.1 reflects network-accessible attack vector with low complexity but requiring high-privilege credentials; no public exploit identified at time of analysis.
Open WebUI versions prior to 0.8.6 permit authenticated users to overwrite arbitrary file contents through an insecure batch processing endpoint, escalating read-only knowledge base access to write permissions without ownership validation. Attackers with low-level privileges can manipulate RAG (Retrieval-Augmented Generation) content served to language models, poisoning AI responses delivered to other users. CVSS 7.1 (High) reflects network-accessible exploitation with low complexity requiring only standard user authentication; no public exploit identified at time of analysis.
Ruby Language Server (ruby-lsp) allows arbitrary code execution when opening malicious projects. The vulnerability exploits unsanitized interpolation of the rubyLsp.branch workspace setting into a generated Gemfile, enabling attackers to embed malicious Ruby code in .vscode/settings.json that executes when users open and trust the workspace. Affects ruby-lsp gem < 0.26.9 and VS Code extension < 0.10.2. No active exploitation or public POC currently identified at time of analysis, but the attack requires only social engineering to trick developers into opening a crafted repository.
Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.
MLflow's basic-auth authentication system fails to protect tracing and assessment endpoints, enabling any authenticated user with no experiment permissions to read trace metadata and create unauthorized assessments. The vulnerability affects MLflow deployments running with the '--app-name=basic-auth' flag and carries a CVSS score of 8.1 (High) with network-based attack vector requiring low privilege authentication. This vulnerability was reported via the HackerOne bug bounty platform (@huntr_ai) with no public exploit identified at time of analysis.
Stored XSS in Langflow's image serving endpoint allows authenticated attackers to steal session tokens via malicious SVG uploads. The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves user-uploaded SVG files with 'image/svg+xml' content type without sanitization, enabling embedded JavaScript execution in victim browsers. Authenticated attackers with low privileges can upload crafted SVGs that execute in other users' contexts, exfiltrating JWT access and refresh tokens from cookies. EPSS probability is low (0.07%, 22nd percentile) with no active exploitation confirmed (SSVC: none), but the attack is straightforward for authenticated users with file upload permissions.
Stored cross-site scripting in Thales Sentinel LDK Runtime on Windows allows attackers with local access to inject malicious scripts that execute with high integrity impact. All versions before 10.22 are affected. The CVSS 4.0 base score of 7.0 reflects local attack vector with no privileges required and no user interaction. Proof-of-concept exploit code exists (CVSS:4.0 E:P). CISA KEV does not list this vulnerability as actively exploited at time of analysis.