Uncontrolled CPU consumption in Mistune, a Python Markdown parser, allows remote unauthenticated attackers to cause denial of service against any application that renders untrusted Markdown through versions prior to 3.3.0. The flaw lives in parse_link_text, which runs a regex search inside a loop and re-scans the remaining input each iteration, yielding roughly O(n²) behavior; a tiny payload of many consecutive '[' characters can pin a CPU core. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the trigger is trivial to construct and the GitHub Security Advisory documents the root cause precisely.
Out-of-bounds write in Marlin Firmware (3D printer firmware) through 2.1.2.7 lets attackers corrupt firmware memory through the M421 G-code mesh-bed-leveling handler, which fails to upper-bound the X/Y grid indices before writing a 32-bit float into the z_values array. Any actor able to feed G-code to a printer built with MESH_BED_LEVELING enabled can write an attacker-controlled value past the array, overwriting adjacent firmware state and causing denial of service or unpredictable machine behavior. Publicly available exploit code exists and the fix is committed (1f255d1), but there is no public exploit identified as actively exploited in the wild (not in CISA KEV).
Arbitrary file disclosure in SiYuan personal knowledge management system before 3.7.0 lets an unauthenticated remote attacker read any file inside the workspace directory through its publish-mode HTTP endpoint (default port 6808). The flaw is an incomplete fix for CVE-2026-41894: the earlier patch sanitized the /export/ route but left the identical double-URL-encoding path traversal in the /assets/*path route, exposing conf/conf.json (AccessAuthCode SHA256 hash, API token, sync keys), the temp SQLite databases, and siyuan.log. Publicly available exploit code exists; no public active exploitation has been confirmed.
Sensitive information disclosure in the premium Cornerstone page builder (bundled with the X theme) versions 3.0.0 through 7.8.7 allows any authenticated WordPress user to extract raw password hashes and other private user metadata. The CSS-preview request handler fails to enforce capability checks while exposing its required nonce on every wp-admin page, and publicly available exploit code exists per WPScan, though no active exploitation has been reported.
Authenticated information disclosure in the premium Cornerstone page builder (bundled with the X WordPress theme) before version 7.8.9 allows any logged-in user to enumerate other users' metadata via an unprotected REST API route. Disclosed data includes roles, session token previews, and stored billing/shipping fields, enabling account targeting and potential session abuse. Publicly available exploit code exists per WPScan, though there is no public exploit identified as actively used in the wild and the issue is not listed in CISA KEV.
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 were distributed with malicious code through the vendor's compromised update server, allowing unauthenticated attackers to deploy a second-stage payload that exfiltrates credentials and other sensitive data and grants full control of affected sites.
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by supplying a crafted media file. The flaw is an out-of-bounds read of a language metadata string in gf_media_import (media_import.c), where three characters were read without verifying the string's length. Publicly available exploit code exists (sigdevel PoC), but it is not listed in CISA KEV and EPSS is low (0.19%, 8th percentile), indicating minimal observed real-world exploitation.
Denial of service in GPAC (libgpac/MP4Box) before 26.02.0 lets an attacker crash the application by feeding it a crafted media file that triggers a use-after-free in gf_filter_pid_inst_swap_delete_task within the filter-core PID handling code. Any pipeline or user that parses untrusted media through GPAC is affected, with publicly available proof-of-concept code, though no active exploitation has been reported and EPSS exploitation probability is low (0.17%, 6th percentile). Impact is limited to availability - there is no confidentiality or integrity loss per the CVSS vector.
PHP Object Injection in the Post Duplicator WordPress plugin before 3.0.15 lets authenticated users with Contributor-level access or higher inject arbitrary serialized PHP objects by abusing the plugin's post-duplication routine, which copies attacker-controlled custom meta-data without the WordPress meta API's double-serialization safeguard. Successful exploitation can lead to property-oriented programming attacks and, with a suitable gadget chain present, full compromise of the site. Publicly available exploit code exists (WPScan), though the flaw is not listed in CISA KEV and carries a low EPSS score (0.15%, 5th percentile).
Missing authentication in the Aclara Metrum Cellular Web Interface (a Hubbell/Aclara cellular communications module used in utility smart-grid metering) lets remote attackers reach critical system functions without any credentials. Per the CVSS:4.0 vector (PR:N/UI:N) an unauthenticated network attacker can read and modify operational configuration and force device restarts, and repeated restarts can sever device communications - a pure availability impact (VA:H, no confidentiality or integrity loss). There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV; EPSS data was not provided.
Remote authenticated command injection in Unraid's web management server allows attackers to execute arbitrary OS commands as the www-data user by abusing unsanitized input in ToggleState.php. Any user with low-privilege authenticated web access can chain this CWE-78 flaw into full code execution on the underlying NAS host. Discovered and reported through ZDI (ZDI-CAN-30134 / ZDI-26-386); no public exploit identified at time of analysis and no CISA KEV listing.
Authenticated remote code execution in Unraid stems from OS command injection in the web server's FileUpload.php, where a user-supplied string is passed to a system call without validation, letting any logged-in attacker run arbitrary commands as the www-data user. Tracked as ZDI-CAN-30116 and disclosed via the Zero Day Initiative, it carries a CVSS 8.8 rating; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell syntax that runs as the victim's authenticated SSH account. Affecting Warp from 0.2023.03.21.08.02.stable_00 up to (but not including) 0.2026.05.06.15.42.stable_01, the flaw stems from the terminal trusting the remote working directory, repository, or directory name reported by an SSH session when assembling helper commands for metadata collection. No public exploit identified at time of analysis, though the fix commit ships regression tests that demonstrate the breakout; not listed in CISA KEV and no EPSS provided.
OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).
Authenticated command execution in Appsmith versions prior to 2.1 lets any administrator run arbitrary OS commands inside the application's Docker container. The bundled supervisord exposes an XML-RPC management interface on port 9001, which Appsmith's Caddy reverse proxy publishes externally at /supervisor/* on the public ingress; combined with the supervisord password being readable through GET /api/v1/admin/env, an admin can authenticate to supervisord and abuse twiddler.addProgramToGroup to spawn programs that execute shell commands. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV. Fixed in 2.1.
Trusted measurement-list poisoning in Google go-attestation through 0.6.0 lets a remote actor who controls a TPM event log fed to an attestation verifier inject arbitrary SHA256 hashes into the verifier's trusted hash database. Because parseEfiSignatureList() never advances past the EFI_SIGNATURE_LIST SignatureHeaderSize vendor bytes, those attacker-chosen bytes are accepted as legitimate hash entries, allowing a compromised boot state to be attested as healthy. No public exploit identified at time of analysis, but the fix is upstream in v0.6.1 and the root cause is documented in GHSA-9r4w-jg96-92mv.
Account takeover in the Ultimate Member WordPress plugin (versions ≤ 2.11.4) allows Contributor-level authenticated users to harvest live password reset links for any account, including administrators, by chaining three logic bugs in the member directory subsystem. The flaw enables full site compromise because reset URLs can be used to set new administrator passwords. No public exploit identified at time of analysis, though Wordfence has published detailed technical write-ups that significantly lower the bar for weaponization.
Privilege escalation in the Welcome Software Publishing WordPress plugin (versions ≤ 0.0.31) allows any authenticated user with Subscriber-level access or above to update arbitrary WordPress options via the nc.setOption XML-RPC method. By modifying the default_role option to 'administrator' and registering a new account, attackers achieve full site takeover. No public exploit identified at time of analysis, but the attack pattern is trivial and well-documented for similar WordPress XML-RPC missing-capability flaws.
Unauthenticated account self-registration in MailerUp before 1.0.1 lets any remote attacker POST to /api/auth/register/ and obtain a working account, even on instances where operators intended registration to be closed, because the RegisterView is wired with Django REST Framework's AllowAny permission and enforces no email verification, CAPTCHA, or admin approval. Once registered, the attacker can read every email stored by the instance, yielding full disclosure of all stored messages. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch (1.0.1) removes the public registration endpoint entirely.
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
Arbitrary file write and information disclosure in Jellyfin self-hosted media server (all versions prior to 10.11.10) arise from FFmpeg argument injection in the subtitle conversion path. Because SubtitleController.GetSubtitle carries no [Authorize] attribute, an attacker who can place a maliciously named file into a Jellyfin media library directory (e.g., via a shared NAS, Samba share, or guest upload) can break FFmpeg's argument quoting on Linux and inject arbitrary FFmpeg flags. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated endpoint and high CVSS (8.8) make it a meaningful concern for exposed instances.
Arbitrary file write in Jellyfin media server (10.9.0 through 10.11.9) lets any authenticated non-admin user abuse the POST /ClientLog/Document endpoint to plant attacker-controlled content outside the intended log directory. The endpoint trusts the Client and Version fields of the Authorization header and uses them unsanitized to build the on-disk filename, so embedding ../ sequences in the Client field redirects writes to any path reachable by the Jellyfin service account, with a forced .log extension. No public exploit has been identified at time of analysis, and the issue is fixed in 10.11.10.
Local privilege escalation in the Linux kernel's PPP driver allows an unprivileged user to issue network-administration ioctls against a network namespace they should not control. The /dev/ppp device authorizes opens against the file owner's user namespace (f_cred->user_ns) while unattached administrative ioctls act on current->nsproxy->net_ns, so a user who creates a new user namespace via CLONE_NEWUSER and gains CAP_NET_ADMIN only there can still invoke PPPIOCNEWUNIT, PPPIOCATTACH, or PPPIOCATTCHAN against an inherited (parent) network namespace. No public exploit identified at time of analysis, and EPSS is low (0.26%, 17th percentile), indicating no current evidence of mass exploitation.
Arbitrary code execution in the Warp agentic development environment (builds 0.2023.10.24.08.03.stable_00 through 0.2026.05.06.15.42.stable_01) arises because the Markdown link handler routes resolved local-file links to the operating system's default file opener. A malicious Markdown document or project repository can embed a benign-looking local-file link that, when clicked, hands an executable (such as an extensionless shell script) to the platform file opener (e.g. NSWorkspace.openURL on macOS) instead of a safe viewer/editor, executing it. There is no public exploit identified at time of analysis, but the fix is confirmed in 0.2026.05.06.15.42.stable_01 and the root cause is documented in the upstream commit and GHSA advisory.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.197 stems from a use-after-free condition in the Autofill component, letting a remote attacker run arbitrary code in the renderer when a victim opens a malicious web page. Chromium rates the flaw Critical and CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, tempered by the requirement that the user load attacker-controlled content. There is no public exploit identified at time of analysis, and SSVC records exploitation status as none, but the 'total' technical impact makes prompt patching important.
Remote code execution in Google Chrome's Blink rendering engine (InterestGroups component, part of the Privacy Sandbox/Protected Audience ad-auction API) affects all desktop versions prior to 149.0.7827.197. A crafted HTML page triggers an out-of-bounds read and write that a remote attacker can leverage to execute arbitrary code in the renderer; Chromium rates this Critical and assigns CVSS 8.8. There is no public exploit identified at time of analysis, but a vendor patch is already available, making prompt updating the priority.
Arbitrary local file write in Warp terminal (0.2025.03.05.08.02.stable_00 through builds before 0.2026.05.06.15.42.stable_01) lets malicious terminal output silently drop attacker-controlled files onto disk. Warp honored non-inline OSC 1337;File (and multipart MultipartFile) iTerm2 escape sequences by base64-decoding the payload and writing it to the active block's current working directory using the attacker-supplied filename, with no confirmation prompt. Because shell startup files such as .zshenv can be overwritten this way, the write converts into code execution on the victim's host; no public exploit identified at time of analysis and the issue is not in CISA KEV.
Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS of 8.8; it requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with the CISA SSVC framework recording exploitation status as none.
Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome browser bugs of this class are historically high-value targets. Exploitation requires user interaction (loading a malicious page) but no authentication.
Remote code execution in Google Chrome for macOS prior to 149.0.7827.197 stems from a use-after-free in the browser's Bluetooth subsystem, letting a malicious Bluetooth peripheral corrupt memory and execute arbitrary code in the browser process. The flaw is rated High severity by Chromium with a CVSS 8.8, requires user interaction (UI:R) but no privileges, and currently has no public exploit identified at time of analysis; CISA SSVC marks exploitation status as none.
Renderer-side heap corruption in Google Chrome's FileSystem component (versions prior to 149.0.7827.197) lets a remote attacker who lures a victim to a crafted HTML page trigger a use-after-free, potentially leading to arbitrary code execution within the renderer. Rated High severity by Chromium with a CVSS of 8.8; no public exploit identified at time of analysis, and CISA's SSVC framework currently records exploitation status as 'none'. EPSS data was not provided, but the user-interaction requirement (visiting a page) is the only meaningful barrier, making this a routine but real browser-patch priority.
Heap corruption via use-after-free in Google Chrome's Digital Credentials component on macOS allows a remote attacker to potentially execute code by luring a victim to a crafted HTML page, affecting Chrome builds prior to 149.0.7827.197. The flaw was reported internally by Google's Chrome team, and per CISA's SSVC framework exploitation is currently 'none', so this is no public exploit identified at time of analysis despite a high (8.8) CVSS score requiring user interaction. EPSS data was not provided, but the absence of KEV listing and no observed exploitation point to risk driven by Chrome's massive install base rather than confirmed in-the-wild abuse.
Use-after-free in the Linux kernel Bluetooth subsystem allows a crafted sequence of socket polling and connection teardown to dereference a freed sock structure, because bt_sock_poll() walks the per-socket accept queue without synchronization while a concurrent child teardown unlinks the same socket and drops its last reference. The flaw has existed since the original Bluetooth import and affects effectively all kernel versions until the fixed stable releases; EPSS is low (0.18%, 7th percentile) and there is no public exploit identified at time of analysis. Successful exploitation of the freed-object access can corrupt kernel memory, enabling denial of service and potentially privilege escalation.
Improper DMA-alias handling in the Linux kernel's AMD IOMMU driver lets a stale or incorrect Device Table Entry (DTE) be propagated to an alias PCI device, weakening the DMA isolation the IOMMU is meant to enforce. The flaw affects systems on AMD platforms where pci_for_each_dma_alias() supplies an alias-rather than the original-device to clone_alias(), causing the wrong source devid to be used when copying the DTE. EPSS is low (0.17%, 6th percentile) and there is no public exploit identified at time of analysis.
Privilege/isolation bypass in the Linux kernel RISC-V IOMMU driver allows a local low-privileged actor to leverage stale address translations because the driver failed to issue mandatory TLB and context-cache invalidations (IOTINVAL) after updating Device Directory Table (DDT) or Page Directory Table (PDT) entries. Affecting RISC-V platforms running kernels prior to the stable fixes (6.18.33, 7.0.10, 7.1), the gap can let a device or its controlling principal access memory outside its intended IOMMU domain, breaking DMA isolation. There is no public exploit identified at time of analysis, EPSS risk is low (0.17%, 6th percentile), and it is not in CISA KEV.
Use-after-free in the Linux kernel Bluetooth subsystem allows kernel memory corruption when the HCI connection-request handler (hci_conn_request_evt()) invokes hci_connect_cfm() without holding hdev->lock under the HCI_PROTO_DEFER path. An adjacent attacker within Bluetooth range can race a concurrent connection teardown against a deferred-setup SCO listener to free and reuse the conn object, yielding high confidentiality, integrity, and availability impact (CVSS 8.8). There is no public exploit identified at time of analysis and EPSS is low (0.16%, 6th percentile), reflecting the narrow, race-dependent trigger rather than broad exploitability.
Race-condition memory corruption in the Linux kernel Bluetooth L2CAP stack lets a nearby BLE device crash or potentially compromise an affected host. The l2cap_ecred_reconf_rsp() handler calls l2cap_chan_del() without first taking l2cap_chan_lock(), so a crafted L2CAP Enhanced Credit (ECRED) reconfiguration response can mutate the channel list while another kernel thread iterates it. The flaw carries a vendor CVSS of 8.8 but a very low EPSS (0.16%, 6th percentile), is not in CISA KEV, and no public exploit has been identified at time of analysis; a vendor patch is available.
Kernel heap memory corruption affects the batman-adv (B.A.T.M.A.N. Advanced) mesh routing subsystem of the Linux kernel, where a u16 accumulator in batadv_tvlv_container_list_size() can wrap around when the total size of registered TVLV containers exceeds 65535 bytes, leading to an undersized allocation and a subsequent out-of-bounds memcpy write in batadv_tvlv_container_ogm_append(). An attacker positioned on the mesh able to drive TVLV container accumulation past U16_MAX can corrupt adjacent kernel memory, risking denial of service or potential code execution. This is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.16%), and it is not listed in CISA KEV.
Use-after-free in the Linux kernel's IOMMU subsystem allows a local low-privileged actor with device-management access to corrupt kernel memory by racing a domain re-attach against an in-progress PCI device reset. The flaw lies in __iommu_group_set_domain_internal(), where the group->recovery_cnt fence wrongly rejected mandatory detach/teardown callers (IOMMU_SET_DOMAIN_MUST_SUCCEED), so group->domain could be freed while still referenced, and pci_dev_reset_iommu_done() could then re-attach the dangling pointer. EPSS is low at 0.16% (6th percentile) and there is no public exploit identified at time of analysis, but the high CVSS (8.8) reflects full kernel-memory confidentiality, integrity, and availability impact.
{ output: 'object' })`, the Expand API, and the transform lifecycle, and is most dangerous when Style Dictionary runs inside a Node.js server that ingests untrusted tokens. No public exploit identified at time of analysis and CISA has not listed it in KEV.
Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.
Authenticated PHP code injection in the AdRotate Banner Manager WordPress plugin (versions ≤5.17.7) allows Contributor-level users to execute arbitrary PHP on the server by abusing the 'banner' attribute of the [adrotate] shortcode. Exploitation requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings, where unsanitized input is concatenated into a PHP string wrapped in mfunc/fragment cache markers. Reported by Wordfence; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cross-tenant data poisoning in Supabase Capgo before 12.128.2 allows remote unauthenticated attackers to corrupt billing and quota records by invoking the SECURITY DEFINER record_build_time RPC with only a public anon API key. The flaw stems from missing authorization inside a privilege-elevated PostgREST function, enabling arbitrary build-time inserts against any organization. No public exploit identified at time of analysis, but the trivial network-reachable invocation pattern makes weaponization straightforward.
Session-destruction denial of service in Rocket.Chat's SAML single logout allows an unauthenticated remote attacker to forcibly log out any SAML-authenticated user by submitting a forged, unsigned LogoutRequest to the SP logout endpoint. Because the integration never validates the SAML signature, an attacker who knows only a victim's NameID - typically their email address, as exposed by Okta, Google Workspace, Microsoft Entra ID, and JumpCloud - can repeatedly destroy sessions and script the attack across many accounts to render the instance unusable. No public exploit identified at time of analysis; the CVSS 4.0 base score is 8.7 (availability-only impact), and fixes are available across all maintained release branches.
Unauthenticated OAuth secret disclosure in FlowiseAI Flowise versions 3.0.13 and earlier allows remote attackers to harvest cleartext SSO client secrets for Google, Microsoft/Azure, GitHub, and Auth0 by sending a single GET request to /api/v1/loginmethod with a guessable organizationId. Affects both FlowiseAI Cloud and self-hosted deployments where the endpoint is reachable; publicly available exploit code exists (vendor GHSA includes a complete request/response PoC), and the leaked credentials enable downstream identity-provider compromise.
Server-Side Request Forgery in Mastodon before 4.5.10, 4.4.17, and 4.3.23 lets attackers coerce the server into issuing HTTP requests to loopback interfaces, reaching private resources and internal services that should be unreachable from the public internet. The flaw stems from an incomplete IP-range blocklist that omitted a range capable of resolving to local addresses. No public exploit identified at time of analysis; the upstream advisory (GHSA-crr4-7rm4-8gpw) accompanies the fixed releases.
Arbitrary command execution in the SiYuan Electron desktop client (versions prior to 3.7.0) allows a remote attacker to run OS commands on a victim's machine when they merely view a malicious Bazaar marketplace package's README. The root cause is that Lute's HTML sanitizer fails to strip <iframe> elements, which combine with the Electron client's permissive security settings (e.g. node integration / relaxed sandboxing) to escalate stored XSS into full code execution; notably no package installation is required, only viewing the package details. No public exploit has been identified at time of analysis, but the CVSS 4.0 score of 8.7 (High) reflects high confidentiality, integrity, and availability impact.
Authorization bypass in Capgo before 12.128.2 allows authenticated users with valid subkeys to escape scope restrictions by supplying their own subkey identifier in the x-limited-key-id header, causing middlewareKey to fall back to the unrestricted parent key. With CVSS 4.0 of 8.7 and high impact across confidentiality, integrity, and availability, exploitation only requires low-privileged API access, though no public exploit identified at time of analysis.
Directory ACL bypass in ProFTPD (through 1.3.9b and 1.3.10rc2) lets authenticated FTP users reach files inside DenyAll-protected directories by prefixing paths with /proc/self/root in the RNFR (rename-from) command. Because the CVSS 4.0 vector specifies PR:L, exploitation requires a valid low-privilege FTP account, after which an attacker can rename and then retrieve files that configured Directory ACLs were meant to protect. There is no public exploit identified at time of analysis and no KEV listing, but the VulnCheck-assessed CVSS of 8.6 reflects the strong confidentiality and integrity impact on file-access controls.