MLflow's FastAPI job endpoints bypass basic-auth entirely, allowing network attackers to submit and execute jobs without credentials (CVSS 9.8, CWE-306). Affects mlflow/mlflow latest version when MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true and job functions are allowlisted. Public POC exists per SSVC framework. EPSS score of 0.20% (42nd percentile) indicates low observed exploitation probability despite critical CVSS, suggesting targeted rather than widespread risk. Vendor-released patch not confirmed at time of analysis - remediation relies on configuration changes and service hardening.
Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.
Remote code execution in BerriAI LiteLLM (pkg:pip/litellm) prior to v1.83.0 allows authenticated users without admin privileges to execute arbitrary Python code, modify proxy configuration, read server files, and hijack privileged accounts via an improperly protected /config/update endpoint. Authentication requirements not confirmed from available data. No public exploit identified at time of analysis, but the attack surface is well-documented in the vendor advisory. CVSS score unavailable; however, the combination of RCE capability and authentication bypass warrants immediate remediation for all LiteLLM deployments.
Unauthenticated information disclosure in Piwigo photo gallery software (versions prior to 16.3.0) allows remote attackers to retrieve complete browsing history of all gallery visitors through exposed pwg.history.search API endpoint. The API method lacks mandatory admin-only access controls (CWE-862), enabling trivial privacy violation with CVSS 7.5 severity. EPSS exploitation probability and KEV status not available; no public exploit identified at time of analysis, though exploitation requires only basic HTTP requests given the zero-authentication requirement (CVSS vector PR:N).
Denial of service via panic in go-jose library (versions prior to v4.1.4 and v3.0.5) occurs when decrypting malformed JSON Web Encryption (JWE) objects that specify a key wrapping algorithm (e.g., RSA-OAEP-KW, ECDH-ES+A128KW) but contain an empty encrypted_key field. The panic is triggered during slice allocation in cipher.KeyUnwrap() when processing ciphertext under 16 bytes, causing immediate application termination. No public exploit identified at time of analysis, though EPSS score of 0.0004
Microsoft Bing contains a server-side request forgery (SSRF) vulnerability that allows elevation of privilege through improperly validated requests. The flaw affects Microsoft Bing across all versions and enables attackers to bypass access controls and escalate privileges by causing the application to make unintended requests to internal or external resources. A vendor-released patch is available.
Sandbox escape in SandboxJS npm package allows unauthenticated remote attackers to mutate host JavaScript global objects (Math, JSON, etc.) and persist malicious code across sandbox instances. The vulnerability bypasses intended global-write protections by exploiting an exposed constructor callable path (this.constructor.call), enabling arbitrary property injection into host runtime globals. Exploitation probability is HIGH (EPSS not available for recent CVE), with publicly available exploit code demonstrating both immediate host contamination and cross-execution persistence. Critical impact: attacker-controlled globals can hijack application control flow when host code consumes mutated built-ins, escalating to arbitrary command execution when chained with application sinks like execSync().
Server-side request forgery in Azure Databricks enables unauthenticated remote attackers to achieve full privilege escalation with critical impact across confidentiality, integrity, and availability. The vulnerability carries a maximum CVSS 10.0 score with network-based attack vector, low complexity, and scope change, indicating attackers can leverage the SSRF to break out of Databricks' security boundary and access underlying cloud infrastructure or customer data. No public exploit or active exploitation confirmed at time of analysis, though the low attack complexity suggests straightforward exploitation once attack surface is identified.
Microsoft Azure Kubernetes Service (AKS) contains an improper authorization vulnerability enabling unauthenticated remote attackers to elevate privileges over a network with critical impact across confidentiality, integrity, and availability. The CVSS 10.0 critical rating reflects network-accessible exploitation requiring no authentication, low complexity, and scope change allowing compromise beyond the vulnerable component. No public exploit identified at time of analysis, though the authentication bypass nature and maximum severity warrant immediate priority.
Azure AI Foundry improper authorization permits unauthenticated remote attackers to escalate privileges and achieve complete compromise with high impact to confidentiality, integrity, and availability. The CVSS 10.0 rating reflects network-based attack vector with low complexity, no user interaction, and scope change indicating containerization/isolation escape. EPSS and KEV status not provided, but the authentication bypass affecting a cloud AI platform poses severe risk. No public exploit identified at time of analysis.
SQL injection in Kestra orchestration platform's flow search endpoint (GET /api/v1/main/flows/search) enables remote code execution on the underlying PostgreSQL host. Authenticated users can trigger the vulnerability by visiting a malicious link, exploiting PostgreSQL's COPY TO PROGRAM feature to execute arbitrary OS commands on the Docker container host. Affects Kestra versions prior to 1.3.7 in default docker-compose deployments. With CVSS 9.9 (Critical) and low attack complexity requiring only low-privilege authentication, this represents a severe risk for container escape and host compromise scenarios.
Remote code execution in Kedro (all versions prior to 1.3.0) allows unauthenticated network attackers to execute arbitrary system commands during application startup by poisoning the KEDRO_LOGGING_CONFIG environment variable. The vulnerability stems from unsafe use of Python's logging.config.dictConfig() with the special '()' factory key that enables arbitrary callable instantiation. With CVSS 9.8 (critical severity, network-exploitable, no privileges required, low complexity), this represents a
Unauthenticated arbitrary file deletion in goshs HTTP file server allows remote attackers to delete any file or directory on the host system via path traversal. A missing return statement after input validation enables attackers to bypass the '..' check by double-encoding traversal sequences (e.g., %252e%252e), sending requests to '/<traversal>/<target-path>?delete' to trigger os.RemoveAll on arbitrary filesystem paths. The vulnerability affects the default configuration with no authentication or special flags required. Public exploit code exists with a working proof-of-concept shell script demonstrating the attack. CVSS 9.8 (Critical) reflects network accessibility, no authentication requirement, and complete impact to integrity and availability. Vendor-released patch available via GitHub commit 237f3af.
Unauthenticated arbitrary file write in goshs (Go Simple HTTP Server) allows remote attackers to overwrite any file on the host filesystem via path traversal in multipart upload endpoints. The vulnerability exists in the default configuration with no authentication required. The upload handler fails to sanitize the directory component of the request path, enabling attackers to escape the webroot using URL-encoded traversal sequences (e.g., /../../target/upload) while the server validates only that paths end with '/upload'. Functional proof-of-concept exploit code is publicly available. EPSS data not available, not listed in CISA KEV.
Arbitrary file write in goshs HTTP server allows unauthenticated remote attackers to overwrite any file on the target system via path traversal in PUT requests. The PUT upload handler in goshs (a Go-based simple HTTP server) performs no path sanitization on user-supplied URL paths, enabling direct filesystem access outside the intended webroot through URL-encoded directory traversal sequences (%2e%2e/). CVSS 9.8 reflects network-accessible exploitation requiring no authentication or user interaction. No public exploit identified at time of analysis beyond the proof-of-concept in the security advisory. EPSS data not available, but the trivial exploit complexity (single curl command with --path-as-is flag) and default-vulnerable configuration present significant risk to exposed instances.
Heap overflow in Linux kernel NFSv4.0 LOCK replay cache allows unauthenticated remote attackers to corrupt kernel memory by triggering a denial-of-service or potential code execution. The vulnerability exists in nfsd4_encode_operation() which copies encoded LOCK responses up to 1024 bytes into a fixed 112-byte inline buffer without bounds checking, resulting in up to 944 bytes of slab-out-of-bounds writes. Exploitation requires two cooperating NFSv4.0 clients but no special privileges; upstream fixes are available across multiple stable kernel branches.
NULL dereference and use-after-free in the Linux kernel's SMC (Shared Memory Communications) socket implementation occur when smc_tcp_syn_recv_sock() races with socket close operations, allowing a local attacker to trigger a kernel panic via concurrent manipulation of TCP SYN handling and SMC listen socket closure. The vulnerability affects the Linux kernel across multiple versions via the net/smc subsystem and is addressed through RCU-protected access and refcount validation rather than lock-based serialization.
Use-after-free in Linux kernel ksmbd SMB server allows local or remote attackers to read freed memory and potentially achieve denial of service or code execution via compound SMB2 requests that reuse a tree connection after it has been disconnected and its associated share_conf structure freed. The vulnerability exists because smb2_get_ksmbd_tcon() bypasses state validation checks when reusing connections in compound requests, enabling subsequent commands to dereference already-freed share_conf pointers. No CVE severity metrics are available, but KASAN confirms memory corruption is triggered in smb2_write operations during tree disconnect sequences.
Use-after-free in Linux kernel's ksmbd SMB server allows remote attackers to crash the kernel or potentially execute code via malicious SMB2 DURABLE_REQ_V2 replay operations. The vulnerability occurs when parse_durable_handle_context() unconditionally reassigns file handle connection pointers during replay operations, causing stale pointer dereferences when the reassigned connection is subsequently freed. A KASAN report confirms the use-after-free in spin_lock operations during file descriptor closure, triggered during SMB2 connection handling in the ksmbd-io workqueue. No public exploit code or active exploitation has been confirmed at time of analysis.
Server-side request forgery in Azure Custom Locations Resource Provider enables authenticated attackers with low-level privileges to elevate access and exfiltrate sensitive data across scope boundaries via network-based SSRF exploitation. This vulnerability affects Microsoft Azure infrastructure with a CVSS score of 9.6 (Critical), featuring scope change that allows attackers to reach resources beyond the vulnerable component's security context. No public exploit code or active exploitation confirmed at time of analysis, though the low attack complexity and network vector indicate straightforward exploitability once authenticated access is obtained.
Stackfield Desktop App before version 1.10.2 for macOS and Windows allows arbitrary file writes to the filesystem through a path traversal vulnerability in its decryption functionality when processing the filePath property. A malicious export file can enable attackers to overwrite critical system or application files, potentially leading to code execution or application compromise without requiring user interaction beyond opening the malicious export.
Server-Side Request Forgery (SSRF) in Budibase's REST datasource connector (versions prior to 3.33.4) allows authenticated users with low privileges to bypass IP blacklist protections and access internal network resources. The vulnerability stems from a configuration flaw where the BLACKLIST_IPS environment variable is not set by default in official deployments, causing all blacklist checks to fail silently. With CVSS 9.6 (Critical) due to scope change and high confidentiality/integrity impact, this represents a significant risk for organizations using Budibase in cloud or containerized environments. No active exploitation confirmed (not in CISA KEV), but publicly available exploit code exists via the patch disclosure.
BookStack chapter export functionality allows unauthenticated remote attackers to bypass access controls via manipulation of the pages parameter in the chapterToMarkdown function, enabling improper access to restricted content. Affects BookStack versions up to 26.03; patch available in version 26.03.1. Publicly available exploit code exists and CVSS 5.5 reflects low confidentiality impact with no integrity or availability compromise.
Command injection in pymetasploit3 Python library (versions ≤1.0.6) allows unauthenticated remote attackers to execute arbitrary Metasploit console commands by injecting newline characters into module options like RHOSTS. With a critical CVSS 9.3 score and no public exploit identified at time of analysis, this vulnerability poses significant risk to environments using this library for automated penetration testing workflows. The flaw enables attackers to break command structure in console.run_module_with_output() calls, potentially manipulating Metasploit sessions and executing unintended security operations.
Authentication bypass in LiteLLM's JWT/OIDC implementation allows unauthenticated attackers to impersonate legitimate users via cache key collision. When JWT authentication is enabled (non-default configuration), the userinfo cache uses only the first 20 characters of the token as a key. Because JWT headers from the same signing algorithm produce identical prefixes, attackers can forge tokens that collide with cached legitimate sessions, inheriting victim identities and permissions. Fixed in v1.83.0. No public exploit identified at time of analysis, but the vulnerability is straightforward to exploit in affected configurations.
Stored cross-site scripting (XSS) in ci4-cms-erp/ci4ms profile management enables privilege escalation to full administrative compromise. Attackers inject malicious JavaScript payloads through unsanitized profile name fields, which execute persistently across multiple application interfaces including administrative user management pages and public-facing blog views. When administrators access affected pages, the stored payload executes in their browser context, enabling session hijacking and complete account takeover. Vendor patch available per GitHub security advisory. This represents a critical privilege escalation vector requiring immediate remediation in any deployment with multiple user roles.
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure Direct Object Reference (IDOR) vulnerability in Gardyn Cloud API allows unauthenticated remote attackers to access and modify arbitrary user profiles by manipulating ID parameters in API calls. CVSS:4.0 rates this 9.3 (Critical) with network-accessible attack vector requiring no privileges or user interaction, enabling unauthorized access to high-sensitivity user data and profile modification. CISA ICS-CERT issued advisory ICSA-26-055-03 for this IoT/smart garden system vulnerability. No public exploit identified at time of analysis, though the attack technique (parameter manipulation) is trivial to execute.
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauthenticated access to complete user account data in Gardyn Cloud API allows remote attackers to retrieve sensitive information for all registered users. The vulnerability stems from an unprotected endpoint exposing full account details without authentication checks (CVSS 9.2, AV:N/PR:N). CISA ICS-CERT has published an advisory, indicating exposure in operational technology/IoT contexts. No public exploit identified at time of analysis, though the vulnerability's simplicity (low attack complexity, no privileges required) makes exploitation straightforward once the endpoint is discovered.
Browser-based authentication session hijacking in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows remote unauthenticated attackers to intercept authentication sessions, potentially compromising confidentiality and integrity of database access. The vulnerability stems from insufficient authentication security controls (CWE-862) in browser-based authentication flows. Amazon has released patches for Windows, Linux, and macOS platforms. No active exploitation is confirmed via CISA KEV, though the CVSS score of 7.4 reflects high attack complexity requiring precise timing or conditions to exploit successfully.
Unauthenticated information disclosure in Azure MCP Server allows remote attackers to access sensitive data over the network without authentication. The vulnerability stems from missing authentication controls on critical functions (CWE-306), enabling attackers to bypass security boundaries and extract confidential information with minimal complexity. With CVSS 9.1 (Critical) and network-accessible attack vector requiring no privileges or user interaction, this represents a significant exposure for organizations running affected Azure MCP Server instances. No public exploit identified at time of analysis, though the straightforward authentication bypass nature increases likelihood of rapid weaponization.
Man-in-the-middle attacks can intercept authentication credentials in Amazon Athena ODBC driver versions prior to 2.1.0.0 when connecting to external identity providers due to improper certificate validation (CWE-295). This network-accessible vulnerability (CVSS 7.4) affects deployments using federated authentication with external IdPs, allowing attackers positioned on the network path to capture credentials during the authentication handshake. Amazon has released patched versions 2.1.0.0 across all platforms (Windows, Linux, macOS). No public exploit identified at time of analysis, though the attack complexity is rated high and requires network positioning.
Out-of-bounds read in Linux kernel netfilter nf_conntrack_h323 DecodeQ931() function allows remote attackers to trigger a kernel memory disclosure or denial of service by sending a specially crafted H.323 packet with zero-length UserUserIE field, causing integer underflow when a 16-bit length value is decremented without validation. No public exploit code identified at time of analysis, and CVSS severity not quantified in available data.
Cache key collisions in fast-jwt's custom cacheKeyBuilder implementations enable token confusion attacks, allowing remote attackers to impersonate users and escalate privileges without authentication. The vulnerability affects Node.js applications using fast-jwt with both caching enabled AND custom cache key builder functions that generate non-unique keys. No public exploit identified at time of analysis, though EPSS data unavailable and exploitation likelihood is high given the network-accessible attack vector (AV:N) and low complexity (AC:L). Applications using default caching behavior are NOT affected.
Remote code execution in Budibase versions prior to 3.33.4 allows unauthenticated attackers to execute arbitrary Bash commands with root privileges inside the application container by exploiting public webhook endpoints that trigger automation workflows. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78) and requires no authentication, though the CVSS complexity is rated high (AC:H). A vendor-released patch is available in version 3.33.4, with the fix publicly documented in GitHub pull request #18238 and commit f0c731b4.
Server-side request forgery (SSRF) in ZimaOS web interface allows unauthenticated remote attackers to access internal localhost services when the system is exposed via Cloudflare Tunnel. The vulnerable proxy endpoint (/v1/sys/proxy) enables attackers to bypass network segmentation and reach internal-only endpoints, potentially exposing sensitive local services. Affects ZimaOS versions prior to 1.5.3. EPSS data not available; no public exploit identified at time of analysis, though the attack vector is well-understood given the clear SSRF nature and specific endpoint disclosure.
Authentication bypass in JupyterHub OAuthenticator <17.4.0 allows authenticated attackers with unverified email addresses on Auth0 tenants to login with arbitrary usernames, enabling account takeover when email is configured as the username claim. The vulnerability requires low-complexity exploitation over the network with low privileges (CVSS 8.8, AV:N/AC:L/PR:L). No public exploit identified at time of analysis, though the vendor has released a security advisory with technical details. EPSS data not available, but the authentication bypass nature and account takeover potential make this a priority for organizations using JupyterHub with Auth0 OAuth integration.
Remote code execution in BizTalk360 before version 11.5 allows any authenticated user to upload a malicious DLL and trigger its execution on the server through an unprotected DLL-loading endpoint. The vulnerability stems from missing access controls on a method that loads and executes DLL files, enabling attackers with valid domain credentials to achieve arbitrary code execution without requiring elevated privileges.
Remote code execution in BentoML's containerization workflow allows attackers to execute arbitrary Python code on victim machines by distributing malicious bento archives containing SSTI payloads. When victims import a weaponized bento and run 'bentoml containerize', unsanitized Jinja2 template rendering executes attacker-controlled code directly on the host system - bypassing all Docker container isolation. The vulnerability stems from using an unsandboxed jinja2.Environment with the dangerous jinja2.ext.do extension to process user-provided dockerfile_template files. Authentication is not required (CVSS PR:N), though exploitation requires user interaction (UI:R) to import and containerize the malicious bento. No public exploit identified at time of analysis, though the GitHub advisory includes detailed proof-of-concept demonstrating host filesystem compromise.
Hardcoded storage credentials in Gardyn mobile application and device firmware grant unauthenticated remote attackers access to production cloud storage containers with excessive permissions. The CVSS v4.0 score of 8.8 reflects network-accessible attack vector with no complexity barriers, enabling high confidentiality impact and limited integrity/availability impact. CISA ICS-CERT disclosure indicates industrial/IoT context. No public exploit identified at time of analysis, though hardcoded credential vulnerabilities are trivial to exploit once discovered. EPSS data not available for this recent CVE.
Use-after-free in Electron framework allows memory corruption when handling fullscreen, pointer-lock, or keyboard-lock permission requests in apps with asynchronous `session.setPermissionRequestHandler()` callbacks. Affects npm package electron versions prior to 41.0.0-beta.8, 40.7.0, 39.8.0, and 38.8.6. Remote attackers can trigger memory corruption or crashes if the requesting frame navigates or window closes while the permission handler is pending. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available across all affected major version branches.
SQL injection in OpenSTAManager 2.10.1 and prior allows authenticated users to extract database contents including bcrypt password hashes, customer records, and financial data via unsanitized GET parameters across six vulnerable PHP modules. The righe parameter in confronta_righe.php files is directly concatenated into IN() clauses without parameterization. CVSS 8.8 (High) with network attack vector, low complexity, and low privilege requirement. Vendor-released patch available in version 2.10.2. Exploit reproduction demonstrated via EXTRACTVALUE-based error injection extracting MySQL version, database user, and admin credentials. Confirmed publicly available exploit code exists (GitHub advisory GHSA-mmm5-3g4x-qw39).
Use-after-free vulnerability in the Linux kernel's Bluetooth HIDP subsystem allows local attackers to trigger a kernel crash or potentially execute arbitrary code by failing to properly release L2CAP connection references when user callbacks are invoked. The flaw affects all Linux kernel versions in the CPE range and has been resolved through reference counting fixes in the L2CAP connection cleanup path; no public exploit code is currently identified, but the vulnerability requires local access to trigger via Bluetooth device manipulation.
Command line injection in Electron via undocumented commandLineSwitches webPreference enables sandbox escape and security control bypass when applications spread untrusted configuration objects into webPreferences. Attackers can inject arbitrary command-line switches to disable renderer process sandboxing or web security protections, achieving local code execution with elevated privileges. CVSS 7.8 (High) with attack complexity HIGH requiring user interaction. No public exploit identified at time of analysis, though technical disclosure is public via GitHub advisory.