File descriptor exhaustion in go.opentelemetry.io/otel/schema v1.0 and v1.1 enables denial of service against long-running Go processes. The ParseFile function in schema/v1.0/parser.go opens schema files via os.Open but never closes them - neither via defer nor by transferring ownership to the downstream Parse(io.Reader) call - leaving descriptors open until the Go garbage collector finalizes the file object. Publicly available exploit code exists demonstrating that repeated ParseFile calls accumulate leaked descriptors until the process receives EMFILE ('too many open files'), disrupting all subsequent file, socket, and descriptor operations. Exploitation is contingent on an application exposing ParseFile invocation to attacker-controlled or attacker-triggered paths.
Namespace hijacking in Capsule (Kubernetes multi-tenancy operator) prior to v0.13.0 allows an authenticated tenant administrator to reassign any namespace to their own tenant by patching it through the namespace/status or namespace/finalize subresource APIs, which bypass Capsule's ValidatingWebhookConfiguration enforcement entirely. The webhook intercepts direct namespace modifications but omits these subresource paths, leaving a gap that an attacker with explicitly delegated RBAC permissions can exploit with a single PATCH request. A complete, working proof-of-concept is publicly available in the GitHub Security Advisory GHSA-2ww6-hf35-mfjm; no CISA KEV listing was identified, indicating no confirmed widespread active exploitation at time of analysis.
Unconstrained outbound JWKS requests in PyJWT's PyJWKClient.get_signing_key() allow unauthenticated remote attackers to amplify HTTP traffic toward a downstream JWKS endpoint by submitting JWTs carrying arbitrary, unrecognized kid values. All PyJWT versions prior to 2.13.0 are affected when the PyJWKClient class is used for signature verification. The availability impact is low (CVSS A:L) and exploitation success is gated on the upstream JWKS provider exhibiting rate limiting or transient failures; no public exploit code exists and this CVE does not appear in CISA KEV.
Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) improperly validate the size of the name field in AppArmor notification responses, allowing a local low-privileged user to trigger handling of crafted responses with potential limited integrity impact. The vulnerability carries a CVSS score of 3.3 (Low) with a local attack vector, restricted to integrity effects only and no confidentiality or availability consequences. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV.
NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local user to trigger a kernel oops, resulting in a denial of service. The flaw resides specifically in Ubuntu's out-of-tree SAUCE patches for AF_INET/AF_INET6 socket mediation - mainline Linux kernel builds are unaffected. No active exploitation is confirmed (not in CISA KEV), no public exploit has been identified at time of analysis, and the CVSS score of 3.3 (Low) accurately reflects the constrained impact: local access only, no confidentiality or integrity loss, and limited availability degradation.
NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash the kernel via the AppArmor notification handling path. The flaw exists exclusively in Ubuntu-specific SAUCE patches layered on top of the upstream Linux kernel, meaning only Ubuntu kernels carrying these versions are affected - not upstream Linux or other distributions. No public exploit code or active exploitation has been identified at time of analysis; the impact is limited to a kernel oops (availability loss, CVSS A:L), with no confidentiality or integrity impact.
Uninitialized variable use in Ubuntu Linux 6.8's AppArmor AF_INET/AF_INET6 socket mediation code allows an authenticated local user to cause incorrect enforcement of fine-grained network socket access controls. The flaw resides in Ubuntu-specific SAUCE patches layered on top of the mainline Linux 6.8 kernel, meaning it is not present in upstream distributions. No public exploit code or active exploitation has been identified at time of analysis; Canonical has issued a fix via the Ubuntu Noble kernel repository.
Incorrect caching of AppArmor notification responses in Ubuntu Linux kernel versions 6.8, 7.17, and 7.0 stems from an uninitialized variable (CWE-457) in Ubuntu-specific AppArmor SAUCE patch code. An unprivileged local user can trigger this bug to corrupt the AppArmor notification response cache, producing a low-severity integrity impact. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; the CVSS score of 3.3 (Low) reflects its constrained local-only, limited-impact nature.
Cross-origin data leak in Google Chrome's Skia graphics engine affects all versions prior to 148.0.7778.216, exploitable only after an attacker has already achieved renderer process compromise via a separate vulnerability. The flaw (CWE-200) allows the compromised renderer to exfiltrate cross-origin data by processing a crafted HTML page, with impact limited to partial confidentiality loss. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) and absence of CISA KEV listing confirm low widespread exploitation probability, though the renderer-compromise prerequisite implies real-world use would appear in chained exploit scenarios.
Cross-origin data leakage in Google Chrome's Media component on Windows (versions prior to 148.0.7778.216) permits exfiltration of sensitive origin-isolated content, but only as a second-stage primitive requiring prior renderer process compromise. The confidentiality impact is constrained (CVSS 3.1/Low, CWE-200), with no integrity or availability consequences. No public exploit code exists and the EPSS score of 0.03% (11th percentile) reflects negligible real-world exploitation probability at time of analysis.
Uninitialized use (CWE-457) in ANGLE, Chrome's graphics abstraction layer, exposes cross-origin data to attackers who have already compromised the renderer process in Google Chrome prior to 148.0.7778.216. Exploitation requires delivering a crafted HTML page to a victim who interacts with it, making this a post-compromise data exfiltration primitive rather than an initial access vector. The CVSS score of 3.1 and EPSS of 0.03% (11th percentile) are consistent with the constrained prerequisites; no public exploit code exists and no active exploitation has been confirmed.
Cross-origin data disclosure in Google Chrome on Android (prior to 148.0.7778.216) stems from uninitialized GPU memory that a renderer-compromised attacker can read via a crafted HTML page. This is a second-stage, chained vulnerability - exploitation requires that the renderer process has already been compromised through a separate, unspecified vector. CVSS rates this Low (3.1) consistent with the constrained impact (C:L only) and high attack complexity; EPSS of 0.03% (11th percentile) confirms no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome's WebRTC component on Windows exposes limited confidential data to remote attackers via a race condition in all Chrome versions prior to 148.0.7778.216. An unauthenticated remote attacker (PR:N) can exploit this by luring a victim to a crafted HTML page, exploiting a timing window in WebRTC's concurrent execution to read cross-origin data. No public exploit has been identified at time of analysis and EPSS stands at 0.03% (9th percentile), indicating very low real-world exploitation pressure despite Chrome's internal 'High' severity classification.
Same-origin policy bypass in Google Chrome for iOS (all versions prior to 148.0.7778.216) allows an attacker who has already achieved renderer process compromise to cross browser origin boundaries via a crafted HTML page, potentially exposing restricted cross-origin content. The root cause is insufficient validation of untrusted input (CWE-20) in iOS-specific Chrome code, a platform-divergent codepath not present in desktop Chrome. No public exploit has been identified and no CISA KEV listing exists; however, Chromium's internal 'High' severity rating contrasts with the NVD CVSS score of 3.1, reflecting that the renderer pre-compromise prerequisite substantially constrains standalone exploitability while the SOP bypass itself carries serious chaining potential.
Security restriction bypass in logback-core's HardenedObjectInputStream allows limited object injection via logback's SimpleSocketServer and SimpleSSLSocketServer components, affecting all versions through 1.5.32 inclusive. An attacker who can influence serialized data submitted to these socket server endpoints can instantiate objects from java.lang and java.util classes not explicitly blocked by the hardened deserializer, circumventing its intended allowlist controls. The vendor and NVD both confirm no practical remote code execution or significant privilege escalation has been identified; the real-world impact is limited confidentiality and integrity exposure. No public exploit identified at time of analysis beyond E:P proof-of-concept maturity indicated in the CVSS vector. Not listed in CISA KEV.
Stored XSS via bypass in Symfony's HtmlSanitizer component allows `javascript:` URIs to survive sanitization when applications use permissive configurations that admit `action`, `formaction`, `poster`, or `cite` attributes. The root cause is an incomplete attribute list in `UrlAttributeSanitizer::getSupportedAttributes()`, which caused `DomVisitor` to skip URI scheme validation entirely for those four attribute types. No public exploit identified at time of analysis and no CVSS score has been assigned, but successful exploitation enables JavaScript execution in victims' browsers - with the attack gated behind non-default sanitizer configuration choices made by the integrating application.
Stale mobile device tokens in AnythingLLM survive single-user to multi-user mode migration with a null userId, allowing a pre-migration token holder to bypass per-user data filtering and access other users' workspace content. Affected are all AnythingLLM installations (cpe:2.3:a:mintplex-labs:anything-llm) prior to version 1.13.0 that have undergone a single-user to multi-user migration while mobile device tokens existed. An attacker retaining a previously approved mobile token can enumerate workspaces and retrieve thread metadata and chat history belonging to other users. No public exploit identified at time of analysis and this CVE is not listed in CISA KEV.
Symlink following in the AnythingLLM agent filesystem copy tool (versions prior to 1.13.0) allows a highly-privileged authenticated user to read files outside the configured filesystem sandbox by placing a symbolic link inside an agent-accessible source directory. The recursive copy helper validates only top-level paths, then descends into child entries using Node.js fs.stat() and fs.copyFile(), both of which transparently follow symlinks - silently redirecting reads to targets outside the allowed root and materializing their contents in an accessible destination. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog; the CVSS score of 2.0 reflects that exploitation is constrained to high-privilege accounts with high complexity and required user interaction.