Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attackers to forge OIDC identity tokens and obtain fully authenticated technician sessions, because the server accepts ID tokens without verifying their cryptographic signature. Publicly available exploit code exists and the flaw can also bypass MFA in some configurations, making vulnerable remote-support deployments a high-priority target despite no current CISA KEV listing.
Account hijacking in phpBB is possible due to improper authentication checks in the OAuth implementation, affecting default installations even when OAuth is not configured or enabled. Remote unauthenticated attackers can gain unauthorized access to arbitrary accounts on the forum platform, with no public exploit identified at time of analysis despite the critical 9.8 CVSS score.
Unauthenticated arbitrary file upload in Amasty Order Attributes for Magento 2 before 4.0.0 lets remote attackers drop arbitrary files into the store's media directory without authentication, session validation, or cart context. Where the media directory permits PHP execution, this escalates to unauthenticated remote code execution; otherwise it enables stored XSS via HTML/SVG, malware hosting, and path-traversal writes outside the intended directory. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and trivial preconditions make this a high-priority issue for any Magento 2 store running the extension.
Denial of service in the Netty HTTP/3 codec (io.netty:netty-codec-http3) prior to version 4.2.15.Final allows remote unauthenticated attackers to exhaust server memory by triggering creation of an unbounded number of blocked streams, leading to an OutOfMemoryError. The flaw affects any Java application or service using Netty as an HTTP/3 server. No public exploit identified at time of analysis, and EPSS probability is very low (0.05%, 17th percentile), but the network-reachable nature of the HTTP/3 protocol surface makes patching a priority for exposed endpoints.
Denial of service in Netty's io.netty:netty-codec-redis component (prior to 4.1.135.Final and 4.2.15.Final) allows remote attackers to trigger memory exhaustion by sending a crafted RESP array header that declares a huge element count, causing RedisArrayAggregator to pre-allocate an oversized ArrayList before any child messages arrive. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided in the input.
Hard-coded MQTT broker credentials in Yarbo Android and iOS applications allow remote unauthenticated attackers to subscribe to and publish on the cloud MQTT brokers serving the entire global Yarbo robot fleet. Because the credentials are identical across all users and devices and trivially extractable via APK decompilation, anyone knowing a target robot's serial number can read its telemetry or send arbitrary commands. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CISA ICS advisory reflect the systemic, fleet-wide nature of the exposure.
Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.
Cryptographic authentication bypass in Naxclow smart home devices (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows remote attackers to forge arbitrary device and account API requests after extracting a single hard-coded salt shared across the entire product line. Because the same salt is embedded in every firmware image and no per-device keys, nonces, or replay protections exist, recovery from one unit compromises the whole fleet, and plain-HTTP control traffic makes interception trivial. No public exploit identified at time of analysis, and the issue was disclosed via CISA ICS-CERT advisory ICSA-26-162-02.
Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated attacker to silently reassign victim devices to their own account by replaying the onboarding confirm-then-bind sequence. The affected endpoints validate request signatures but never verify legitimate ownership, enabling remote hijacking without user interaction or device-side awareness. No public exploit identified at time of analysis, but the issue is reported via CISA ICS-CERT advisory ICSA-26-162-02.
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.
Authorization bypass in Yarbo's cloud MQTT infrastructure allows any authenticated client to subscribe to wildcard topics covering the entire global robot fleet and to publish commands to any robot using only its serial number, which is itself disclosed in the telemetry stream. The flaw affects both the Yarbo Android/iOS mobile application and the backing cloud MQTT broker, and no public exploit identified at time of analysis, but the design defect means a single compromised credential yields fleet-wide control.
Authenticated command injection in Ubiquiti UniFi OS allows low-privileged network-adjacent attackers to execute arbitrary OS commands on UniFi gateways, controllers, NVRs, and NAS devices, with a CVSS 9.9 score reflecting scope change and full CIA impact. The vulnerability affects a broad device family including UDM, UDM Pro/SE/Max/Beast, UDR, UDW, UCG, UNVR, and UNAS lines per Ubiquiti Security Advisory Bulletin 065. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Command injection in Ubiquiti UID Enterprise Agent allows a low-privileged attacker with network access to execute arbitrary commands on the host device by abusing improper input validation. The CVSS 9.9 score reflects a scope change with high confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Defenders should treat this as a high-priority patch item given the low attack complexity and minimal privilege requirement.
Cross-tenant privilege escalation in WebPros WordPress Toolkit prior to 6.11.0 (as bundled with cPanel & WHM) allows an authenticated low-privilege account holder to inject arguments into the wp-toolkit CLI and execute commands in the context of another tenant on the same shared server. With a CVSS of 9.9 and scope change, a single compromised hosting account can pivot to siblings on the same host. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Privilege escalation in Ubiquiti UniFi OS allows a low-privileged attacker with network access to elevate privileges on affected UniFi OS devices and instances due to improper input validation (CWE-20). The CVSS 9.9 score reflects a scope-changing impact spanning UniFi Dream Machine, UniFi Express, UDR, UCG, UNVR, UNAS, and other UniFi OS Server platforms. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Vulnerability Title
Remote code execution in jmespath.php versions prior to 2.9.1 allows attackers controlling JMESPath expressions to inject arbitrary PHP into compiler-generated cache files, which are then loaded and executed by JmesPath\CompilerRuntime. The flaw stems from insufficient escaping of parsed function names when the compiler emits PHP source, enabling code execution whenever an application evaluates untrusted expressions through the compiler runtime. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects unauthenticated network-reachable RCE in any web app that pipes user input into the compiler.
Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.
Missing authentication in the Aqara Board service (op-test.aqara.com) lets remote, unauthenticated attackers submit arbitrary MQTT command payloads that the exposed debug/test API relays to the platform's HiveMQ broker without any credential check. Publicly available proof-of-concept exploit code exists (SSVC: poc), and while EPSS is low (0.06%), runZero documents this as one link in a chain (CVE-2026-50082 through -50085) that together enables a fully unauthenticated remote takeover of affected devices. It is not listed in CISA KEV, so active exploitation in the wild is not confirmed.
Privilege escalation in the Zoom Workplace mobile app (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler that processes the app's custom URL scheme, allowing an unauthenticated actor to elevate privileges via network access. Zoom self-reported and patched the flaw, and no public exploit identified at time of analysis; EPSS remains very low (0.04%, 12th percentile) and CISA SSVC marks exploitation as none, indicating no observed activity despite the 9.8 CVSS score.
Authentication bypass in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) stems from a hardcoded OAuth client credential shipped in the identity backend, letting remote attackers impersonate a trusted OAuth client and subvert the single sign-on trust boundary. Discovered by runZero and tracked as EUVD-2026-36473, it carries a critical CVSS of 9.8 and a proof-of-concept is publicly available, though EPSS (0.03%) shows no evidence of widespread automated exploitation. On its own it compromises the SSO/authorization layer, but chained with CVE-2026-50082, CVE-2026-50084, and CVE-2026-50085 it enables a fully unauthenticated remote takeover of affected devices.
Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim loads a web page containing crafted WebGPU content into the GLES GPU render process, corrupting memory and crashing the browser or GPU process. The flaw stems from an integer overflow in size calculation driven by untrusted input, which produces an undersized allocation that subsequent writes exceed. EPSS exploitation probability is very low at 0.02% (5th percentile) and no public exploit identified at time of analysis.
Authentication bypass in Başbelen Group's Pause+ Mobile App versions 1.0.6 through 1.4.x allows remote attackers to defeat login protections by exhausting authentication attempts without lockout, per CWE-307. The CVSS 9.8 score and PR:N/UI:N vector indicate unauthenticated network-based exploitation against any user account, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Weak password recovery in PbootCMS up to 3.2.12 allows remote unauthenticated attackers to take over user accounts by manipulating the `checkcode`, `username`, `password`, and `email` parameters in the `retrieve` function of `apps/home/controller/MemberController.php`. The recovery mechanism fails to adequately validate or protect the verification token, enabling bypass of the intended authentication challenge during the password reset flow. A public proof-of-concept exploit explicitly titled 'Account-Takeover' is available on GitHub, elevating the realistic risk beyond the conservative base score of 6.9.
Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the UPDATE_COLLECTION permission to execute arbitrary code on the server by submitting a malicious model repository with trust_remote_code=true to the collection update endpoint. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.4 and HiddenLayer's disclosure indicate a high-severity flaw in a widely used AI vector database. The vulnerability sits in the AI/ML supply chain layer, making it particularly relevant for organizations using ChromaDB as a backend for RAG or embedding pipelines.
Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.
Hardcoded database credentials in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X platform) allow remote unauthenticated attackers to authenticate to the backend database with administrative privileges. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects trivial network-accessible exploitation with full confidentiality, integrity, and availability impact. The flaw is reported by TWCERT and tagged as an Authentication Bypass.
Unauthenticated path traversal in Nezha Monitoring (nezhahq/nezha) before 2.0.13 allows remote attackers to read arbitrary files from the dashboard host by abusing the NoRoute fallbackToFrontend handler. The handler matches the /dashboard prefix with strings.HasPrefix rather than a path-segment comparison, so a request like /dashboard../data/config.yaml is normalized by path.Join into the application's data directory and served by http.ServeFile. No public exploit identified at time of analysis, but the bypass is trivially reproducible from the disclosed root-cause writeup.
Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object.prototype via the $pullAll patch operator, ultimately bypassing authorization on all piece-type REST API endpoints for unauthenticated requests until the Node.js process restarts. The flaw stems from apos.util.set() failing to sanitize __proto__ in dot-notation paths, and no public exploit identified at time of analysis but the advisory describes a confirmed exploitation gadget in publicApiCheck(). No vendor-released patch identified at time of analysis, making this an open-window risk for any internet-exposed editor account.
Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthenticated remote callers to precisely map active device populations by exploiting a registration endpoint that allocates sequential device identifiers without validating caller ownership of the supplied account identifier. Each API call returns a high-water batch counter that directly reveals fleet size, making reconnaissance deterministic and low-noise rather than a side-channel inference. No public exploit code has been identified at time of analysis, but the zero-privilege, network-accessible attack surface and ICS-CERT reporting context (ICSA-26-162-02) indicate meaningful real-world exposure for residential and small-business physical security deployments.
Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform, V720, and IX Cam - allows unauthenticated remote attackers to build a complete inventory of active devices deployed in the field. The identifier scheme combines fixed manufacturing prefixes with sequential counters (CWE-340), and the platform compounds this by exposing an endpoint that reveals the current identifier high-water mark, effectively handing attackers a starting point for a full sweep. Reported by ICS-CERT under ICSA-26-162-02, this is a platform-wide architectural flaw; no public exploit or KEV listing is confirmed at time of analysis, but the low complexity and zero-authentication barrier make opportunistic enumeration trivially achievable.
Mass assignment flaws in MISP (Malware Information Sharing Platform) let authenticated users overwrite server-controlled fields such as id, org_id, orgc_id, and user_id when submitting requests to several edit endpoints, enabling ownership transfer, hijacking of arbitrary collection/delegation/proposal records, and unauthorized access to threat-intelligence objects belonging to other organizations. No public exploit identified at time of analysis, and the issue is not in CISA KEV; the underlying CWE-639 weakness is addressed by upstream commit 9341690.
Authorization bypass in ChromaDB's Python implementation lets authenticated tenants reach data outside their authorization boundary by invoking the V1 collection-level REST endpoints, which forward None as both the tenant and database identifiers to the authorization layer. The flaw, disclosed by HiddenLayer, exposes high-impact reads and writes to cross-tenant collections in this Python vector database. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. No public exploit identified at time of analysis, but the flaw was disclosed by HiddenLayer and affects any Chroma deployment relying on the built-in RBAC provider for tenant isolation.
Cross-tenant data access in ChromaDB Python project version 0.4.17 and later allows any authenticated user to read, write, update, or delete data in collections belonging to other tenants, breaking the tenant isolation boundary that multi-tenant deployments rely on. The flaw, reported by HiddenLayer and tracked under CWE-639, carries a CVSS 4.0 score of 8.8 reflecting high confidentiality and integrity impact on both the vulnerable system and downstream tenants. No public exploit identified at time of analysis and not listed in CISA KEV.
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding group-link permissions to promote themselves or other group members to team or channel administrator by setting the scheme_admin flag through group syncable link and patch API endpoints. The flaw stems from missing role-management authorization checks, and with a CVSS of 8.8 (network, low complexity, low privileges) it enables tenant-wide takeover of collaboration workspaces; no public exploit identified at time of analysis.
Route-rule middleware bypass in Nuxt 3.11.0-3.21.6 and 4.0.0-4.4.6 allows remote attackers to evade routeRules-defined protections (authentication, redirects, headers, prerender/SSR controls) by simply varying URL case, because vue-router matches paths case-insensitively while the routeRules matcher matched case-sensitively. The fix in 3.21.7 and 4.4.7 lowercases the path before matching. EPSS is 0.02% and no public exploit is identified at time of analysis, but the underlying class is trivially abused once an asymmetric rule is known.
Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged process to corrupt kernel memory by issuing crafted GPU sparse memory API calls, enabling privilege escalation to kernel context. Affected releases include Graphics DDK 24.2 RTM and the 25.1 RTM through 25.3 RTM line. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).
Cross-tenant data access in the ChromaDB Rust implementation (version 1.0.0 and later) lets any authenticated tenant user read, write, update, or delete data inside collections owned by other tenants because the server does not validate that the caller's tenant matches the target resource. The flaw, reported by HiddenLayer and tracked as CWE-639, breaks the tenant isolation boundary that multi-tenant ChromaDB deployments rely on, and no public exploit identified at time of analysis.
Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution allowlist by submitting encoded-command flag aliases (abbreviated forms) that the allowlist parser fails to recognize. The flaw enables execution of arbitrary PowerShell payloads with full confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between approval and execution, bypassing the allowlist enforcement. The TOCTOU-style race against the approval gate lets attackers execute unapproved command shapes with the application's privileges, with no public exploit identified at time of analysis but a vendor advisory published via GHSA.
Unauthenticated denial-of-service in Typesense search engine versions prior to 29.1 and 30.2 allows remote attackers to terminate the server process by sending a crafted request to the /multi_search endpoint. The flaw triggers an unhandled exception during request processing, causing complete service unavailability for the duration of restart and dataset reload. No public exploit identified at time of analysis, and the low EPSS score (0.10%) suggests limited current exploitation interest despite the high CVSS 4.0 score of 8.7.
Missing authentication in @agenticmail/mcp prior to 0.9.27 allows unauthenticated remote clients to invoke master-key-only MCP tools when the server is started with --http or MCP_HTTP=1. The /mcp Streamable HTTP endpoint accepts session initialization and tool calls without any Authorization check, and the server forwards calls using its configured AGENTICMAIL_MASTER_KEY, enabling administrative actions such as setup_email_relay, delete_agent, and send_test_email. Publicly available exploit code exists in the GHSA advisory (one-command PoC), though EPSS remains low at 0.06% (19th percentile) and the issue is not on CISA KEV.
CRLF injection in the form-data Node.js library (versions through 4.0.5) allows remote attackers to inject arbitrary multipart headers or smuggle additional form parts by supplying attacker-controlled field names or filenames containing CR, LF, or double-quote characters. The library concatenates these values verbatim into the Content-Disposition header without escaping, enabling parameter tampering (e.g., overriding is_admin=true) against downstream multipart parsers. No public exploit identified at time of analysis, though the vulnerability is patched in 2.5.6, 3.0.5, and 4.0.6.
Command restriction bypass in the SSH service of Cellopoint CelloOS allows authenticated remote attackers to escape the restricted shell and execute arbitrary operating system commands beyond their authorized scope. The flaw is tracked as an Improper Access Control issue (CWE-1284) and was disclosed by Taiwan's TWCERT with a CVSS 4.0 score of 8.7. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Client-side memory corruption in the AWS Common Runtime aws-c-http library can be triggered by a malicious HTTP/2 server that sends a crafted sequence of HEADERS frames manipulating the HPACK dynamic table size, potentially leading to arbitrary code execution in applications that use the library as an HTTP/2 client. The CVSS 4.0 score of 8.7 (High) reflects network reachability with low complexity but requires user/client interaction (initiating a connection to the attacker server). There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service in CyberArk Privileged Access Manager (PAM) Self-Hosted Vault allows remote attackers to terminate the Vault service by sending unexpected input under specific configuration scenarios, affecting versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. Disclosed by Palo Alto Networks (which now owns CyberArk) via Security Bulletin CA26-17 with no public exploit identified at time of analysis, the CVSS 4.0 base score of 8.7 reflects the network-reachable, unauthenticated attack path against a security-critical service. The flaw is a CWE-400 resource/input handling issue that produces a localized DoS rather than code execution or data exposure.
Denial of service in Capgo before 12.128.2 allows remote unauthenticated attackers to lock legitimate users out of the platform for 30 days by registering accounts with arbitrary unverified email addresses and immediately initiating account deletion, placing the targeted email in a pending-deletion lock state. The CVSS 4.0 score of 8.7 (High) reflects high availability impact achievable over the network without privileges or interaction; no public exploit identified at time of analysis, though the attack is trivially reproducible from the description.
Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.
Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin scope without server-side validation against pairing or trusted-proxy authorization state. Attackers with low-privileged WebSocket access can invoke admin-gated Gateway RPCs, and no public exploit identified at time of analysis despite CVSS 4.0 score of 8.7.