Uncontrolled resource consumption in GitLab CE/EE's file upload processing pipeline enables any authenticated user to trigger denial of service by submitting a specially crafted file. All self-managed GitLab instances running versions from 17.10 up through the patched releases (18.10.8, 18.11.5, 19.0.2) are affected across both Community and Enterprise Editions. A publicly available exploit exists on HackerOne (report #3517331), though no active exploitation has been confirmed by CISA KEV.
Incorrect authorization enforcement in GitLab CE/EE exposes hidden merge requests to unauthorized modification by authenticated users holding developer-role permissions. The flaw spans a wide version range - from 15.10 through the patched releases 18.10.8, 18.11.5, and 19.0.2 - meaning a large proportion of self-managed GitLab deployments are potentially affected. A publicly available proof-of-concept exists via a disclosed HackerOne report, raising the practical exploitation risk beyond what the medium CVSS score alone suggests; no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.
Content injection via Service Desk email template processing in GitLab CE/EE allows an unauthenticated attacker to impersonate the GitLab Support Bot and inject arbitrary content into issue threads. The vulnerability affects all GitLab instances running versions from 15.9 through 19.0.1 with the Service Desk feature active, and stems from improper neutralization of substitution characters (CWE-153) in email template rendering. A publicly available exploit exists on HackerOne, though no active exploitation has been confirmed by CISA KEV; the official CVSS score of 2.6 reflects the high attack complexity and limited integrity-only impact.
Incorrect authorization enforcement in GitLab Enterprise Edition allows an authenticated user holding the Security Manager role to manage project security configurations even when the relevant security feature has been administratively disabled. Affecting all EE versions from 13.9 through the patched releases (18.10.8, 18.11.5, 19.0.2), the flaw bypasses the feature-disabled gate by failing to validate feature state alongside role-based permissions. No public exploit is confirmed as actively exploited (not in CISA KEV), though a publicly available HackerOne exploit report exists, and EPSS data was not provided in available intelligence.
Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.
Authorization bypass in OpenClaw before 2026.4.24 allows local, low-privileged callers to circumvent owner-only tool policies and before-tool-call hooks via the MCP loopback feature. By routing requests through the affected loopback path, a non-owner principal can invoke tools that should be restricted to the owner role, effectively escalating effective privileges within the application. No public exploit code has been identified at time of analysis, but a vendor patch has been released and the vulnerability was reported by VulnCheck.
ClipBucket v5's subtitle management feature lacks ownership verification, enabling any authenticated user to upload, rename, or delete subtitle tracks on videos belonging to other users. All releases prior to version 5.5.3 - #133 (CPE: cpe:2.3:a:macwarrior:clipbucket-v5) are affected. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, though the low attack complexity and network accessibility present credible risk in any multi-user ClipBucket deployment.
Out-of-bounds read in Google Chrome's Video component on ChromeOS exposes process memory to attackers who have already established renderer process compromise. Specifically, an attacker with an existing foothold in the renderer can serve a crafted HTML page to a ChromeOS user and extract potentially sensitive data from memory. No public exploit or CISA KEV listing exists at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), indicating low real-world exploitation activity despite the High CVSS confidentiality impact.
HTTP Response Splitting via CRLF injection in Apache CXF's OAuth2 module allows an attacker who controls the WWW-Authenticate realm parameter to inject arbitrary HTTP headers or split HTTP responses entirely. Affected deployments include cxf-rt-rs-security-oauth2 versions 4.2.0 before 4.2.2 and all versions before 4.1.7. No public exploit code has been identified at time of analysis and this vulnerability is not listed in CISA KEV, but successful exploitation could enable cache poisoning, header injection, or redirection of downstream HTTP clients processing the malformed response.
Inconsistent server-side scope enforcement in Filament's AttachAction and AssociateAction Select fields allows an authenticated low-privilege user to associate out-of-scope records by tampering with Livewire component state. Developers can scope which records appear in these Select dropdowns via `recordSelectOptionsQuery()`, but the built-in validation rule did not enforce the same scope - meaning the UI restriction was purely cosmetic and bypassable. Patches are available across all three affected major version lines; no public exploit or CISA KEV listing identified at time of analysis.
Same-origin policy bypass in Google Chrome's DevTools component exposes all Chrome versions prior to 149.0.7827.115 to cross-origin integrity violations when a victim visits a crafted HTML page. The root cause (CWE-346) is insufficient origin validation within DevTools policy enforcement, allowing a remote unauthenticated attacker to circumvent the browser's fundamental isolation boundary and tamper with cross-origin content. No public exploit identified at time of analysis; EPSS of 0.02% (4th percentile) and absence of a CISA KEV listing indicate currently low real-world exploitation pressure despite the High Chromium severity rating.
Signature metadata trust bypass in Apache CXF's JwsJsonContainerRequestFilter allows an attacker who can send JWS JSON-signed requests to inject unvalidated metadata - such as Content-Type or protected HTTP headers - by placing it in the first signature entry of a multi-signature JWS JSON token, even when that entry's signature was never verified. Affected deployments using the cxf-rt-rs-security-jose-jaxrs module may incorrectly trust attacker-controlled content type or header values, steering JAX-RS entity parsing or signed-header consistency checks in unintended ways. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-released patches 4.2.2 and 4.1.7 were published June 10, 2026.
Server-Side Request Forgery (SSRF) in GitLab CE/EE's repository import feature allows an authenticated low-privileged user to read arbitrary files from the backend Gitaly server and probe internal network resources by supplying maliciously crafted secondary URLs that bypass input validation. Affected versions span the 18.10, 18.11, and 19.0 release lines, all patched by GitLab on 2026-06-10. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the combination of authentication-only gating and network-accessible entry point makes this a meaningful lateral-movement risk in self-managed GitLab deployments.
Stack buffer overflow in GStreamer's H.265/HEVC codec parser (gst-plugins-bad) allows remote unauthenticated attackers to crash GStreamer-based applications by delivering a crafted H.265 video file or stream that a user opens. The root cause is an incorrect loop bound in the buffering period SEI message parser: the parser mistakenly uses cpb_cnt_minus1[i] (the current loop index variable) rather than cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing the loop to iterate beyond the bounds of stack-allocated CPB delay arrays and corrupt stack memory. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the deterministic parser logic makes crash reproduction straightforward.
Out-of-bounds write in GStreamer's H.266/VVC PPS picture partition parser (`gst-plugins-bad`) allows an attacker to crash media-processing applications - and potentially achieve code execution - by delivering a crafted H.266/VVC media file. The flaw in `gst_h266_parser_parse_picture_partition()` (gsth266parser.c) permits unbounded slice index increments across three fixed-size arrays in `GstH266PPS` during multi-slice-in-tile processing. A proof-of-concept demonstrating at least a 4-byte write exists; no public exploit beyond that initial POC or CISA KEV listing has been identified at time of analysis, though the code structure permits larger writes across multiple iterations which elevates downstream risk above a pure DoS assessment.
Memory exhaustion and CPU starvation in python-zeroconf before 0.149.12 allows any unauthenticated LAN-adjacent host to OOM-kill or stall the zeroconf process by flooding TC-flagged mDNS queries over UDP/5353. The `AsyncListener.handle_query_or_defer` method retained all TC-bit packets in an unbounded `_deferred[addr]` dictionary - each entry up to 8,966 bytes of raw buffer plus parsed DNS state - with no cap on per-address queue depth or total distinct source addresses, and the per-arrival dedup scan ran O(N) causing quadratic CPU growth as queues expanded. Trivially spoofed source IPs multiply the memory footprint across `_deferred`/`_timers`; on Raspberry Pi-class hardware running Home Assistant, sustained flood traffic causes OOM termination; no public exploit identified at time of analysis.
Credential header leakage in @hapi/wreck (npm) versions before 18.1.2 allows an attacker controlling an adjacent port on the same hostname, or capable of forging a redirect response, to capture Authorization, Cookie, and Proxy-Authorization headers from Node.js HTTP client applications. The library's redirect-following logic stripped credential headers only on hostname changes, leaving scheme and port components unchecked - so same-host redirects across ports (e.g., :443 → :8080) and HTTPS-to-HTTP downgrades forwarded credentials intact to the redirect target. No public exploit identified at time of analysis and not listed in CISA KEV, but the patch commit and test cases are publicly available in the GHSA advisory.
Expression Language Injection in Spring Web Flow exposes applications explicitly configured with WebFlowELExpressionParser to evaluation of malicious Unified EL expressions submitted by authenticated low-privilege users. Affected versions span the 2.5.x, 3.0.x, and 4.0.0 release lines; exploitation requires both non-default configuration and user interaction, which meaningfully constrains real-world risk despite the High confidentiality and integrity impact ratings. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Unsanitized output in Quest Bot's ticket creation workflow allows any unprivileged Discord server member to inject @everyone, @here, role mentions, or user mentions into ticket channel messages, causing the bot to trigger mass notifications. All Quest Bot versions prior to 1.0.3 are affected; the bot must hold Discord's 'Mention Everyone' permission for the attack to achieve its full impact. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Unauthorized record modification in Cerebrate before 1.37 allows any authenticated user to overwrite arbitrary records of the same entity type by injecting a foreign primary key into CRUD edit requests. The flaw stems from permissive mass-assignment defaults across several entity types - User, Role, UserSetting, LocalTool, PermissionLimitation, and EnumerationCollection - where the ORM's patchEntity() accepted attacker-controlled id values from request bodies, redirecting the SQL UPDATE to an unrelated row. Because the UserSettings edit endpoint was reachable by all authenticated users, the most accessible exploitation path required only valid session credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, though the integrity impact on Role and User entities carries privilege-escalation potential that elevates real-world severity above the base CVSS score alone.
Server-side request forgery in steipete/Summarize before v0.17.0 enables an attacker who controls a podcast RSS feed to coerce the application into fetching transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, and other reserved destinations. The vulnerability is compounded by two bypass mechanisms: DNS rebinding (allowing an attacker to pass an initial hostname check then resolve to an internal target) and unvalidated redirect-following (where intermediate redirect targets are never re-screened). Exploitation exposes internal service responses through the summarization pipeline to the attacker. No active exploitation is confirmed (not in CISA KEV), and no public exploit code has been identified; a vendor patch is available as v0.17.0.
OIDC session cookie exposure in TwiN gatus 5.36.0 allows network-positioned attackers to intercept authentication tokens because the `setSessionCookie` function in `security/oidc.go` sets session cookies without the Secure attribute, permitting transmission over unencrypted HTTP connections. Only deployments with OIDC authentication enabled are affected, and exploitation requires high attack complexity due to mandatory network interception positioning. No public exploit code has been identified; the upstream maintainer has closed the associated GitHub issue (#1689) as 'not planned', meaning no vendor patch will be released.
HTTP header injection in IBM DevOps Plan 3.0.0 through 3.0.6 allows unauthenticated remote attackers to inject arbitrary HTTP headers by supplying a malicious HOST header value that the application fails to sanitize. The vulnerability (CWE-644) can be leveraged to mount cross-site scripting attacks against users, poison intermediate caches with attacker-controlled content, or hijack authenticated sessions. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, though the low-complexity, no-authentication-required attack surface makes this a meaningful risk for any internet-facing deployment.
Credential interception in CodexBar before 0.33.0 exposes API keys, bearer tokens, and browser cookies to network-adjacent attackers through the shared ProviderHTTPClient transport's failure to validate redirect destinations. When a user initiates a credentialed request to an AI provider backend, an attacker positioned to inject redirect responses can steer the transport to a cross-origin host or a plaintext HTTP endpoint, causing CodexBar to forward the original credentials to the attacker-controlled destination. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, but the high confidentiality impact warrants prompt patching - especially for users on shared or untrusted networks.
Approval policy bypass in OpenClaw's Skill Workshop apply flow allows remote attackers to apply workshop configuration changes without completing the required authorization step. Versions prior to 2026.5.6 fail to enforce the `approvalPolicy: pending` gate when agent tool calls include `apply: true`, effectively granting unauthorized write access to skill configurations. No public exploit code has been identified at time of analysis; a vendor-released patch is available.
BEAM atom table exhaustion in Elixir's membrane_mp4_plugin (versions 0.3.0-0.36.6) allows denial-of-service by submitting a crafted MP4 file to any application using the library's container parser. The parser passed attacker-controlled 4-byte MP4 box names to String.to_atom/1 without validation; because BEAM atoms are permanent allocations counted against a hard ceiling (~1,048,576 by default), an ~8 MB file with ~1.1 million distinct non-standard box names exhausts the table and aborts the entire BEAM node, collaterally terminating every application co-hosted on that node. No public exploit has been identified at time of analysis; vendor-released patch 0.36.7 resolves the issue.
Server-side request forgery in Kolibri (pip/kolibri <= 0.19.3) allows network-reachable attackers to force the Kolibri server to issue outbound HTTP requests to arbitrary internal hosts, cloud metadata endpoints, and internal services, with JSON response bodies reflected directly to the caller. The primary GET endpoint at /api/auth/remotefacilityuser required no authentication whatsoever, making this exploitable by any party with network access to the Kolibri server. A working proof-of-concept was retained internally by the reporting researcher but was not published; no public exploit code exists and CISA KEV listing has not been identified at time of analysis.
XML injection in guzzlehttp/guzzle-services allows unauthenticated remote attackers to smuggle arbitrary XML elements into outgoing API requests by embedding the CDATA terminator `]]>` in attacker-controlled input. The PHP XMLWriter::writeCData() call used by the request serializer for values containing `<`, `>`, or `&` terminates the CDATA section prematurely when the payload contains `]]>`, causing the remainder to be interpreted as raw XML markup by the downstream service. Depending on downstream service behavior, this can enable privilege escalation, parameter boundary bypass, or operation semantic manipulation — the advisory's canonical example shows injection of a `<Role>admin</Role>` element that a receiving service may honor. No public exploit has been identified at time of analysis, and this vulnerability is not in the CISA KEV catalog.
Ticket transcript redirection in Quest Bot (prior to v1.0.4) allows a privileged user with bot settings access to configure the closed-ticket transcript destination to any channel they can read, exposing full private ticket histories to unauthorized parties. The bot fails to enforce parity between the access controls of the original ticket channel and the transcript destination, breaking the confidentiality boundary of the ticketing system. No public exploit code exists and no KEV listing applies; the CVSS 4.0 score of 5.7 reflects the high privilege requirement and passive user interaction needed to trigger exposure.
Quest Bot, an open-source Discord moderation/utility bot, exposes private channel message contents to privileged users who should not have access to them. A user holding bot configuration privileges can enable the logging feature and direct logs to a channel they control, causing the bot to forward deleted and edited message content from all channels it can observe - including private channels the configuring user is explicitly excluded from reading. No public exploit has been identified at time of analysis, and a patch was released in version 1.0.4.
Authentication bypass via primary weakness (CWE-305) in ABB Freelance DCS affects every major release line from 2013 through 2024, allowing a locally authenticated low-privilege user to circumvent the product's authentication mechanism and gain elevated control over the system. The CVSS vector (AV:L/PR:L/I:H) confirms the attacker must already hold a foothold on the host but can then achieve high integrity impact - particularly serious in an industrial control system context where manipulating controller configurations can affect physical processes. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the wide version span and OT deployment context elevate remediation urgency.
macOS logs sensitive user data without adequate redaction, allowing a local application to read that data from system logs without requiring elevated privileges. Affecting all macOS versions prior to Tahoe 26.1, the flaw (CWE-532) stems from insufficient data sanitization in the operating system's logging subsystem. An app running in the user context can exploit this to access confidential information that should be protected, with no public exploit identified at time of analysis and an EPSS probability of 0.02%.
Symlink-following vulnerability in Apple macOS prior to 15.4 allows a malicious locally-installed application to access protected user data by exploiting improper handling of UNIX symbolic links. Affected systems are all macOS versions below Sequoia 15.4, per CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. No public exploit or active exploitation has been identified; the EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. Apple has issued a fix in macOS Sequoia 15.4.
Improper access control in Apple macOS allows a locally-executed app to cause unexpected system termination, effectively producing a denial-of-service condition against the host. All three actively-supported macOS release lines - Sequoia, Sonoma, and Ventura - are confirmed affected, with fixes delivered simultaneously across all three branches. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.01% at the 3rd percentile indicates negligible observed exploitation probability at time of analysis.
Protection mechanism failure in Apple macOS allows a locally-installed malicious app running with standard user privileges to access private information that should be restricted by OS-level access controls. Affected versions span three active macOS release trains: Sequoia before 15.4, Sonoma before 14.7.5, and Ventura before 13.7.5. No active exploitation has been confirmed (not in CISA KEV), and CISA SSVC rates exploitation likelihood as none with partial technical impact, placing this in a monitored-but-not-urgent priority tier for most organizations.
Path traversal in Apple macOS prior to Sequoia 15.4 allows a locally-installed application to bypass directory path restrictions and read sensitive user data outside its permitted file system scope. The flaw (CWE-22) stems from insufficient validation of directory path components in macOS path parsing logic, enabling a rogue or compromised app running with standard user privileges to traverse into restricted locations. No public exploit code has been identified and the CVE is not listed in the CISA Known Exploited Vulnerabilities catalog; SSVC assessment confirms no known active exploitation at the time of this analysis.
Sandbox restriction bypass in macOS prior to Tahoe 26.1 allows a locally-installed malicious app to access sensitive user data outside its permitted sandbox scope. The flaw stems from improper access control (CWE-284) in the macOS application sandbox, a core security boundary meant to isolate app access to system resources. SSVC assessment confirms no known active exploitation and the attack is not automatable, while CVSS signals high confidentiality impact limited to local execution with low privileges.
Improper symlink resolution in Apple macOS prior to Sequoia 15.4 allows a locally-executing app with standard user privileges to access protected user data that would ordinarily be restricted by macOS privacy controls such as TCC (Transparency, Consent, and Control). Rooted in CWE-59, the flaw enables a malicious app to craft or exploit symbolic links to bypass the OS file-access boundary and read sensitive user data without authorization. No public exploit has been identified at time of analysis, and CISA's SSVC framework rates exploitation as none with partial technical impact.
Unauthorized sensitive user data access in Apple macOS prior to Sequoia 15.4 allows a locally installed app to read private user information due to the presence of vulnerable code that has since been removed. The flaw is classified under CWE-359 (Exposure of Private Personal Information), indicating an API or code path exposed protected data to apps without proper entitlement or permission checks. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis; SSVC assesses exploitation as none and technical impact as partial.
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.8.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Server-side request forgery in IBM Langflow Desktop 1.0.0 through 1.9.2 enables authenticated network-based attackers to coerce the application into issuing arbitrary outbound HTTP requests on their behalf. The vulnerability, classified under CWE-918, can expose internal network topology by proxying requests through the server to otherwise inaccessible hosts, and may serve as a stepping stone for further lateral movement or credential harvesting from cloud metadata services. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via IBM advisory.
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.6.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
X509AuthenticationProvider in Spring Web Services issues fully authenticated tokens from client certificates without enforcing Spring Security's account lifecycle checks, meaning disabled, locked, expired, or credentials-expired accounts can successfully authenticate. This affects all maintained release branches from 3.1.0 through 5.0.1 and was reported by VMware, the Spring project maintainer. No public exploit or CISA KEV listing has been identified at time of analysis, but the bypass is meaningful in environments that rely on account-disablement as the primary deprovisioning control rather than certificate revocation.
Disk exhaustion in Summarize CLI (all versions before 0.17.0) allows remote attackers who control a podcast feed or media URL to cause denial of service by circumventing the tool's enforced media download size limit. The size cap can be bypassed through missing or misreported Content-Length headers, chunked transfer encoding, or deliberately failed HEAD requests, causing the CLI's temp-file download path to stream an unbounded response directly to local storage. No active exploitation has been confirmed (not listed in CISA KEV), no public proof-of-concept has been identified, and EPSS data is unavailable; however, the zero authentication requirement on the attacker side and low attack complexity make this a credible threat for users who process untrusted or third-party feeds.
CRLF injection in guzzlehttp/psr7 versions prior to 2.10.2 allows remote unauthenticated attackers to inject arbitrary HTTP headers into outbound requests by embedding carriage-return/line-feed sequences in a user-controlled URI host component. When a PSR-7 request is manually serialized into a raw HTTP/1.x message - for example via Message::toString() - the unvalidated host is copied verbatim into the Host header, enabling an attacker-supplied host like '"\r\nX-Injected: yes"' to append controlled headers to the serialized request. In deployments behind proxies, gateways, or load balancers with HTTP/1.1 connection reuse, this header injection can cascade into HTTP request smuggling or cache poisoning. No public exploit code has been identified at time of analysis, and exploitation through the standard Guzzle HTTP client API is explicitly not affected.
Host confusion in guzzlehttp/psr7 (all versions prior to 2.10.2) allows unauthenticated network attackers to supply a malformed Host header - such as `trusted.example@evil.example` - causing the library's URI construction logic to reinterpret the value as URI userinfo and a different host, silently replacing the parsed URI host with the attacker-controlled domain. Applications that rely on the resulting PSR-7 URI host for routing, allow-list enforcement, or forwarding decisions are at risk of sending requests and credentials to unintended destinations. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the conditional impact on forwarding gateways and API proxies built on psr7's server-request parsing functions is concrete.
Information disclosure in Spring Web Services (Spring-WS) exposes account lifecycle state - such as locked, disabled, or expired status - to remote unauthenticated SOAP clients through verbose exception messages or callback outcomes during authentication processing. Affected are four actively maintained branches (3.1.x through 5.0.x) when the SOAP layer is integrated with Spring Security; the root cause is CWE-209, where error handling fails to normalize Spring Security's typed account-state exceptions into generic authentication failures. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the CVSS 5.3 (Medium) rating reflects genuine reconnaissance utility for account enumeration against exposed SOAP endpoints.
Denial of service in the joi npm validation library (< 18.2.1) is triggered by submitting deeply nested JSON objects against schemas that use recursive `link()` definitions, causing a JavaScript call stack overflow. The untrapped `RangeError` propagates out of joi's link resolver - crashing the Node.js process entirely when `validate()` is invoked without a surrounding `try/catch`, or silently breaking error-handling logic when a `RangeError` is returned where a structured `ValidationError` was expected. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis, but the attack surface is inherently wide given joi's prevalence in Node.js web services.
Log injection in Apache CXF's OAuth2 module (org.apache.cxf:cxf-rt-rs-security-oauth2) permits remote attackers to forge arbitrary log entries by supplying crafted `clientId` values containing control characters or newline sequences in OAuth2 HTTP requests. Affected are CXF 4.2.0-4.2.1 and all 4.1.x versions before 4.1.7; fixed releases 4.2.2 and 4.1.7 were issued June 10, 2026. No public exploit code or active exploitation has been identified at time of analysis; practical impact is confined to log integrity compromise that could mislead security monitoring and incident response processes.