Arbitrary content deletion in the Brikk WordPress theme (versions up to and including 3.0.0) allows low-privileged authenticated users to delete site content due to a missing authorization check. The flaw is tracked under Patchstack and ENISA EUVD-2025-210187 with no public exploit identified at time of analysis, and the CVSS 7.5 score reflects high availability impact through destruction of site data.
Address bar spoofing in The Browser Company's Arc Search for Android allows remote attackers to render attacker-controlled content beneath a legitimate-looking URL in the address bar, enabling high-fidelity phishing against mobile users. The flaw maps to CWE-1021 (improper restriction of rendered UI layers) and carries a CVSS 7.4 due to the integrity impact on user trust decisions, though successful exploitation requires user interaction. No public exploit identified at time of analysis, but a HackerOne report (#3705306) suggests reproducible POC details exist within the disclosure program.
Cookie disclosure in yt-dlp (2023.09.24 through versions before 2026.06.09) lets a malicious website exfiltrate a victim's authenticated session cookies when the curl external downloader is in use. Because yt-dlp passes cookies to curl via inline --cookie without activating curl's cookie-scoping engine, curl forwards those cookies across HTTP redirects and to fragment hosts that differ from their parent manifest, so an attacker who lures the user into extracting a crafted URL that redirects to attacker infrastructure receives cookies scoped to a trusted site. This is the curl-downloader counterpart to GHSA-v8mc-9377-rwjj. There is no public exploit identified at time of analysis, though the vendor commit includes a regression test proving the leak; EPSS is low (0.27%, 18th percentile) and it is not in CISA KEV.
Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin testing when `crypto.checkPrime`/`checkPrimeSync` is called with default options, causing crafted composites whose smallest prime factor exceeds 17,863 (e.g. 17,881 × 17,891) to be reported as prime. Remote attackers who control bignums fed into a victim Deno application can therefore smuggle composite values past validation, with no public exploit identified at time of analysis beyond the vendor-published reproducer.
update_disk_psu_baseline.sh requires password in plain text. Rated high severity (CVSS 7.4).
Remote unauthenticated compromise of Oracle Access Manager 12.2.1.4.0 and 14.1.2.1.0 is possible via the Web Server Plugin component over HTTP, allowing attackers to alter or read subsets of OAM data and trigger partial denial of service. The flaw carries a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N) and is rated easily exploitable by Oracle. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Memory safety flaw in the CanvasWebGL graphics component of Mozilla Firefox allows remote attackers to trigger incorrect boundary handling through crafted web content, leading to limited confidentiality, integrity, and availability impact. The issue affects Firefox prior to version 152 and Firefox ESR prior to 140.12, and no public exploit identified at time of analysis. Reported by Mozilla with low complexity and no authentication required (CVSS 7.3).
Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Full compromise of Oracle HR Intelligence (component: Internal Operations) in Oracle E-Business Suite 12.2.3 through 12.2.15 is achievable by an authenticated high-privileged user over the network via HTTP, leading to takeover of the HR Intelligence module with full confidentiality, integrity, and availability impact. The flaw was reported by Oracle and disclosed in the June 2026 Critical Patch Update; there is no public exploit identified at time of analysis and the issue is not on CISA KEV. CVSS 3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting easy exploitation once the high privilege precondition is met.
Privileged takeover of Oracle Application Development Framework (ADF) is possible in Fusion Middleware versions 12.2.1.4.0 and 14.1.2.0.0, where an attacker with high privileges and HTTP network access to the ADF Shared Components can fully compromise the product. The CVSS 3.1 base score is 7.2 with high impact to confidentiality, integrity, and availability, and Oracle classifies the issue as easily exploitable once authentication is obtained. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Full takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible when a high-privileged attacker reaches the Content Server over HTTP, per Oracle's June 2026 Critical Patch Update. The flaw yields complete confidentiality, integrity, and availability compromise (CVSS 7.2) but requires existing elevated privileges, and no public exploit identified at time of analysis. Exploitation is rated easy once the privilege bar is met, making this a priority for environments where many users hold administrative roles in Content Server.
Full takeover of Oracle Public Sector Payroll (E-Business Suite 12.2.3-12.2.15) is possible by a high-privileged, network-adjacent attacker exploiting a flaw in the Internal Operations component, with confidentiality, integrity, and availability all fully impacted. Oracle's June 2026 Critical Patch Update describes the issue as easily exploitable over HTTP once privileges are held, and no public exploit identified at time of analysis. CVSS 3.1 base score is 7.2.
Full compromise of Oracle HR Intelligence (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible by an authenticated high-privileged attacker over HTTP. Successful exploitation results in takeover of the HR Intelligence application with confidentiality, integrity, and availability impact (CVSS 3.1 base 7.2). There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Privileged takeover of Oracle Financials for EMEA (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows an authenticated high-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the module. The CVSS 3.1 base score is 7.2 with vector AV:N/AC:L/PR:H/UI:N, and there is no public exploit identified at time of analysis.
Full product takeover of Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) is possible by an authenticated high-privileged attacker over HTTP, affecting supported versions 12.2.3 through 12.2.15. The flaw yields complete confidentiality, integrity, and availability impact on the application. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Takeover of Oracle Property Manager (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by a high-privileged attacker with HTTP network access, with no public exploit identified at time of analysis. Oracle rates the issue easily exploitable with full confidentiality, integrity, and availability impact, but the PR:H requirement narrows the practical attacker pool to those already holding elevated EBS application privileges. The flaw is disclosed in the Oracle Critical Patch Update of June 2026 and tagged as Information Disclosure / Oracle Property Manager.
Full takeover of Oracle HRMS (UK) - the UK Payroll component of Oracle E-Business Suite versions 12.2.3 through 12.2.15 - is possible by an already-authenticated, highly privileged attacker over HTTP, leading to complete loss of confidentiality, integrity, and availability of the HRMS application. Oracle classifies the issue as easily exploitable but the PR:H requirement narrows the realistic attacker pool to insiders and compromised admin accounts. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Full compromise of Oracle Cost Management (component: Cost Planning) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by an authenticated high-privileged attacker over HTTP, resulting in takeover of the module with high confidentiality, integrity, and availability impact. Oracle's Critical Patch Update for June 2026 (cspujun2026) classifies this as easily exploitable once the privilege prerequisite is met. No public exploit identified at time of analysis and no CISA KEV listing observed.
Full takeover of Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) is possible by an authenticated, high-privileged attacker abusing the Extensibility Framework over HTTPS, yielding complete confidentiality, integrity, and availability compromise of the management platform. Oracle disclosed the issue in the June 2026 Critical Patch Update with a CVSS 3.1 base score of 7.2, and no public exploit identified at time of analysis. Because EM Base Platform manages large fleets of Oracle databases and middleware, a successful compromise gives an attacker a high-value pivot point even though privileged access is required to trigger it.
Privileged takeover of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 is possible through the Extensibility Framework component, enabling an authenticated high-privilege attacker with HTTPS network access to fully compromise confidentiality, integrity, and availability of the management platform. The vendor (Oracle) advisory rates the issue at CVSS 3.1 7.2, and no public exploit identified at time of analysis, but successful exploitation yields complete product takeover. EPSS and CISA KEV signals are not provided in the input data.
Denial of service in n8n workflow automation platform (versions prior to 2.24.0) allows an authenticated user with workflow create/edit permissions to trigger global prototype pollution via a crafted table parameter in the Microsoft SQL node. The pollution of Object.prototype persists for the lifetime of the n8n process, causing application-wide validation failures until the server is restarted. No public exploit identified at time of analysis, though the vendor advisory provides clear technical detail.
Untrusted search path execution in OpenClaw before 2026.5.2 allows a local low-privileged user to coerce maintenance task routines into invoking attacker-controlled executables in place of the intended trash command. By manipulating workspace-derived environment paths consumed during maintenance operations, an authenticated user can hijack command resolution and run arbitrary binaries in the OpenClaw process context. No public exploit identified at time of analysis, but VulnCheck has published a dedicated advisory describing the workspace-derived service path abuse.
Sandbox escape in n8n workflow automation platform allows authenticated users with workflow edit privileges to execute arbitrary code on the Python Task Runner container via a crafted Python Code Node. The flaw affects n8n versions prior to 1.123.48, 2.21.8, and 2.22.4 when the optional Python Task Runner is enabled, and no public exploit identified at time of analysis. Successful exploitation grants code execution inside the task runner container, providing a foothold for further lateral movement within the n8n deployment.
Information disclosure and partial denial of service in Oracle E-Business Suite Enterprise Asset Management (versions 12.2.3 through 12.2.15) allows a low-privileged authenticated attacker with HTTP network access to read all data accessible to the Enterprise Asset Management module and degrade its availability. Oracle rates the issue 7.1 CVSS 3.1 and describes it as easily exploitable. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.
Credential exfiltration in n8n workflow automation platform allows authenticated workflow editors to leak SecurityScorecard API tokens to attacker-controlled hosts. The SecurityScorecard node's report download operation fails to validate the target URL against the credential's allowed-domains restriction, attaching the API token to outbound requests directed at arbitrary attacker URLs. No public exploit identified at time of analysis, but the upstream fix is published and traceable through the vendor's GitHub Security Advisory.
Denial-of-service in Moxa NPort 6000-G2 Series serial device servers allows a low-privileged authenticated attacker to disrupt service and potentially trigger an unexpected device reboot via specially crafted JSON requests to the WebSocket API. The CVSS 4.0 base score of 7.1 reflects high availability impact with no confidentiality or integrity loss. Per current intelligence, there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from an insecure default FTP configuration that transmits credentials and image data in cleartext over the network. Remote attackers positioned on the network path can intercept the unencrypted FTP traffic to capture authentication material and uploaded photographs. No public exploit identified at time of analysis, but the vulnerability is published with a Canon PSIRT advisory and CVSS 4.0 base score of 7.1.
Reflected cross-site scripting in the Media Library Assistant WordPress plugin (versions up to and including 3.35) allows unauthenticated remote attackers to inject script that executes in a victim's browser after a user-interaction event (clicking a crafted link). Per Patchstack, the issue affects David Lingren's plugin and currently has no public exploit identified at time of analysis, but the CVSS 7.1 (scope-changed) reflects that successful execution can pivot into authenticated admin contexts.
Unauthenticated reflected/stored cross-site scripting in the Pods WordPress plugin (versions 3.3.8 and earlier) allows remote attackers to inject malicious script that executes in a victim's browser when they visit a crafted page or link. The flaw requires user interaction (UI:R) and carries a scope change (S:C), letting injected payloads steal session data or perform privileged actions in the WordPress admin context. No public exploit identified at time of analysis, but the unauthenticated nature and broad WordPress plugin install base make this a meaningful risk for site operators.
Reflected cross-site scripting in the WPFactory 'Min Max Step Quantity Limits Manager for WooCommerce' WordPress plugin (versions 5.2.2 and earlier) allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser after the victim clicks a crafted link. The CVSS 3.1 score of 7.1 is elevated by a scope change (S:C), reflecting that script execution can affect the WordPress admin context, but exploitation requires user interaction (UI:R). No public exploit was identified at time of analysis and the issue is not listed in CISA KEV.
Information disclosure in Canon EOS Network Setting Tool version 1.5.0 and earlier stems from improper SSH host key validation (CWE-295), allowing network-positioned attackers to impersonate legitimate SSH endpoints and harvest credentials or configuration data transmitted by the tool. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:P, VC:H) indicates remote exploitation requiring user interaction with high confidentiality impact but no integrity or availability effects. There is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Remotely triggerable denial of service in the Zephyr RTOS networking stack (versions 1.12.0 through 4.4.x) arises from a use-after-free in the IPv6 MLD code path, where mld_send() reads net_pkt_iface(pkt) after net_send_data() has already transferred packet ownership and the L2 driver freed it back to its memory slab. An unauthenticated attacker on the local link can elicit the vulnerable path by sending a crafted MLDv2 General Query, causing a NULL-pointer dereference crash or, in a narrow race, memory corruption via a stray statistics increment. There is no public exploit identified at time of analysis, EPSS is low (0.18%), and the issue is not in CISA KEV; a vendor patch is available.
Improper TLS certificate validation in Canon EOS Network Setting Tool version 1.5.0 and earlier allows network-positioned attackers to intercept communications between the tool and Canon servers via man-in-the-middle attacks. The flaw enables disclosure of sensitive information transmitted during camera network configuration, though no public exploit identified at time of analysis. CVSS 4.0 score of 7.1 reflects high confidentiality impact but requires user interaction (UI:P) to be successful.
Local privilege abuse in Oracle Solaris 11.4 allows a low-privileged authenticated user with logon access to the host to read sensitive filesystem data and trigger a complete denial of service of the operating system. Oracle's June 2026 Critical Patch Update lists this as easily exploitable through the Filesystem component, with a CVSS 3.1 base score of 7.1; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Denial of service (and potential limited memory corruption) in the Zephyr RTOS IPv6 networking stack (versions 3.3.0 through 4.4.0) stems from a use-after-free in the IPv6 Neighbor Discovery send paths, where per-interface ICMP statistics are updated by reading from a network packet after the stack has already freed it. Any unauthenticated on-link node can trigger the Neighbor Advertisement path simply by sending ICMPv6 Neighbor Solicitations to a Zephyr node with native IPv6 and CONFIG_NET_STATISTICS_PER_INTERFACE enabled, causing a freed slab block to be dereferenced. There is no public exploit identified at time of analysis and EPSS is low (0.14%, 4th percentile); a vendor patch is available, and impact is largely limited to crashes/DoS with only theoretical limited memory corruption.
Reflected cross-site scripting in the Enfold WordPress theme versions up to and including 7.1.4 allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the user is lured into clicking a crafted link. The CVSS scope change (S:C) and Low impact across C/I/A indicate the injected script can affect components beyond the vulnerable theme component, typically the authenticated WordPress session. No public exploit identified at time of analysis, though Patchstack's disclosure provides enough detail for skilled researchers to reproduce.
Reflected cross-site scripting in the MagOne WordPress theme versions 9.0 and earlier allows remote unauthenticated attackers to inject arbitrary script into a victim's browser session when the victim is lured to a crafted link. CVSS rates this 7.1 with a scope change (S:C), reflecting the ability to affect resources beyond the vulnerable component such as the authenticated WordPress session. No public exploit identified at time of analysis, but Patchstack has published the advisory in their WordPress vulnerability database.
Reflected/unauthenticated cross-site scripting in the ThemeGoods Grand Car Rental WordPress theme versions 3.7 and earlier lets remote attackers execute arbitrary JavaScript in a victim's browser session after the victim follows a crafted link or visits a malicious page. The flaw carries a CVSS 3.1 base score of 7.1 with scope change, indicating impact beyond the vulnerable component, and no public exploit identified at time of analysis. Disclosure is coordinated through Patchstack and tracked as EUVD-2025-210174.
Reflected/stored cross-site scripting in the Qreatix WordPress theme (versions 1.9.4 and earlier) allows remote unauthenticated attackers to inject arbitrary script that executes in a victim's browser after the victim interacts with a crafted link or page. The flaw is reported by Patchstack and tracked as EUVD-2025-210188; no public exploit identified at time of analysis and no CISA KEV listing. CVSS scope-change rating (7.1) reflects impact on a separate security authority - typically the WordPress admin session of a logged-in user lured to the payload.
Cross-origin credential exposure in Hono web framework versions prior to 4.12.25 allows arbitrary third-party sites to read responses from cookie-authenticated endpoints when applications enable the CORS middleware with credentials: true and leave origin unset. The middleware reflects the request Origin header alongside Access-Control-Allow-Credentials: true, bypassing the browser's standard wildcard-with-credentials safeguard. No public exploit identified at time of analysis, but the misconfiguration pattern is trivial to weaponize and exploitation only requires luring an authenticated user to visit a malicious page.
Same-origin cross-site scripting in n8n workflow automation platform allows an authenticated user with workflow edit privileges to weaponize the Respond to Webhook node and execute JavaScript in another authenticated user's session. The binary response path bypassed the central Content-Security-Policy sandbox header, letting attacker-controlled Content-Type serve executable content from the n8n origin. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Elevation of privilege in the Microsoft Malware Protection Engine (mpengine) - the scanning core shared by Microsoft Defender Antivirus - allows a low-privileged local user, tracked publicly as "RoguePlanet", to gain SYSTEM-level control by abusing how the engine resolves file links (CWE-59). Because the engine runs with the highest privileges, successful exploitation yields total loss of confidentiality, integrity, and availability. Publicly available exploit code exists (MSNightmare/RoguePlanet on GitHub) and SSVC rates technical impact as total, but there is no CISA KEV listing and EPSS is low (0.39%, 30th percentile), indicating no evidence of widespread active exploitation yet.
Stored cross-site scripting in n8n workflow automation platform allows authenticated users with workflow edit permissions to inject arbitrary JavaScript via the Chat Trigger node's webhookId parameter. When a logged-in user visits the chat URL, the injected code executes in the n8n origin with the victim's session privileges, enabling account takeover. No public exploit identified at time of analysis, but a vendor-released patch is available.
Stale authorization caching in Daytona's preview proxy allows unauthenticated access to sandbox previews for a bounded window after their owner switches visibility from public back to private. The flaw affects versions 0.101.0 through 0.183.0 and is limited to ordinary preview ports - terminal, toolbox, and recording-dashboard ports remained protected. No public exploit identified at time of analysis, and the GitHub advisory tags suggesting RCE/Privilege Escalation contradict the advisory's own impact statement, which explicitly rules both out.
Arbitrary Python runtime execution in OpenClaw before 2026.5.2 lets an attacker with write access to the workspace plant a malicious .env file that overrides the CLOUDSDK_PYTHON variable used during Gmail setup, redirecting gcloud invocations to an attacker-controlled Python interpreter and leading to code execution. The CVSS 4.0 vector (AV:L/AT:P/UI:A) confirms the attack is local, requires a specific attack condition, and depends on a user/operator action - no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Untrusted search path in OpenClaw before 2026.5.2 allows local attackers who can influence a workspace .env file to redirect bundled runtime dependency loading to attacker-controlled paths, resulting in arbitrary code execution during dependency resolution. The STATE_DIRECTORY environment variable is not validated before being used to anchor runtime dependency roots, so a poisoned workspace can execute code in the context of a user who opens it. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Untrusted search path in OpenClaw versions prior to 2026.4.29 lets workspace-local .env files override the npm_execpath variable consulted by the install helper, redirecting bundled dependency installation to an attacker-controlled package-manager binary. An attacker who can place files in the workspace can hijack the runtime dependency setup step to compromise the build environment under the developer's identity, with no public exploit identified at time of analysis.
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Symlink confinement bypass in Hugo static site generator v0.123.0 through v0.161.1 allows an attacker who can place a symlink inside a locally-mounted directory - such as a vendored theme under `themes/` - to read arbitrary files accessible to the user running the `hugo` build process. The regression in `RootMappingFs.statRoot` (calling `Stat` instead of `Lstat`) defeats the virtual filesystem's mount boundary enforcement specifically for `resources.Get` direct lookups, while multi-directory walks remained unaffected. No public exploit is identified at time of analysis, but the patch commit and regression test scripts are publicly available on GitHub; the vulnerability is not in CISA KEV.