Denial of service in the Netty HTTP/3 codec (io.netty:netty-codec-http3) prior to version 4.2.15.Final allows remote unauthenticated attackers to exhaust server memory by triggering creation of an unbounded number of blocked streams, leading to an OutOfMemoryError. The flaw affects any Java application or service using Netty as an HTTP/3 server. No public exploit identified at time of analysis, and EPSS probability is very low (0.05%, 17th percentile), but the network-reachable nature of the HTTP/3 protocol surface makes patching a priority for exposed endpoints.
Denial of service in Netty's io.netty:netty-codec-redis component (prior to 4.1.135.Final and 4.2.15.Final) allows remote attackers to trigger memory exhaustion by sending a crafted RESP array header that declares a huge element count, causing RedisArrayAggregator to pre-allocate an oversized ArrayList before any child messages arrive. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided in the input.
Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated attacker to silently reassign victim devices to their own account by replaying the onboarding confirm-then-bind sequence. The affected endpoints validate request signatures but never verify legitimate ownership, enabling remote hijacking without user interaction or device-side awareness. No public exploit identified at time of analysis, but the issue is reported via CISA ICS-CERT advisory ICSA-26-162-02.
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.
Authorization bypass in Yarbo's cloud MQTT infrastructure allows any authenticated client to subscribe to wildcard topics covering the entire global robot fleet and to publish commands to any robot using only its serial number, which is itself disclosed in the telemetry stream. The flaw affects both the Yarbo Android/iOS mobile application and the backing cloud MQTT broker, and no public exploit identified at time of analysis, but the design defect means a single compromised credential yields fleet-wide control.
Mass assignment flaws in MISP (Malware Information Sharing Platform) let authenticated users overwrite server-controlled fields such as id, org_id, orgc_id, and user_id when submitting requests to several edit endpoints, enabling ownership transfer, hijacking of arbitrary collection/delegation/proposal records, and unauthorized access to threat-intelligence objects belonging to other organizations. No public exploit identified at time of analysis, and the issue is not in CISA KEV; the underlying CWE-639 weakness is addressed by upstream commit 9341690.
Authorization bypass in ChromaDB's Python implementation lets authenticated tenants reach data outside their authorization boundary by invoking the V1 collection-level REST endpoints, which forward None as both the tenant and database identifiers to the authorization layer. The flaw, disclosed by HiddenLayer, exposes high-impact reads and writes to cross-tenant collections in this Python vector database. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. No public exploit identified at time of analysis, but the flaw was disclosed by HiddenLayer and affects any Chroma deployment relying on the built-in RBAC provider for tenant isolation.
Cross-tenant data access in ChromaDB Python project version 0.4.17 and later allows any authenticated user to read, write, update, or delete data in collections belonging to other tenants, breaking the tenant isolation boundary that multi-tenant deployments rely on. The flaw, reported by HiddenLayer and tracked under CWE-639, carries a CVSS 4.0 score of 8.8 reflecting high confidentiality and integrity impact on both the vulnerable system and downstream tenants. No public exploit identified at time of analysis and not listed in CISA KEV.
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding group-link permissions to promote themselves or other group members to team or channel administrator by setting the scheme_admin flag through group syncable link and patch API endpoints. The flaw stems from missing role-management authorization checks, and with a CVSS of 8.8 (network, low complexity, low privileges) it enables tenant-wide takeover of collaboration workspaces; no public exploit identified at time of analysis.
Route-rule middleware bypass in Nuxt 3.11.0-3.21.6 and 4.0.0-4.4.6 allows remote attackers to evade routeRules-defined protections (authentication, redirects, headers, prerender/SSR controls) by simply varying URL case, because vue-router matches paths case-insensitively while the routeRules matcher matched case-sensitively. The fix in 3.21.7 and 4.4.7 lowercases the path before matching. EPSS is 0.02% and no public exploit is identified at time of analysis, but the underlying class is trivially abused once an asymmetric rule is known.
Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged process to corrupt kernel memory by issuing crafted GPU sparse memory API calls, enabling privilege escalation to kernel context. Affected releases include Graphics DDK 24.2 RTM and the 25.1 RTM through 25.3 RTM line. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).
Cross-tenant data access in the ChromaDB Rust implementation (version 1.0.0 and later) lets any authenticated tenant user read, write, update, or delete data inside collections owned by other tenants because the server does not validate that the caller's tenant matches the target resource. The flaw, reported by HiddenLayer and tracked as CWE-639, breaks the tenant isolation boundary that multi-tenant ChromaDB deployments rely on, and no public exploit identified at time of analysis.
Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution allowlist by submitting encoded-command flag aliases (abbreviated forms) that the allowlist parser fails to recognize. The flaw enables execution of arbitrary PowerShell payloads with full confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between approval and execution, bypassing the allowlist enforcement. The TOCTOU-style race against the approval gate lets attackers execute unapproved command shapes with the application's privileges, with no public exploit identified at time of analysis but a vendor advisory published via GHSA.
Unauthenticated denial-of-service in Typesense search engine versions prior to 29.1 and 30.2 allows remote attackers to terminate the server process by sending a crafted request to the /multi_search endpoint. The flaw triggers an unhandled exception during request processing, causing complete service unavailability for the duration of restart and dataset reload. No public exploit identified at time of analysis, and the low EPSS score (0.10%) suggests limited current exploitation interest despite the high CVSS 4.0 score of 8.7.
Missing authentication in @agenticmail/mcp prior to 0.9.27 allows unauthenticated remote clients to invoke master-key-only MCP tools when the server is started with --http or MCP_HTTP=1. The /mcp Streamable HTTP endpoint accepts session initialization and tool calls without any Authorization check, and the server forwards calls using its configured AGENTICMAIL_MASTER_KEY, enabling administrative actions such as setup_email_relay, delete_agent, and send_test_email. Publicly available exploit code exists in the GHSA advisory (one-command PoC), though EPSS remains low at 0.06% (19th percentile) and the issue is not on CISA KEV.
CRLF injection in the form-data Node.js library (versions through 4.0.5) allows remote attackers to inject arbitrary multipart headers or smuggle additional form parts by supplying attacker-controlled field names or filenames containing CR, LF, or double-quote characters. The library concatenates these values verbatim into the Content-Disposition header without escaping, enabling parameter tampering (e.g., overriding is_admin=true) against downstream multipart parsers. No public exploit identified at time of analysis, though the vulnerability is patched in 2.5.6, 3.0.5, and 4.0.6.
Command restriction bypass in the SSH service of Cellopoint CelloOS allows authenticated remote attackers to escape the restricted shell and execute arbitrary operating system commands beyond their authorized scope. The flaw is tracked as an Improper Access Control issue (CWE-1284) and was disclosed by Taiwan's TWCERT with a CVSS 4.0 score of 8.7. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Client-side memory corruption in the AWS Common Runtime aws-c-http library can be triggered by a malicious HTTP/2 server that sends a crafted sequence of HEADERS frames manipulating the HPACK dynamic table size, potentially leading to arbitrary code execution in applications that use the library as an HTTP/2 client. The CVSS 4.0 score of 8.7 (High) reflects network reachability with low complexity but requires user/client interaction (initiating a connection to the attacker server). There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service in CyberArk Privileged Access Manager (PAM) Self-Hosted Vault allows remote attackers to terminate the Vault service by sending unexpected input under specific configuration scenarios, affecting versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. Disclosed by Palo Alto Networks (which now owns CyberArk) via Security Bulletin CA26-17 with no public exploit identified at time of analysis, the CVSS 4.0 base score of 8.7 reflects the network-reachable, unauthenticated attack path against a security-critical service. The flaw is a CWE-400 resource/input handling issue that produces a localized DoS rather than code execution or data exposure.
Denial of service in Capgo before 12.128.2 allows remote unauthenticated attackers to lock legitimate users out of the platform for 30 days by registering accounts with arbitrary unverified email addresses and immediately initiating account deletion, placing the targeted email in a pending-deletion lock state. The CVSS 4.0 score of 8.7 (High) reflects high availability impact achievable over the network without privileges or interaction; no public exploit identified at time of analysis, though the attack is trivially reproducible from the description.
Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.
Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin scope without server-side validation against pairing or trusted-proxy authorization state. Attackers with low-privileged WebSocket access can invoke admin-gated Gateway RPCs, and no public exploit identified at time of analysis despite CVSS 4.0 score of 8.7.
Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default editor role to inject arbitrary JavaScript that executes in every visitor's browser. The seoGoogleTrackingId and seoGoogleTagManager fields are interpolated directly into inline <script> tag bodies via template literals with no sanitization, turning legitimate analytics configuration into a persistent payload delivery channel. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.
Authenticated command injection in File Browser (github.com/filebrowser/filebrowser/v2 before 2.33.8) lets any user holding Execute permission bypass the command allowlist when a shell interpreter such as /bin/sh -c is configured. Because the allowlist validates only the first token while the full raw string is passed to the shell, an attacker chains arbitrary OS commands after a permitted one using metacharacters (;, |, backticks, $()), executing them at the server process privilege - root in the default Docker image. A detailed working PoC is published in the GHSA advisory; EPSS is very low (0.02%, 7th percentile) and the vulnerable Command Execution feature is disabled by default from 2.33.8 onward, including for upgraded existing installations.
Unrestricted file upload in Global IT Informatics Services WEOLL versions 2.0.9 through 3.2.45.32 allows authenticated low-privilege users to upload files of dangerous types and bypass ACL-protected functionality. With CVSS 8.7 (scope-changed, confidentiality and integrity high) and TR-CERT advisory publication, the flaw enables impact beyond the vulnerable component, though no public exploit identified at time of analysis and KEV/EPSS signals are not provided.
OS command injection in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (iVEC TANK-XM811) allows privileged remote attackers to inject and execute arbitrary operating system commands on the affected device. The flaw was disclosed via Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.6, with no public exploit identified at time of analysis. Because exploitation requires high privileges, the issue represents a post-authentication path to full device compromise rather than an unauthenticated remote takeover.
Information disclosure in Ubiquiti UniFi OS devices allows unauthenticated network-adjacent attackers to read sensitive data via a path traversal flaw (CWE-22). The high CVSS 8.6 score reflects a scope change with high confidentiality impact, indicating that disclosed data can affect resources beyond the vulnerable component itself. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation in OpenClaw before 2026.5.3 allows attackers with access to a Slack account to spoof identity by changing their mutable Slack display name to match an allowFrom policy entry, gaining agent access intended for another user. The root cause is authentication binding to a mutable identifier (CWE-290) rather than a stable Slack user ID. No public exploit identified at time of analysis, though an upstream advisory (GHSA-c29c-2q9c-pc86) and VulnCheck writeup describe the flaw in detail.
Command approval bypass in OpenClaw versions prior to 2026.5.18 allows authenticated users to smuggle malicious instructions past human approvers by exploiting how the approval UI truncates oversized exec commands. The flaw (CWE-451, UI misrepresentation) lets an attacker craft a request with a benign-looking prefix while a malicious suffix is hidden from the reviewer's display, resulting in unauthorized execution once the request is approved. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.
Arbitrary code execution in MobaXterm Personal Edition (Portable) version 26.3 Build 5154 occurs because the application loads winspool.drv from its working directory at startup, enabling classic DLL search-order hijacking. A local attacker who can write to the directory containing the portable executable can drop a malicious winspool.drv that executes in the victim's user context the next time MobaXterm is launched. No public exploit identified at time of analysis, and EPSS data was not provided, but the trivial nature of DLL planting makes weaponization straightforward.
Arbitrary code execution in MobaXterm Personal Edition (Portable) 26.3 Build 5154 occurs because the application loads DLLs from a predictable, user-writable temporary directory before falling back to secure system paths. A local attacker who can drop a crafted DLL into that path achieves code execution under the victim's account when MobaXterm is next launched. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Mass assignment in MISP's sharing group creation endpoint allows authenticated users with add-sharing-group permission to hijack arbitrary existing sharing groups by submitting the target group's primary key in the add() request. The CakePHP create()+save() pattern treats a supplied id as an update, bypassing the normal edit ACL on app/Controller/SharingGroupsController.php and exposing confidentiality and integrity of shared threat intelligence. No public exploit identified at time of analysis, though a fix commit is publicly visible on GitHub.
Improper access control in File Browser (filebrowser/filebrowser, Go) versions <= 2.63.6 lets a user with share/download permissions create a public share for a path that does not yet exist; because the share record stores only a path string and is never bound to a concrete object, the link silently begins exposing whatever file later appears at that path via GET /api/public/dl/<hash>. The flaw mirrors the Android MediaProvider issue CVE-2026-0035 — the create handler omits an existence check before persisting the share. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but a step-by-step PoC is included in the GitHub Security Advisory.
Improper input validation in Quest Bot (an open-source Discord bot) prior to version 1.1.6 lets a guild moderator weaponize the automod feature to delete every non-bot message in a server. By submitting whitespace-only input to the automod add command, the trimmed empty string is stored as a rule and the message listener's content.includes("") check evaluates true for all messages. No public exploit identified at time of analysis, though the trigger is trivial to reproduce by anyone with permission to configure automod rules.
Server-Side Request Forgery in GeoServer 2.26.x prior to 2.26.4 and 2.27.x prior to 2.27.3 allows unauthenticated remote attackers to coerce the server into issuing HTTP requests to attacker-chosen destinations by abusing weak prefix matching of the proxy base URL inside the XML entity resolver. No public exploit identified at time of analysis, and EPSS exploitation probability sits at 0.06% (19th percentile), but the trivial network-only attack vector and default-enabled ENTITY_RESOLUTION_ALLOWLIST since 2.25.0 raise the realistic exposure for internet-facing instances.
Authorization bypass in OpenClaw's QQBot component before version 2026.4.27 allows authenticated senders to invoke slash commands before allowFrom policy checks execute, effectively skipping operator-configured access controls. The flaw stems from pre-dispatch command handling that runs prior to policy enforcement, enabling blocked senders to trigger command handlers depending on deployment configuration. No public exploit identified at time of analysis, and CVSS 4.0 scoring of 8.2 reflects high integrity impact with an attack requirement (AT:P) suggesting non-trivial conditions.
Improper access control in Ubiquiti UniFi OS allows network-adjacent attackers to make unauthorized configuration changes to UniFi Dream Machine, Cloud Gateway, and Express gateway devices under certain network configurations. The flaw, scored CVSS 8.1 with full CIA impact, requires no authentication (PR:N) but has high attack complexity (AC:H), and no public exploit identified at time of analysis. Disclosed via HackerOne and addressed in Ubiquiti Security Advisory Bulletin 065.
Privilege escalation in Zoom Workplace mobile clients (Android before 7.0.4, iOS before 7.0.3) stems from improper authorization in the handler for a custom URL scheme, allowing a remote attacker to elevate privileges over network access. The CVSS 8.1 rating reflects high confidentiality and integrity impact with low-complexity exploitation, though no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Account takeover in phpBB via OAuth state-verification flaw enables remote attackers to link a victim's forum account to an attacker-controlled identity provider account. Successful exploitation requires the victim to click an attacker-crafted link while authenticated, after which the attacker can authenticate as the victim through the linked external provider. No public exploit identified at time of analysis, but a vendor community advisory has been published.
Information disclosure in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X) allows unauthenticated remote attackers to retrieve partial system configuration data by invoking a specific function that lacks authentication enforcement. The flaw is reported by TWCERT and carries a CVSS 4.0 base of 7.9, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. No public exploit identified at time of analysis, but Adobe Reader memory corruption flaws have a long history of being weaponized in targeted attacks.
Remote code execution in Kitty terminal emulator versions prior to 0.47.0 allows any process or remote peer that can write bytes to the terminal - including SSH sessions, file viewers like cat or less, log tailers, and TUI applications - to execute attacker-supplied Python code inside the running kitty process with full user privileges. Exploitation requires no approval prompt, no shell integration, no clipboard interaction, and no editor involvement, making any rendered untrusted content a viable injection vector. No public exploit identified at time of analysis, but the trivial trigger conditions and broad attack surface make this a high-priority patch.
Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to issue crafted GPU system calls that perform read/write operations on arbitrary freed physical memory pages, enabling kernel memory corruption. The flaw stems from missing deferred-free handling, meaning the GPU can still access pages after the kernel module has released them. No public exploit identified at time of analysis and EPSS is very low (0.02%), but CVSS 7.8 reflects high local impact on confidentiality, integrity, and availability.
Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. Reported by GEN (Gen Digital, Avira's parent).
Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to trigger a heap buffer out-of-bounds write by having the engine scan a malformed MS-DOS executable. The flaw stems from an integer overflow during parsing and can also crash the antivirus engine process, with no public exploit identified at time of analysis.
Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when the scanner processes a malformed PDF file, leading to a heap out-of-bounds read that can corrupt the antivirus engine process. CVSS 7.8 reflects the high impact on confidentiality, integrity, and availability, but exploitation requires the victim to expose the engine to the attacker's file. No public exploit identified at time of analysis.
Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.
Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.