Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation.
Arbitrary file read in the Frappe full-stack web application framework allows remote unauthenticated attackers to retrieve files outside intended directories via path traversal sequences in affected versions prior to 15.105.0 and 16.15.0. The CVSS 4.0 base score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Successful exploitation discloses sensitive server-side files such as configuration secrets, site keys, or credentials used by downstream ERPNext deployments.
Local File Inclusion in the Advanced Database Cleaner - Premium WordPress plugin (versions up to and including 4.1.0) allows Subscriber-level authenticated users to include and execute arbitrary .php files via the 'template' parameter. The flaw, reported by Wordfence, carries a CVSS score of 8.8 and can be escalated to full remote code execution when combined with a file upload primitive, while no public exploit identified at time of analysis.
Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis.
Privilege escalation in the BeycanPress Account Switcher WordPress plugin (versions up to and including 1.0.2) allows authenticated Subscriber-level users to hijack any account, including Administrator, by abusing a loose PHP comparison in the rememberLogin REST endpoint. No public exploit is identified at the time of analysis, but the issue is trivially reproducible from the disclosed root cause and the plugin source on WordPress.org is publicly indexable.
Authenticated privilege escalation in the AcyMailing WordPress plugin (versions up to and including 10.8.2) allows users with subscriber-level access or higher to modify privileged plugin configuration and export subscriber secret keys. By chaining these missing authorization flaws with knowledge of an administrator's email address, attackers can achieve full administrator account takeover. No public exploit identified at time of analysis, but Wordfence - the reporting party - typically tracks WordPress plugin abuse closely.
Privilege escalation in the Read More & Accordion WordPress plugin (versions up to and including 3.5.7) allows authenticated low-privileged users granted import rights through the plugin's role settings to write arbitrary rows into the wp_users and wp_usermeta tables, effectively creating a new administrator account. The flaw stems from the RadMoreAjax::importData function failing to restrict target database tables and to validate imported data. No public exploit identified at time of analysis, though the vulnerability was disclosed by Wordfence threat intelligence researchers.
Remote code execution in Google Chrome versions prior to 148.0.7778.179 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw requires user interaction (visiting a malicious page) but no authentication, and while Chromium rates its security severity as Medium, the CVSS 3.1 base score of 8.8 reflects high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome on Windows prior to 148.0.7778.179 stems from a use-after-free flaw in the XR (WebXR) component, enabling a remote attacker to run arbitrary code in the renderer process by enticing a user to visit a crafted HTML page. Chromium rates the issue High severity and CVSS scores it 8.8; no public exploit identified at time of analysis and SSVC reports exploitation status as none. A vendor patch is available via the Stable Channel update referenced in the Chrome Releases advisory.
Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free condition in the QUIC networking stack, allowing remote attackers to execute arbitrary code within the browser sandbox via malicious network traffic. Exploitation requires user interaction (visiting a malicious site or processing attacker-controlled QUIC traffic), and no public exploit has been identified at time of analysis. Chromium rates this as High severity, and a vendor patch is available.
Remote code execution in Google Chrome on Windows prior to version 148.0.7778.179 stems from a use-after-free condition in the GPU component, enabling a remote attacker to run arbitrary code within the renderer sandbox after the victim loads a crafted HTML page. Google has rated the issue High severity and shipped a fix; no public exploit identified at time of analysis and SSVC indicates exploitation status 'none' despite total technical impact.
Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Chromium rates the severity as High and the CVSS 3.1 score is 8.8, but exploitation requires user interaction (UI:R); no public exploit identified at time of analysis.
Heap corruption in Google Chrome's GPU component prior to version 148.0.7778.179 allows remote attackers to exploit an out-of-bounds read via a crafted HTML page, potentially leading to arbitrary code execution or information disclosure within the renderer context. The flaw carries a CVSS 8.8 (High) rating due to network reachability and high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious page). There is no public exploit identified at time of analysis, and CISA SSVC marks exploitation status as 'none', suggesting opportunistic rather than active targeting.
Remote code execution in Google Chrome on Linux before 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, allowing a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code in the renderer process. Chromium rates the severity as Critical and a vendor patch is available, though there is no public exploit identified at time of analysis and SSVC indicates no observed exploitation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with required user interaction (visiting a page).
Heap buffer overflow in the WebRTC component of Google Chrome before 148.0.7778.179 allows remote attackers to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw was reported by Chrome's internal security team, has a patched stable channel build available, and carries a CVSS 8.8 score with no public exploit identified at time of analysis. SSVC currently rates exploitation as 'none' but technical impact as 'total', reflecting full compromise of the affected process if triggered.
Cross-Site Request Forgery in InfoScale 9.1.3 Operations Manager (VIOM) web application allows remote attackers on the adjacent network to coerce an authenticated user with an active session into clicking a malicious link that triggers unintended state-changing actions in VIOM. No public exploit identified at time of analysis, but the CVSS 8.8 score reflects high impact on confidentiality, integrity, and availability if a privileged VIOM operator is targeted.
Privilege escalation in Veritas InfoScale CmdServer prior to version 7.4.2 allows authenticated remote attackers to bypass access control restrictions and achieve full compromise of confidentiality, integrity, and availability on the targeted host. The flaw is tagged as an authentication bypass by intelligence sources and carries a CVSS 8.8 (High) rating; no public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Sandbox bypass in Twig template engine versions 2.16.x and 3.9.0 through 3.25.x allows attackers with template rendering capabilities to execute arbitrary PHP code when the sandbox is enabled via a SourcePolicyInterface rather than globally. The runtime check on sort, filter, map, and reduce filters fails to propagate the current template source, allowing arbitrary PHP callables to be passed and executed. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the RCE/PHP tagging and CVSS 4.0 score of 8.7 indicate high impact for applications offering user-editable templates.
SQL injection in TONNET's E-LAN Hybrid Recording System allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate database contents over the network. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, and no public exploit identified at time of analysis. The flaw is reported through TWCERT and affects TONNET's TPR7308 product line per CPE data.
Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an attacker controlling a DNSSEC-signed domain to crash the resolver process with a single crafted query. The DNSSEC validator uses an incorrect counter when computing write offsets for ADDITIONAL section rrsets while building chase-reply messages, leaving an uninitialized pointer that is later dereferenced. No public exploit identified at time of analysis, and the issue is fixed in Unbound 1.25.1.
Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.
Authentication bypass in Trilium Notes Desktop (Electron build) versions 0.102.1 and earlier allows remote unauthenticated attackers on the same network to access the Clipper API and read or manipulate notes without any credentials. The Electron runtime detection explicitly disables auth middleware on endpoints like /api/clipper/notes and the handshake endpoint, which fingerprints the application - no public exploit identified at time of analysis, but the vendor advisory GHSA-jcvx-vc83-cppw confirms the issue and the fix shipped in 0.102.2.
Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118.
Privilege escalation via chroot bypass in PluginScript allows local users to execute host binaries such as /bin/bash with root privileges when the repoManagerRoot is set to '/' (a common default or result of --root). Because chroot to the system root is a no-op, path traversal within the plugin escapes intended isolation. No public exploit identified at time of analysis, but the issue was reported by a SUSE researcher and is tracked in SUSE Bugzilla.
Stored cross-site scripting in the Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets authenticated low-privilege users plant persistent JavaScript in the device's web configuration interface by splitting payloads across multiple admin form fields. The injected script executes in any administrator session that views dashboard pages such as index.zhtml, enabling session hijack or privilege escalation within the appliance. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Insecure Direct Object Reference in MISP 2.5.0 through 2.5.37 allows authenticated users with shadow attribute submission privileges to overwrite arbitrary existing ShadowAttribute records by supplying a target id within the add proposal request. The framework's ORM interprets a client-supplied primary key as an update directive, breaking the boundary between proposal creation and modification. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary file read in amazon-mq rabbitmq-aws before 0.2.1 allows authenticated remote users to read any file accessible to the RabbitMQ process by submitting a crafted arn:aws-debug:file scheme to the PUT /api/aws/arn/validate validation endpoint. The flaw stems from leftover debug code in the ARN resolver and was reported by AWS itself; no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.
Unauthenticated denial-of-service in phenixdigital phoenix_storybook (0.2.0 through versions before 1.1.0) lets a remote attacker crash the entire BEAM virtual machine by exhausting its atom table. Multiple LiveView event handlers in ExtraAssignsHelpers feed user-controlled strings into String.to_atom/1, and because BEAM atoms are never garbage-collected, ~1,048,576 unique attacker-supplied keys/values permanently consume the atom table and abort every application running on that node. No public exploit identified at time of analysis, but the upstream fix is in commit 96d5246 and version 1.1.0.
Out-of-bounds write in NVIDIA TensorRT allows remote attackers to corrupt memory and tamper with data processed by the inference engine, per NVIDIA's own advisory (KB 5836). The CVSS 8.2 score reflects high integrity impact with no privileges or user interaction required, though confidentiality is unaffected. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation via broken access control in Talend Administration Center allows a low-privileged user holding only 'View' permission to modify the Talend Studio update URL, redirecting downstream Studio clients to attacker-controlled update endpoints. The flaw has a CVSS 8.2 rating reflecting changed scope and high confidentiality/integrity impact, and no public exploit identified at time of analysis. A vendor patch is available per the Qlik/Talend support advisory.
Timing side-channel in memcached versions prior to 1.6.42 allows remote attackers to recover SASL authentication credentials by measuring response times during password comparison. The flaw stems from the use of the non-constant-time memcmp() function within sasl_server_userdb_checkpass, enabling byte-by-byte inference of stored passwords. No public exploit identified at time of analysis, but the upstream fix has been published.
Observable timing discrepancy in memcached prior to version 1.6.42 enables remote attackers to enumerate valid SASL authentication usernames by measuring response time differences. The vulnerable sasl_server_userdb_checkpass function exits its credential-file loop early upon matching a valid username, producing measurable timing variance between known and unknown accounts. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Microsoft Defender (Microsoft Malware Protection Engine) enables unauthenticated network-based attackers to corrupt heap memory and run arbitrary code on hosts running the vulnerable scanning engine. The flaw scores CVSS 8.1 with high attack complexity, affects systems by default since Defender is shipped with Windows, and at time of analysis has no public exploit identified, though Microsoft has released a vendor patch via MSRC.
Identity linking bypass in Red Hat build of Keycloak allows an attacker controlling a second account on the same upstream Identity Provider to hijack a victim's local account through the cross-session account-linking flow. The cross-session verification proof is keyed only by the tuple of local userId and idpAlias without binding to the specific upstream identity that was actually verified, so the proof can be replayed against a different upstream account on the same IdP. EPSS is currently 0.03% (8th percentile) and no public exploit identified at time of analysis, but technical impact is rated total by CISA SSVC.
Host impersonation and machine-in-the-middle attacks against NVIDIA DGX OS systems are possible because the factory provisioning process clones a base image that ships identical SSH host keys onto every similarly provisioned system, primarily affecting DGX Spark deployments. With a CVSS of 8.1 and a CWE-321 (Use of Hard-Coded Cryptographic Key) root cause, an unauthenticated network attacker who possesses the shared key material from any one device can impersonate peers, potentially leading to code execution, data tampering, privilege escalation, information disclosure, or denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Integer overflow in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory corruption that may result in code execution, data tampering, or denial of service. The flaw requires low-level privileges plus user interaction (CVSS 8.0, AV:N/AC:L/PR:L/UI:R) and affects deployments exposing the DALI inference pipeline. No public exploit identified at time of analysis.
Out-of-bounds read in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory disclosure that may escalate to code execution, data tampering, or denial of service. The flaw carries a CVSS 8.0 (High) rating reflecting low-privilege network access with required user interaction, and no public exploit identified at time of analysis. NVIDIA has published a security bulletin addressing the issue.
Cross-site request forgery in Sitemio Information Technologies' WISECP product through version 20022026 allows attackers to trick authenticated users into performing unintended state-changing actions by visiting a malicious page. Successful exploitation carries high impact across confidentiality, integrity, and availability (CVSS 8.0), though it requires user interaction and the victim to hold valid low-privilege credentials. No public exploit identified at time of analysis, and the vendor did not respond to disclosure outreach by TR-CERT.
Arbitrary code execution in NVIDIA BioNemo Framework on Linux allows a local attacker to abuse unsafe deserialization of untrusted data (CWE-502), leading to code execution, denial of service, information disclosure, and data tampering. The CVSS 7.8 vector indicates local attack vector with required user interaction, and no public exploit has been identified at time of analysis.
Local privilege escalation in Microsoft's Windows Admin Center (Azure Portal edition) allows an authenticated low-privileged attacker to gain higher privileges by abusing symbolic link resolution before file access. The flaw, reported by Microsoft itself, carries a CVSS 7.8 with no public exploit identified at time of analysis, and a vendor patch is available via the Microsoft Security Response Center advisory.
Heap-based buffer overflow in MediaArea MediaInfoLib's Channel Splitting parser allows attackers to corrupt heap memory and potentially execute arbitrary code when a victim opens a maliciously crafted media file. The CVSS 7.8 vector (AV:L/UI:R) indicates local attack with required user interaction, and no public exploit identified at time of analysis. The flaw was reported by Cisco Talos and disclosed in TALOS-2026-2374.
Privilege escalation in Mesalvo Meona Client Launcher and Server components allows a low-privileged authenticated user to gain access to the administrative panel due to improper access control enforcement. The flaw affects Meona Client Launcher Component through build 19.06.2020 15:11:49 and Meona Server Component through 2025.04 5+323020, and is tagged as an Authentication Bypass with no public exploit identified at time of analysis. The high CVSS score of 7.8 reflects full confidentiality, integrity, and availability impact once a normal user account is leveraged to escalate privileges.
Local privilege escalation in haveged (HArdware Volatile Entropy Gathering and Expansion Daemon) allows authenticated low-privileged users to escalate to root via the daemon's command socket, which is affected by missing authentication for a critical function (CWE-305). The flaw was disclosed on the oss-security mailing list on 2026-05-20 by Jiri Hladky, with vendor patches available from SUSE and tracking in Debian (bug#1137096); no public exploit identified at time of analysis.
Reflected cross-site scripting in Beyaz Computer Software's CityPLus application (versions before V24.29750.1.0) allows remote attackers to inject malicious script into web responses that execute in a victim's browser after the victim clicks a crafted link. The CVSS 7.6 score is elevated by a High Availability impact, suggesting the XSS payload can crash or render the application unusable beyond typical session-theft outcomes. No public exploit identified at time of analysis and the issue was reported by TR-CERT (Turkey's national CERT).
Blind SQL injection in YITH WooCommerce Product Add-Ons (WordPress plugin) through version 4.29.0 allows high-privileged authenticated users to inject malicious SQL into database queries, leading to confidentiality compromise and limited availability impact across a changed security scope. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.6; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Unauthenticated SQL injection in the Creative Mail - Easier WordPress & WooCommerce Email Marketing plugin (versions up to and including 1.6.9) allows remote attackers to append arbitrary SQL clauses through the 'checkout_uuid' parameter handled by the has_checkout_consent() method. The flaw stems from missing escaping and the absence of a prepared statement, enabling extraction of sensitive database contents from any WordPress site running the vulnerable plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthenticated SQL injection in the PixelYourSite Boost plugin for WordPress (versions up to and including 2.0.3) allows remote attackers to extract sensitive database contents via time-based blind SQLi in the 'current_url' and 'user_name' parameters. Wordfence reported the issue with a CVSS 7.5 (confidentiality-only impact); no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Unsafe deserialization in NVIDIA TensorRT-LLM's RPC testing component allows a local high-privileged attacker to trigger code execution, denial of service, data tampering, or information disclosure across a changed scope. The flaw is rated CVSS 7.5 despite local-only access and high attack complexity because successful exploitation crosses a security boundary (S:C) and yields full CIA impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unsafe deserialization in NVIDIA TensorRT-LLM's MPI server component allows a high-privileged local attacker to achieve code execution, denial of service, data tampering, or information disclosure on systems running the affected library. The CVSS 7.5 score reflects high impact but constrained exploitability (AV:L/AC:H/PR:H), and no public exploit identified at time of analysis. Scope change (S:C) indicates compromise can extend beyond the vulnerable component to impact other resources on the host.