Apify API token exfiltration in @apify/actors-mcp-server 0.10.7 lets a remote attacker steal a victim's bearer credential via URL authority injection (CWE-918/SSRF). Because getActorMCPServerURL() naively concatenates a trusted standby base URL with an attacker-controlled webServerMcpPath from an Actor definition, an Actor published with a value like '@attacker.example/mcp' causes the WHATWG URL parser to resolve the outbound connection to the attacker's host, and connectMCPClient() unconditionally forwards the victim's 'Authorization: Bearer <APIFY_TOKEN>' header there. Publicly available exploit code exists (a Docker-based PoC that captures the token on an attacker HTTPS server); no active exploitation is confirmed.
Access-control bypass in the goshs WebDAV listener (Go package goshs.de/goshs/v2, all releases through v2.0.9) lets an authenticated WebDAV client write, delete, and create files even when the operator started the server with --read-only, --upload-only, or --no-delete. The mode-restriction flags are enforced only on the primary HTTP port, while the WebDAV port (-w/-wp) wires requests straight into golang.org/x/net/webdav.Handler with no guard, so PUT/DELETE/MKCOL/MOVE/COPY succeed regardless of operator intent. A working proof of concept is published in the GitHub Security Advisory (GHSA-3whc-qvhv-xqjp); publicly available exploit code exists, but there is no public exploit identified as being used in active attacks.
Log injection in Elastic Kibana (fixed in 7.17.15 and 8.11.1) allows an attacker with low-privilege access to embed unneutralized control characters in input that Kibana writes verbatim to its log files; when an operator later views those logs in a terminal that interprets ANSI/control sequences, the injected payload can forge, hide, or rewrite displayed log content. The issue is tracked as CWE-117 (Improper Output Neutralization for Logs) and carries a vendor CVSS of 8.0. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
### Summary A memory-safety vulnerability in Open Babel's PQS parser caused an uninitialized pointer dereference when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
### Summary A memory-safety vulnerability in Open Babel's PQS parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
### Summary A memory-safety vulnerability in Open Babel's MSI parser allowed an out-of-bounds write into the `translationVectors[]` array when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
### Summary A memory-safety vulnerability in Open Babel's MOPAC input parser allowed an out-of-bounds write into the `translationVectors[]` array when reading Tv (translation-vector) atoms from a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "FINAL POINT" block of a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
### Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
### Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
### Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
### Summary A memory-safety vulnerability in Open Babel's MSI parser caused an uninitialized pointer dereference when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
### Summary A memory-safety vulnerability in Open Babel's GRO parser caused an uninitialized pointer dereference when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
### Summary A memory-safety vulnerability in Open Babel's CSR parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
### Summary A memory-safety vulnerability in Open Babel's MOL2 parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
### Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Out-of-bounds heap write in the RAR5 recovery-volume (.rev) parser of WinRAR, RAR, UnRAR, and unrar.dll (versions before 7.23) lets an attacker corrupt heap memory when a victim runs a recovery, test, or repair operation on a crafted multi-file .rev set. Because subsequent .rev files supply a RecNum value validated only against their own TotalCount and never against the actual RecItems allocation, an attacker-controlled 32-bit value can be written far past the buffer, enabling memory corruption and potential code execution. There is no public exploit identified at time of analysis, but this is the RAR5-path sibling of the previously exploited CVE-2023-40477, and CWE-787 flaws in WinRAR have historically led to reliable RCE.
Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), allowing an attacker who convinces a user to process a malicious artifact to run code in the context of the training/inference workload. Successful exploitation can escalate privileges, tamper with data, and disclose information. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 3.1 vector (AV:L/UI:R) indicates local access with user interaction is required.
Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserialization of untrusted data (CWE-502), where an attacker supplies a crafted serialized object — typically a malicious model checkpoint or configuration artifact — that a user loads locally, yielding code execution, privilege escalation, data tampering, and information disclosure. The CVSS 3.1 base score is 7.8 (High) with a local vector requiring user interaction (AV:L/UI:R) and no attacker privileges. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided.
Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialized object achieve code execution, privilege escalation, data tampering, and information disclosure when a local user loads that data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the attack is local and hinges on the victim opening attacker-controlled content, with no public exploit identified at time of analysis. Megatron Bridge is a specialized NVIDIA library for bridging large-language-model training frameworks, so exposure is concentrated in ML/AI training and research environments rather than general enterprise fleets.
Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, privilege escalation, data tampering, and information disclosure when a user loads attacker-controlled data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) indicates a local attack requiring the victim to open or process a malicious artifact — consistent with unsafe deserialization of a model checkpoint, config, or serialized object. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 (High) rating with full C/I/A impact makes it a meaningful risk on shared or multi-tenant ML infrastructure.
Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamically managed code resources, rooted in an insecure deserialization flaw (CWE-502). A low-privileged local user who can influence the data or model artifacts Megatron Bridge loads can achieve arbitrary code execution, escalate privileges, tamper with data, and disclose information. NVIDIA self-reported the issue with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of attacker-controlled input (CWE-502), allowing a low-privileged local user to achieve arbitrary code execution, tamper with data, and disclose information. NVIDIA reported the flaw with no public exploit identified at time of analysis, and it is not listed in CISA KEV; no EPSS score was provided. Megatron Bridge is an ML/LLM training framework, so impact centers on shared GPU/training hosts rather than internet-facing services.
Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-502), allowing an attacker who tricks a user into loading a crafted serialized object to execute code, escalate privileges, tamper with data, and disclose information. The flaw affects the Megatron Bridge model-conversion/training tooling and is locally exploitable but hinges on victim interaction (UI:R). No public exploit code has been identified and the issue is not in CISA KEV, so there is currently no evidence of active exploitation.
Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization of untrusted data, allowing a local attacker who convinces a user to load a malicious serialized object to run code, tamper with data, and disclose information. NVIDIA (the reporting vendor) rates it 7.8 (High); the CVSS vector requires local access and user interaction, so exploitation is not remote-unauthenticated. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing attacker-controlled requests, potentially leading to disclosure of sensitive information. The flaw (CWE-918) was reported by NVIDIA itself and carries a vendor CVSS 3.1 score of 7.8; notably the vector is scored as local with required user interaction (AV:L/UI:R) rather than a classic remote SSRF, which security teams should reconcile against the SSRF classification. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in Dell Device Management Agent (DDMA) versions prior to 26.05 allows an already-authenticated, low-privileged user on the host to elevate to full system-level control by abusing insecure symbolic/hard link resolution (CWE-59) during file operations. Dell has released a fix in DDMA 26.05. There is no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.12% (3rd percentile), but the SSVC technical impact is rated 'total', reflecting the complete compromise achievable once a foothold exists.
Arbitrary code execution in Amazon's AWS Advanced JDBC Wrapper (versions 3.3.0 through 4.0.0) arises from the RemoteQueryCachePlugin deserializing cached query results from Redis or Valkey via a raw ObjectInputStream with no class filtering. An actor able to write to the shared cache can poison entries with a crafted serialized Java object, triggering gadget-chain execution on every application server that later reads that cache entry. No public exploit identified at time of analysis; risk is elevated because a single poisoned cache key fans out to all consuming app servers.
Privilege escalation to full account takeover in pretix (open-source event ticketing) and its payment integration plugins (Stripe, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, pretix-saferpay) lets an authenticated backend operator become any user and read any data in the system. The flaw chains three weaknesses: a signed-session-parameter transport path with no scope validation, a signing-oracle reuse of the same key/salt in an unrelated Referer-obfuscation redirect, and the admin "act on behalf of" impersonation feature. No public exploit is identified at time of analysis (CVSS 4.0 carries E:U, exploit unproven), but the vendor fixed all affected components in releases published 2026-07-01.
Denial of service in the UltraVNC viewer (vncviewer) through 1.8.2.2 arises from an off-by-one stack buffer overflow in the RFB ServerInit message handler, where a malicious VNC server advertising a desktop name of exactly 2024 bytes forces ReadString to write a NUL terminator at _dn[2024], one byte past a 2024-byte stack buffer. A rogue or compromised server can crash victims who connect to it (reliable process termination on /GS-hardened builds) and potentially corrupt adjacent stack data on canary-less release builds. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation requires the victim to initiate a connection to the attacker-controlled server.
Stack-based buffer overflow in FatFs R0.16 and earlier allows an attacker who can present crafted exFAT media to corrupt the stack via f_getlabel(), because the exFAT volume-label length field (XDIR_NumLabel) is trusted without enforcing the specification maximum. FatFs is an embedded FAT/exFAT filesystem library used across microcontroller and IoT firmware, so any device that mounts and reads the label of attacker-supplied storage is exposed. Publicly available exploit code exists (runZero advisory and SSVC 'PoC'), but there is no public exploit identified in active use and it is not listed in CISA KEV.
Buffer overflow in FatFs R0.16 and earlier arises when long filenames (up to 255 characters, enabled via FF_USE_LFN) returned in fno.fname are copied by downstream callers into short fixed-size buffers without bounds checks, corrupting memory in the embedded application. Reported by runZero, this is a downstream-caller (CWE-120) pattern affecting integrations of the popular ChaN FatFs embedded filesystem library rather than a defect in FatFs core parsing itself. Publicly available exploit code exists (SSVC Exploitation: PoC, runZero GitHub repo) with total technical impact, though the physical attack vector (AV:P) meaningfully constrains real-world reach; no CISA KEV listing.
Integer overflow in ELM-Chan FatFS R0.16 and earlier lets a crafted FAT32 volume corrupt file-size metadata during mount_volume(), where `fasize *= fs->n_fats` wraps and produces attacker-controlled, oversized read lengths in downstream callers. The affected code is a widely embedded FAT filesystem library used across microcontrollers and IoT firmware, and while primarily triggered by mounting malicious media, the vendor notes remote delivery is feasible via OTA/update pipelines. Publicly available exploit code exists (runZero research and proof-of-concept repository); no public exploit identified as actively used and it is not listed in CISA KEV.
Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server resources by submitting highly compressed (data-amplification / decompression-bomb) input that the server improperly handles during decompression. The flaw (CWE-409) affects the Linux distribution of Triton and carries a CVSS 7.5 (availability-only impact); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is limited to availability - no confidentiality or integrity loss.
TLS certificate misissuance affecting Cloudflare Universal SSL zones lets an attacker who controls an ACME account at a CA in the auto-managed CAA RRset obtain a browser-trusted certificate for a victim domain, because Cloudflare's authoritative DNS serves a permissive auto-managed CAA RRset that supersedes customer-set records and drops RFC 8657 accounturi/validationmethods bindings. The result is a bypass of account-binding and validation-method-binding protections end-to-end, enabling MITM against the affected domain. Reported by Cloudflare (researcher David Osipov) with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.6 with high attack complexity and a present attack requirement.
Denial of service in NVIDIA Triton Inference Server for Linux (versions through 26.03) allows a remote attacker to crash the service by triggering a use-after-free (CWE-416) condition, per the NVIDIA product-security advisory. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/A:H) indicates network-reachable, unauthenticated exploitation with high availability impact but no confidentiality or integrity effect. No public exploit identified at time of analysis, and CISA SSVC rates exploitation status as 'none' with an EPSS of 0.54% (41st percentile), consistent with no observed activity.
Denial of service in ClamAV's FSG file format parser allows an unauthenticated remote attacker to crash the scanning engine, and potentially achieve broader memory-corruption impact, by submitting a crafted FSG-compressed portable executable to be scanned. The flaw stems from an out-of-bounds buffer write during FSG decompression, affecting any deployment that scans attacker-supplied files. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-authentication, no-interaction nature (CVSS 7.5) makes it a meaningful availability risk for mail/file-scanning gateways.
Denial of service in ClamAV's PE (Portable Executable) file format parser lets an unauthenticated, remote attacker crash the scanning engine by submitting a crafted PE file for scanning, triggering an out-of-bounds buffer write (CWE-120). Reported by Cisco PSIRT (ClamAV's maintainer), the flaw carries CVSS 7.5 with an availability-only impact; the advisory notes memory corruption could 'possibly' enable expanded impacts beyond DoS. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Denial of service in Apache HttpComponents Core (HttpCore) 5.0-alpha through 5.4.2 and the 5.5 beta line up to 5.5-beta1 allows a remote unauthenticated attacker to exhaust server memory by sending HTTP/1.1 messages containing an excessive number of headers or excessively long headers. The HTTP/1.1 message parser accumulates this header data without enforcing sane bounds, letting a single crafted request drive availability loss (CVSS 7.5, A:H only). There is no public exploit identified at time of analysis, and CISA's SSVC assessment rates exploitation as 'none' with only partial technical impact.
Memory exhaustion denial-of-service in Apache HttpComponents Core's HTTP/2 HPACK decoder allows remote attackers to crash Java services by sending oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement is processed. The root cause is a timing gap in the connection handshake: the server's configured maximum header list size limit is not enforced until after the SETTINGS ACK exchange completes, leaving a window during which an attacker can flood the decoder with arbitrarily large compressed header data. Affected artifacts are org.apache.httpcomponents.core5:httpcore5-h2 versions 5.4.2 and earlier and 5.5-beta1 and earlier. No public exploit or CISA KEV listing has been identified at time of analysis.
Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.
Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.
Denial of service in ClamAV's 7z archive scanner allows a remote, unauthenticated attacker to crash the scanning process by submitting a crafted 7z file, resulting in an out-of-bounds heap write (CWE-120). Because ClamAV is commonly deployed inline on mail gateways and upload-scanning pipelines, a single malicious attachment can be delivered without any interaction or credentials. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though Cisco (ClamAV's maintainer) rates confidentiality/integrity impact as none and availability as high.
{chart}/{type}/ REST route. The plugin route skips the capability checks that WordPress's core REST endpoint for this non-public custom post type enforces (which correctly returns HTTP 401), exposing otherwise-restricted data. Rated CVSS 7.5 (confidentiality-only); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary zero-argument PHP function invocation in the Youtube Showcase (Video Gallery - YouTube Gallery, Playlist & Video Grid) plugin for WordPress affects all versions up to and including 4.0.3, letting authenticated Subscriber-level users abuse the emd_delete_file() AJAX handler to call any callable PHP function name with no arguments. Because the handler validates only a nonce and omits a current_user_can() capability check, low-privileged accounts can trigger functions such as phpinfo(), get_defined_vars(), or error_get_last() to disclose sensitive server and application data. No public exploit identified at time of analysis and the issue is not in CISA KEV, so risk is currently theoretical but credible given the low privilege bar.
Denial of service in Elastic Fleet Server (versions 8.0.0-8.19.10 and 9.0.0-9.2.4) allows remote attackers to exhaust memory by sending a specially crafted request to an upload endpoint, driving excessive allocation until the server becomes unresponsive. The flaw is a resource-throttling failure (CWE-770) with availability-only impact and no confidentiality or integrity loss. No public exploit identified at time of analysis; EPSS is low (0.30%, 22nd percentile) and CISA SSVC records no observed exploitation.