DataHub frontend versions prior to 1.5.0.3 deserialize untrusted Java objects from the REDIRECT_URL HTTP cookie during OIDC callback flow without integrity protection, allowing authenticated attackers to read sensitive information. The vulnerability affects the GET /callback/oidc endpoint and requires a valid OIDC identity provider account to exploit. A vendor-released patch is available in version 1.5.0.3.
Unauthorized debug symbol exposure in GitLab CE/EE allows access to private debugging artifacts from projects the requester should not be able to reach, due to improper authorization controls (CWE-639: Authorization Bypass Through User-Controlled Key). Affected instances span all GitLab CE and EE deployments running versions from 16.7 up through the patched releases 18.9.7, 18.10.6, and 18.11.3 - a broad version window of roughly two years of releases. No public exploit has been identified at time of analysis, EPSS is 0.02% (5th percentile), and CISA SSVC rates exploitation status as none, collectively indicating low near-term exploitation probability despite the wide version exposure.
Insufficient policy enforcement in Google Chrome's Android payment implementation allows remote attackers to bypass access control restrictions through specially crafted HTML pages, affecting Chrome versions prior to 148.0.7778.168 on Android. The vulnerability requires user interaction (visiting a malicious page) but can be exploited remotely without authentication. EPSS exploitation probability is low (0.02%, 4th percentile), and a vendor-released patch is available. While tagged as an authentication bypass, the CVSS impact indicates only low integrity compromise with no confidentiality or availability impact.
Navigation restrictions can be bypassed in Google Chrome for Windows versions prior to 148.0.7778.168 when attackers craft malicious HTML pages that exploit insufficient sandbox policy enforcement in iframe elements. User interaction (opening/visiting the crafted page) is required for exploitation. Google released a patched version addressing this medium-severity flaw. With EPSS exploitation probability at 0.02% (4th percentile) and no KEV listing, this represents a moderate-priority issue primarily affecting organizations running outdated Chrome versions on Windows systems.
Authorization bypass in the My Calendar - Accessible Event Manager WordPress plugin (all versions through 3.7.9) allows authenticated attackers with custom-level access or higher to circumvent the moderation and approval workflow by directly manipulating the POST body. The plugin's server-side PHP code in my-calendar-event-editor.php accepted the client-supplied event_approved parameter and used it to override the server-calculated event status, despite UI-level restrictions ostensibly limiting low-privilege users to draft-only submissions. Exploitation enables unauthorized event publishing, cancellation, or marking events private - integrity impacts limited to the event management workflow. No public exploit identified at time of analysis; EPSS (0.02%, 4th percentile) and SSVC (exploitation: none) both indicate negligible current exploitation interest.
Payment bypass in LearnPress WordPress LMS Plugin (all versions ≤ 4.3.5) allows authenticated subscribers to enroll in any paid course at zero cost by manipulating a REST API parameter. The flaw stems from improper input handling in the add_to_cart() REST API endpoint where PHP's array_merge() permits attacker-supplied values to silently overwrite hardcoded order defaults - specifically the quantity field - causing the order total to resolve to $0 and bypassing all configured payment gateway enforcement. No public exploit code has been identified at time of analysis, and CISA KEV does not list this vulnerability; SSVC and EPSS both signal low current exploitation pressure, though the low-friction exploit path warrants prompt remediation on revenue-generating LMS deployments.
Private group member enumeration in GitLab CE/EE affects all versions from 15.1 through unfixed releases 18.9.6, 18.10.5, and 18.11.2, permitting any authenticated user holding project membership to discover the member list of an otherwise private group due to a missing authorization check (CWE-862). The flaw collapses GitLab's tiered permission boundary between project-level and group-level access, leaking organizational membership data to users who have no entitlement to view it. No public exploit has been identified at time of analysis, and an EPSS score of 0.01% (2nd percentile) reflects near-zero observed exploitation probability.
Improper access control in GitLab Enterprise Edition allows authenticated users holding only developer-role permissions to remove code owner approval rules from merge requests, effectively bypassing a critical gatekeeping control in the software development lifecycle. Affected are all GitLab EE versions from 11.10 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit or active exploitation has been identified at time of analysis; EPSS is 0.01% and CISA SSVC rates exploitation as none, indicating this is a low-urgency but organizationally meaningful integrity issue for teams relying on code owner rules for compliance or security enforcement.
Package protection rule bypass in GitLab CE/EE allows authenticated users holding developer-role permissions to circumvent registry protections that should restrict their write or publish actions. Affecting all GitLab Community and Enterprise Edition instances running versions 18.3 through 18.9.6, 18.10 through 18.10.5, and 18.11 through 18.11.2, an attacker with a legitimately provisioned developer account can undermine the integrity controls placed on protected packages. No public exploit code exists and no active exploitation has been identified at time of analysis; the EPSS score of 0.01% (1st percentile) and SSVC exploitation rating of 'none' confirm this is a low-urgency finding.
Authenticated developers in GitLab CE/EE versions before 18.9.7, 18.10.6, and 18.11.3 can bypass PyPI package protection rules and upload restricted packages due to improper authorization checks. Despite CVSS 4.3 rating, the 0.01% EPSS score and CISA SSVC assessment (exploitation: none, automatable: no, technical impact: partial) indicate minimal real-world exploitation risk, with no confirmed active exploitation or public exploits identified at time of analysis.
Authenticated developers in GitLab CE/EE can bypass container registry tag protection policies and delete protected tags due to improper server-side authorization checks (CWE-639), affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The vulnerability was privately disclosed via HackerOne (report 3480620) and remediated in the May 2026 patch release cycle. No public exploit identified at time of analysis, and an EPSS of 0.01% (1st percentile) combined with SSVC exploitation status of 'none' indicate minimal current real-world exploitation risk.
Unauthorized issue disclosure in GitLab CE/EE exposes confidential project data to authenticated Guest-level users who lack explicit project membership. By exploiting an object-level authorization flaw (CWE-639), a Guest user can retrieve issues belonging to projects they have no sanctioned access to, bypassing GitLab's project-level visibility controls. No public exploit exists and EPSS sits at 0.01%, but the broad version range - spanning GitLab 15.1 all the way through 18.11.2 - means a large install base requires patching, and the confidentiality risk is real for organizations using issues to track sensitive engineering or security work.
Open redirect vulnerability in ntopng allows remote attackers to redirect users to arbitrary external websites via a crafted URL parameter. The vulnerability requires user interaction (clicking a malicious link) but affects all versions of ntopng with no authentication barrier, exposing users to phishing and credential harvesting attacks when they trust the legitimacy of the ntopng domain.
HCL AION transmits backend service details over unencrypted HTTP channels under certain conditions, allowing authenticated local or adjacent-network attackers with limited privileges to intercept and read sensitive configuration data through man-in-the-middle attacks. The vulnerability requires user interaction and non-default network positioning, resulting in a CVSS score of 4.3 (low severity) with confirmed vendor awareness and advisory availability.
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Integer division by zero in GStreamer gst-plugins-good before version 1.28.2 allows local attackers to cause denial of service by supplying a maliciously crafted MP4 file with invalid atom data in audio tracks, triggering a crash in the qtdemux_audio_caps parser function without requiring user interaction or elevated privileges.
Integer division by zero in GStreamer gst-plugins-good before version 1.28.2 allows local attackers to cause denial of service by crafting malicious MP4 audio files. The isomp4 plugin's qtdemux_parse_trak function fails to validate atom data before performing division operations, causing application crash when parsing specially crafted audio tracks. No authentication required; exploitation requires only local file access and media playback.
Nuvoton NPCT7xx TPM firmware is vulnerable to physical side-channel attacks enabling extraction of Elliptic Curve Diffie-Hellman (ECDH) keys through electromagnetic or timing analysis when an attacker has direct physical access to the TPM device. The vulnerability affects confidentiality of cryptographic material but does not enable code execution or availability attacks. No active exploitation has been publicly reported, and the attack requires specialized knowledge and physical proximity to the target system.
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION REFRESH PUBLICATION allows authenticated local or network users with table creation privileges to execute arbitrary SQL queries with the publication subscriber's credentials. The attack is deferred until the next REFRESH PUBLICATION command is executed, requiring user interaction or scheduled maintenance. PostgreSQL 16.x, 17.x, and 18.x versions prior to 16.14, 17.10, and 18.4 respectively are vulnerable; earlier versions are unaffected. No public exploit code or active exploitation has been identified.
Improper ownership validation in MCP Registry prior to version 1.7.9 allows authenticated publishers to bind io.github.<user>/* namespaces to OCI images they do not control when the upstream OCI registry returns HTTP 429 rate-limit responses. The vulnerability bypasses the label-match ownership proof check, enabling namespace hijacking for users who publish through OCI-based MCP servers. Patch available in version 1.7.9.
Open WebUI versions up to 0.9.2 allow users with read-only access to shared notes to toggle the pin status via the POST /api/v1/notes/{id}/pin endpoint, which incorrectly checks for read permission instead of write permission. This privilege escalation enables read-only users to perform a write operation (toggling is_pinned state) that should be restricted to users with explicit write access. The vulnerability is limited to the pin operation and does not permit modification of note content, title, or access grants. Publicly available proof-of-concept demonstrates the bypass across all shared notes with read access.
Server-Side Request Forgery (SSRF) in GitLab Enterprise Edition's virtual registry upstream feature allows an authenticated low-privileged user who controls a virtual registry upstream to direct the GitLab server to issue HTTP requests against internal hosts that would otherwise be inaccessible from the network perimeter. Affected versions span GitLab EE 18.8 through 18.11 across three patch trains. No public exploit exists and no active exploitation has been identified at time of analysis; EPSS probability stands at 0.01%, consistent with the narrow preconditions required.
Out-of-bounds memory write in Google Chrome's Skia graphics library (versions prior to 148.0.7778.168) enables attackers with an already-compromised renderer process to escalate privileges via malicious print files. This represents a sandbox escape vulnerability requiring high attack complexity and user interaction (printing or opening a crafted print file). While CVSS rates this 3.1 (Low), the real-world risk depends on the attacker already having achieved renderer compromise — making this a second-stage attack vector. No active exploitation confirmed (EPSS 0.05%, not in CISA KEV), but vendor patch available as of Chrome 148.0.7778.168.
dbt-mcp DefaultUsageTracker transmits unredacted MCP tool arguments-including raw SQL queries and credential-bearing --vars JSON-to dbt Labs telemetry by default without user opt-in. Affects dbt-mcp ≤1.17.0; tracking is enabled unless users explicitly set DBT_SEND_ANONYMOUS_USAGE_STATS=false or DO_NOT_TRACK=1 before installation, creating silent exfiltration of potentially sensitive database schema, credentials, and personally identifiable information. The vulnerability has been verified by proof-of-concept source code analysis and execution against dbt-mcp v1.15.1.
Google Chrome on Linux versions prior to 148.0.7778.168 suffers from an out-of-bounds read vulnerability in GPU processing that enables cross-origin data leakage. An attacker who has already compromised the renderer process can craft malicious HTML to read sensitive memory beyond allocated bounds, exposing data from other origins that should be isolated by the browser's same-origin policy. EPSS exploitation probability is very low (0.03%, 10th percentile) and no active exploitation or public POC has been identified. Google rates this Medium severity and released patch 148.0.7778.168 to address the issue.
Cross-origin data leakage in Google Chrome on Android allows compromised renderer processes to access sensitive information from other sites via malicious HTML pages. Affects Chrome versions prior to 148.0.7778.168 on Android platforms. Attack requires high complexity (user interaction with crafted content) and prior renderer compromise, limiting practical exploitation. EPSS score of 0.03% (10th percentile) and SSVC assessment indicating no active exploitation align with the limited real-world risk profile despite the cross-origin information disclosure capability.
Cross-origin data leakage in Google Chrome on Windows via ANGLE graphics library allows renderer-compromised attackers to steal sensitive data from other origins through specially crafted web pages. Affects Chrome versions prior to 148.0.7778.168 on Windows platforms. EPSS probability of 0.03% (10th percentile) indicates low observed exploitation likelihood, with CISA SSVC confirming no active exploitation and non-automatable attack chain. Vendor patch released in Chrome 148.0.7778.168 stable channel update. Attack requires successful renderer process compromise as prerequisite, combined with user interaction, creating a chained exploitation scenario rather than standalone vulnerability.
Out-of-bounds memory write in Google Chrome's ANGLE graphics library (Windows only) enables attackers who have already compromised the renderer process to corrupt memory via specially crafted HTML pages. Chrome 148.0.7778.168 patches this type confusion vulnerability. Despite high Chromium severity rating, CVSS 3.1 scores only 3.1 due to prerequisite renderer compromise, high attack complexity, and required user interaction. EPSS 0.03% (10th percentile) and SSVC indicating no known exploitation suggest limited real-world risk at time of analysis.
Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 occurs when an attacker who has already compromised the renderer process exploits an object corruption flaw in the Compositing component. The vulnerability requires user interaction with a malicious HTML page and high attack complexity to leak sensitive cross-origin data. Google has released a patch in Chrome 148.0.7778.168, and with EPSS at 0.03% (10th percentile) and no evidence of active exploitation (SSVC: none), this represents a medium-priority targeted threat rather than widespread exploitation risk.
CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Site Isolation bypass in Google Chrome on macOS allows attackers who have already compromised the renderer process to leak limited cross-origin data via malicious HTML in ReadingMode. Affects Chrome versions prior to 148.0.7778.168 on Mac only. EPSS score of 0.02% (6th percentile) indicates very low predicted exploitation probability. No active exploitation detected (not in CISA KEV), no public POC identified. CVSS 3.1 assigns Low severity despite High vendor severity rating due to requiring both renderer compromise and user interaction, with impact limited to confidentiality only.
Site Isolation bypass in Google Chrome prior to 148.0.7778.168 allows remote attackers who have already compromised the renderer process to access cross-site data via crafted HTML pages. The vulnerability affects Chrome's AI policy enforcement, enabling a second-stage attack after initial renderer compromise. Attack complexity is high, requiring both initial renderer compromise and user interaction. EPSS score of 0.02% indicates very low exploitation probability, and no active exploitation or public POC has been identified. Vendor patch is available in Chrome 148.0.7778.168.
HCL AION uses basic authorization tokens for authentication, exposing credentials to interception or misuse if not transmitted over encrypted channels. The vulnerability affects authenticated local or adjacent network attackers with low privileges and user interaction, resulting in limited confidentiality impact. CVSS 3.0 reflects low severity, though the underlying authentication weakness may enable credential theft in environments with unencrypted internal traffic.
GitLab Enterprise Edition's instance-level approval rule editing prevention control can be bypassed by authenticated Maintainer-level users due to missing server-side authorization checks (CWE-862). Affected are all GitLab EE versions from 16.10 through before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. An attacker holding Maintainer permissions can modify or delete project approval rules even when an administrator has explicitly enabled the instance-level restriction designed to prevent such changes, undermining the integrity of merge request approval workflows. No public exploit identified at time of analysis, and EPSS is at the 1st percentile, indicating negligible opportunistic exploitation risk.
Merge request approval bypass in GitLab Enterprise Edition allows authenticated users to circumvent policy-enforced approval gates due to improper cleanup of orphaned approval policy records. Affected are all GitLab EE deployments running versions from 15.7 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit exists and no active exploitation has been confirmed; however, the integrity impact carries meaningful governance risk in regulated environments where merge approval policies serve as a compliance or change-management control.
HCL AION exposes sensitive information through URL parameters, allowing disclosure via browser history, server logs, and intermediary systems. The vulnerability requires adjacent network access, high interaction complexity, and authenticated user involvement, resulting in limited confidentiality impact with a CVSS score of 2.6. No active exploitation has been confirmed.
HCL AION stores sensitive information in browser auto-complete caches for certain input fields, potentially exposing credentials or other sensitive data to local attackers or through browser history under specific conditions. The vulnerability requires adjacent network access, high interaction complexity, and local user privilege, limiting real-world exploitation scope but posing risk in shared or compromised workstations.
libsixel versions prior to 1.8.7-r2 crash on memory allocation failure in sixel_decode_raw and sixel_decode functions due to incorrect NULL pointer validation, allowing local attackers to trigger denial of service under low-memory conditions. The vulnerability affects any application using libsixel's public decoding APIs when system memory pressure causes malloc to fail.
dbt MCP Server logs complete tool arguments including SQL queries and database credentials in plaintext to disk when file logging is enabled. Versions up to 1.17.0 write unredacted arguments from every tool invocation to dbt-mcp.log, with sensitive data such as raw SQL queries, credential-bearing vars payloads, and node selectors persisting indefinitely without automatic rotation. A local attacker with read access to the log file can extract credentials and SQL logic. Publicly available proof-of-concept demonstrates credential and PII extraction from log files.
Double-free vulnerability in PoDoFo 1.0.0 through 1.0.3 allows local attackers with user interaction to trigger heap corruption via failed digest operations in PDF signing routines, potentially causing denial of service. The vulnerability exists in compute_hash_to_sign() where EVP_DigestFinal failure causes buf to be freed twice, corrupting heap metadata. CVSS score is 2.5 (low severity) but exploitation requires local access and user interaction. Patched in version 1.0.4.
Blind Server-Side Request Forgery in Nextcloud News prior to 28.3.0-beta.1 allows low-privileged authenticated users to weaponize the feed URL submission feature - available via both the web interface and API - to coerce the Nextcloud server into making outbound HTTP requests to attacker-specified internal or private IP ranges, including localhost. Response content is never relayed back to the attacker, constraining this to a reconnaissance primitive rather than a data-exfiltration channel. No public exploit has been identified at time of analysis, EPSS sits at 0.04% (12th percentile), and CISA has not listed this in KEV, collectively indicating a low-probability real-world exploitation scenario.
HCL AION fails to configure security-related HTTP response headers, potentially reducing browser-based protections against cross-site scripting and other client-side attacks. The vulnerability requires adjacent network access, high interaction complexity, low privilege authentication, and user interaction to achieve limited confidentiality impact. CVSS score of 2.3 reflects minimal real-world risk under current attack conditions.