Use-after-free memory corruption in Qualcomm Snapdragon platform driver code allows a local low-privileged process to trigger access of already-freed memory by issuing multiple IOCTL calls that reference the same buffer file descriptor. A successful attacker gains full compromise of confidentiality, integrity, and availability on the affected device, which in practice can mean kernel-level code execution or privilege escalation from an unprivileged app. There is no public exploit identified at time of analysis, EPSS is negligible (0.09%, 1st percentile), and CISA SSVC records no known exploitation.
Local privilege escalation via memory corruption affects a broad range of Qualcomm Snapdragon chipsets, where a use-after-free condition in the device driver's input/output control (ioctl) path for mapping and unmapping persistent memory buffers can be triggered by an authenticated local application. Improper synchronization on these operations lets a low-privileged process corrupt kernel memory to gain full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS is very low (0.09%), consistent with CISA SSVC scoring exploitation as none.
Local privilege escalation in Linuxfabrik Monitoring Plugins (and the underlying linuxfabrik-lib Python library) lets an attacker who already controls the low-privileged nagios account execute arbitrary OS commands, typically as root. The flaw stems from the library's shell_exec() helper splitting assembled command strings on the pipe (|) character, so user-controlled plugin arguments such as restic-check's --repo can inject additional commands. Publicly available exploit code exists (a PoC is included in the vendor advisory), but the issue is not listed in CISA KEV and no EPSS score was provided.
Arbitrary file read in HashiCorp Terraform Enterprise allows an authenticated user to escape the intended repository boundary during VCS-based registry module ingestion, pulling files from outside the source repository into a packaged module and downloading them. Because the ingestion process runs with its own filesystem privileges, an attacker can exfiltrate sensitive files (secrets, configuration, tokens) readable by that process. Reported by HashiCorp with no public exploit identified at time of analysis; the CVSS 7.7 (scope-changed) score reflects high confidentiality impact against a self-hosted enterprise platform.
Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.
Broken access control in FOSSBilling before 0.8.0 lets an unauthenticated attacker who knows an unpaid invoice's hash change the payment gateway (gateway_id) tied to that invoice, because the Guest API invoice/update endpoint omits an authorization check that its sibling invoice endpoints enforce. The attacker can only select gateways an administrator has already installed and configured, and the impact is further gated by the invoice_accessible_from_hash setting, so it cannot redirect funds to an arbitrary external endpoint. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Account takeover in FOSSBilling 0.5.6 through 0.7.2 arises because the reset_password guest API endpoint reuses an existing, unexpired ClientPasswordReset token rather than rotating it on each request. An attacker who has captured a victim's earlier reset link retains a valid path to hijack the account even after the victim requests a fresh reset, since the original token is never invalidated and its 15-minute window is anchored to the first request. No public exploit is identified at time of analysis, and the CVSS 4.0 score is 7.7 (High); version 0.8.0 fixes the flaw.
Cross-tenant information disclosure in OpenRemote Manager lets a realm admin of one tenant read the profile, realm roles, and client roles of any user in any other realm - including the privileged master realm - simply by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl verify the caller's read:admin role but never confirm the target user belongs to the caller's realm, breaking multi-tenant isolation for user data. Publicly available exploit code exists (a working curl-based PoC with live-instance HTTP 200 responses is documented), though it is not listed in CISA KEV and no active exploitation is confirmed.
Remote denial of service in the NATS Server (nats-io/nats-server) leafnode subsystem allows unauthenticated attackers to crash the entire server by sending a second INFO protocol message before CONNECT on the leafnode port, triggering a nil-pointer dereference (c.acc == nil) that panics the process. All server instances exposing a leafnode listener prior to v2.11.17 (2.11.x) and v2.12.8 (2.12.x) are affected. No public exploit has been identified, but the vendor's own regression test (TestLeafNodeSecondInfoBeforeConnectDoesNotPanic) demonstrates the exact crash payload, and the CVSS availability-only vector (7.5) reflects a single-packet, no-auth crash.
Denial of service in NATS Server (nats-server) MQTT handler allows a remote, unauthenticated client to exhaust server memory by sending an MQTT CONNECT packet that declares a large variable-length 'remaining length' before authentication completes. Because the pre-connection MQTT parser failed to enforce the configured max_payload limit, the server would buffer attacker-controlled data unbounded, degrading or crashing the broker (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed by upstream commits, releases, and a GitHub Security Advisory.
Unauthenticated file disclosure in Esri ArcGIS Server (all versions 12.0 and prior) lets remote attackers read sensitive files by supplying crafted path parameters that escape the intended directory. The flaw is network-reachable with no authentication or user interaction and, per CISA's SSVC framework, is automatable with total technical impact, though no public exploit has been identified and EPSS exploitation probability remains modest at 0.72%. Esri disclosed and patched the issue in its May 2026 ArcGIS security bulletin.
Remote denial-of-service in NATS Server (nats-server) affects deployments with the WebSocket listener enabled but MQTT disabled; per the GHSA-p957-7v2w-g93g advisory and the fixing commit, an unauthenticated attacker can send an MQTT-over-WebSocket upgrade request to the WebSocket endpoint while MQTT is turned off, triggering an uncaught exception (CWE-248) that crashes the server (CVSS 7.5, availability-only impact). This is a Linux Foundation CNCF messaging component fixed in nats-server 2.12.12 and 2.14.3. No public exploit identified at time of analysis; not listed in CISA KEV, and EPSS is low at 0.53% (41st percentile), consistent with the SSVC assessment of exploitation 'none' and only partial technical impact.
Arbitrary file read in OpenRemote's KNXProtocol asset-import handler lets any authenticated user (PR:L, any realm) upload a malicious ETS project ZIP whose 0.xml is parsed via Saxon XSLT and XMLInputFactory without XXE hardening, resolving external entities to exfiltrate server files such as /etc/passwd, openmrs-runtime.properties, and cloud credential files, with SSRF against internal endpoints as a secondary impact. This is an incomplete-fix regression of CVE-2026-40882, which only hardened the parallel Velbus handler and left KNXProtocol's two XML parsing calls unprotected. A full working proof-of-concept reproducing both parsing stages is publicly available; the vulnerability is not listed in CISA KEV.
Uncontrolled memory allocation in Python Pillow before 12.3.0 lets a crafted BDF font file exhaust available memory and crash the host application. The BdfFontFile parser trusts the attacker-supplied BBX width/height fields and hands them to Image.new() while skipping Pillow's decompression-bomb size check, so a tiny malicious font can request a huge in-memory bitmap. Impact is availability-only (denial of service); there is no public exploit identified at time of analysis and the issue is not in CISA KEV.
Denial-of-service via memory exhaustion in Python Pillow before 12.3.0 allows a crafted GD-format (.gd) image to trigger excessive C-heap allocation when opened, because GdImageFile._open() reads image dimensions straight from the GD 2.x header without invoking Pillow's Image._decompression_bomb_check() guard. Any application that loads untrusted .gd files with a vulnerable Pillow version can be crashed or driven into out-of-memory conditions. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.5 (availability-only impact).
Uncontrolled memory allocation in Python Pillow before 12.3.0 allows a maliciously crafted font file to trigger excessive memory consumption and denial of service when its glyphs are compiled into a combined bitmap. FontFile.compile() builds the output image via Image.new("1", (xsize, ysize)) without invoking Pillow's decompression-bomb guard, so oversized glyph dimensions are allocated unchecked during conversion or saving. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the availability-only impact (CVSS 7.5) reflects resource exhaustion rather than code execution or data disclosure.
Denial of service in the vLLM LLM inference server (all versions prior to 0.24.0) allows a remote client to crash the shared engine worker by sending a specific multi-request speculative decoding workload. The rejection sampler produces a recovered token equal to the vocabulary-size boundary, which is coerced to -1, written back into the drafter's input ids, and later dereferenced by the embedding/attention path, triggering a GPU device-side assertion that kills the worker. There is no public exploit identified at time of analysis and this CVE is not in CISA KEV; per CVSS the impact is availability-only (C:N/I:N/A:H) with a low EPSS profile expected for a crash-only bug.
Uncontrolled memory allocation in the Python Pillow imaging library (all versions prior to 12.3.0) allows a crafted PCF bitmap font to exhaust process memory and crash the host application. The PcfFontFile bitmap loader trusts attacker-supplied glyph dimensions from the font's METRICS section and hands them straight to Image.frombytes() while skipping Pillow's decompression-bomb guard. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is an availability-only denial of service (CVSS 7.5), not the information disclosure implied by the source tag.
Unauthenticated video stream access in Genetec Security Center 5.14.0.0 (builds prior to 5.14.178.18) lets remote attackers pull live video feeds by exploiting a flaw in the authentication mechanism that guards video stream requests. Because the CVSS vector is AV:N/PR:N/UI:N, no credentials or user interaction are needed, and the CWE-287 root cause means the stream endpoint fails to properly verify the requester's identity. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was provided.
Information disclosure in HP Deskjet 2800 Series printers running firmware TBP1CN2612AR or earlier lets an unauthenticated attacker on the network read sensitive configuration - including plaintext Wi‑Fi Direct credentials, device identity, and administrative security state - by sending plain GET requests to administrative API endpoints. The same data is gated behind administrator login in the web UI, so these API endpoints bypass the product's own access-control model. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Header injection in the Apache Camel camel-nats component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) allows any NATS client that can publish to a consumed subject to inject arbitrary Camel-internal control headers into the Exchange because the consumer's default DefaultHeaderFilterStrategy has no inbound filter rules. An attacker can override headers such as CamelHttpUri, CamelFileName, or CamelSqlQuery to redirect HTTP producers, rename files, or alter queries in downstream route steps. No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile) and CISA SSVC lists exploitation as none, but the flaw is remotely reachable without credentials when the NATS server runs with its default (no-auth) configuration.
Query injection and authorization bypass in the Apache Camel Lucene component (camel-lucene) lets remote unauthenticated HTTP clients override the full-text search a route intends to run. Because the raw header names QUERY and RETURN_LUCENE_DOCS lack the Camel/camel prefix, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so an attacker-supplied header flows straight into the Exchange and executes against the index - enabling disclosure of documents the requester should not see (e.g. a match-all query dumping the whole index) and CPU-heavy regex queries. Affects 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x; no public exploit identified at time of analysis, and EPSS is low (0.16%, 6th percentile).
Denial of service in Apache IoTDB versions 1.3.3 through 2.0.7 lets remote attackers crash the DataNode process by submitting a single query whose time span and aggregation interval are unbounded. Because the affected query interface enforces no reasonable limit on these parameters, a request combining a very large time range with a minimal interval forces the DataNode to materialize an enormous result set in memory, exhausting the Java heap. No public exploit has been identified at time of analysis and the issue is not in CISA KEV, but the fix is easy to reverse-engineer from the version bump to 2.0.8.
Denial of service in the mruby/c lightweight Ruby VM (all releases through 3.4.1) arises from a NULL pointer dereference in op_super()/OP_SUPER within src/vm.c, where a runtime guard for a top-level 'super' call is missing. When the interpreter executes a script that invokes 'super' outside of any method context, the VM dereferences a NULL pointer and crashes. There is no public exploit identified at time of analysis, and the low EPSS score (0.15%, 5th percentile) reflects limited exploitation interest; impact is confined to availability (CWE-476).
Confused-deputy operation redirection in the Apache Camel camel-cxf SOAP component (versions 4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets an attacker steer which backend SOAP operation gets invoked. Because the operationName / operationNamespace selection headers lacked the Camel/camel prefix, HttpHeaderFilterStrategy failed to strip them at the HTTP boundary, so in any route bridging an HTTP consumer (e.g. platform-http) into a cxf: producer, an HTTP client could inject these headers and force CxfProducer to call a different WSDL operation than intended - for example swapping a read for a destructive write. No public exploit is identified at time of analysis, EPSS is low (0.15%), and it is not in CISA KEV.
Uncontrolled memory consumption in the Perl module Imager::File::JPEG (before 1.003, and bundled in Imager before 1.032) lets remote attackers exhaust process memory by submitting a JPEG containing many repeated APP13 (Photoshop/IPTC) markers. The i_readjpeg_wiol handler leaks the heap payload of every APP13 marker except the last on each read, so long-lived services that decode attacker-supplied images accumulate leaks until the process is killed, causing denial of service. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the fix (Imager::File::JPEG 1.003 / Imager 1.032) is available and the trigger is trivial to craft.
Account takeover in Coder's OIDC login (versions before v2.34.2, v2.33.8, v2.32.7, and ESR v2.29.17) lets an attacker who controls a matching email address at the configured identity provider log in as a victim and seize their workspaces, templates and resources. Two chained flaws are responsible: email-based user matching silently linked accounts by email without verifying an existing IdP-subject link, and the email_verified claim was only honored when explicitly boolean false, so absent or malformed claims were treated as verified. CVSS is 7.4 (High) with no public exploit identified at time of analysis; the issue was privately reported by Anthropic's Security Team.
Account takeover in Coder's OIDC login flow allows an unauthenticated remote attacker to hijack an existing user account by registering the victim's email at a compatible identity provider. A Go `bool` type assertion on the `email_verified` claim failed open when an IdP returned the claim as a non-boolean (e.g. the string "false") or omitted it entirely, and an unconditional email-based account fallback then matched the attacker's session to the victim's account. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was privately disclosed by Anthropic's Security Team and fixed across all supported release lines.
Man-in-the-middle interception affects the Coder AI Bridge Proxy (aibridgeproxyd), introduced in Coder v2.30.0, where the goproxy default transport set InsecureSkipVerify:true and only used a secure transport when an upstream proxy was configured. In the default no-upstream-proxy configuration, outbound HTTPS to the Coder access URL accepted any TLS certificate, letting an on-path attacker decrypt traffic and steal Coder session tokens, BYOK provider API keys, and full prompt/completion bodies. CVSS 7.4 (High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so risk hinges on an attacker already holding a network-adjacent position.
Improper input validation in Apache Camel (versions through 4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.0) allows remote attackers to trigger information disclosure and limited integrity/availability effects against exposed Camel integration endpoints. The CVSS 3.1 base score is 7.3 (High) with a fully remote, unauthenticated vector, and the Apache-issued advisory tags the flaw as Information Disclosure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege vector warrants prompt patching.
Improper input validation in Apache Camel - the open-source Java integration framework - affects versions through 4.14.7, 4.15.0 through 4.18.2, and 4.19.0 through 4.20.0, and per the Apache-published advisory carries partial (Low) impact to confidentiality, integrity, and availability. Tagged as an Information Disclosure issue, it is remotely reachable per the CVSS network vector and appears to let a remote attacker submit malformed input that the framework fails to properly validate, potentially exposing limited data or perturbing message processing. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Improper input validation in Apache Camel versions 4.8.0 through 4.18.2 and 4.19.0 through 4.20.0 allows remote unauthenticated attackers to send crafted input that the framework fails to validate, yielding limited information disclosure and partial integrity/availability impact per the CVSS vector. The flaw is reported directly by the Apache Software Foundation and is fixed in 4.18.3 and 4.21.0; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. The moderate 7.3 (High) score reflects easy network reachability but limited per-impact severity (C:L/I:L/A:L).
Untrusted JMS deserialization in Apache Camel's JMS-family components (camel-jms, camel-sjms, camel-sjms2, camel-amqp, camel-activemq, camel-activemq6) lets an attacker who can publish an ObjectMessage to a consumed queue or topic inject arbitrary Exchange state - body, IN/OUT headers, properties, variables, exchange id and exception - into a Camel route. It affects 3.0.0 through 4.14.7, 4.15.0 through 4.18.2, and 4.19.0 through 4.20.x when mapJmsMessage (the default) is enabled and Camel acts as a JMS consumer. This is a bypass of the earlier CVE-2026-40860 hardening, requires no gadget chain (only java.lang/java.util types), carries CVSS 7.3, and has no public exploit identified at time of analysis (EPSS 0.18%).
{user}/password, because the endpoint only checked ActionUpdatePersonal and never required the current password when an admin reset another user. A user-admin can therefore hijack an owner account and gain full deployment control, including self-assigning the owner role. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the practical blast radius is bounded by the need to already hold the privileged user-admin role.
Local privilege escalation and memory corruption in Qualcomm Snapdragon chipset drivers allows a malicious application to trigger a use-after-free by issuing multiple IOCTL calls that reference the same buffer file descriptor. The flaw affects a broad range of Snapdragon mobile, compute, connectivity (FastConnect/WCN/WCD/WSA) and XR platforms, and successful exploitation can corrupt kernel memory to gain high impact on confidentiality, integrity and availability. There is no public exploit identified at time of analysis, EPSS risk is very low (0.09%), and CISA SSVC rates exploitation as none.
Brute-force protection bypass in the 9router dashboard (npm package 9router) lets remote attackers defeat the login lockout by rotating the attacker-controlled X-Forwarded-For header on each request, giving every attempt a fresh rate-limit bucket. Because the CVSS vector is PR:N/UI:N, unauthenticated remote attackers can target any instance directly exposed or sitting behind a proxy that does not overwrite forwarding headers, enabling unlimited password guessing and, against default or weak credentials, full administrative takeover. A working exploit is published in the GitHub Security Advisory (GHSA-7cfm-pqrj-xgq7); the issue is not listed in CISA KEV and no EPSS score was provided.
Cross-site scripting in Roundcube Webmail allows remote attackers to inject arbitrary script into a victim's authenticated mail session, with the CVSS scope-change flag indicating the payload can affect resources beyond the vulnerable component (e.g. the surrounding webmail DOM/session). The flaw was fixed in releases 1.6.17 and 1.7.2 announced on 2026-07-05 and was reported through Ubuntu's security tracker; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is rated CVSS 7.2 driven largely by the scope change, though confidentiality and integrity impact are each only Low and availability is unaffected.
Protocol injection in NATS Server MQTT support allows an authenticated MQTT client to smuggle control characters (tab, newline, carriage return, form feed) inside publish and Will topics, which corrupt the NATS wire protocol when the topic is converted to a NATS subject and forwarded across leaf node connections. Fixed in nats-server v2.12.9 and v2.14.1, the flaw (GHSA-qrcv-3558-gj4f, CWE-74) is tagged Information Disclosure and lets a low-privileged publisher influence how messages are framed and routed to other connections. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in vLLM 0.12.0 through 0.23.x lets any authorized API caller crash the entire inference server by submitting a pure prompt-embeddings payload to the /v1/completions endpoint when a model using M-RoPE (multimodal rotary position embedding) is loaded. The malformed request trips a reachable assertion in the EngineCore process, which terminates the whole server rather than rejecting the single request. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in vLLM 0.24.0.
Arbitrary file write via path traversal in pnpm prior to 10.34.4 and 11.7.0 lets a crafted lockfile place or overwrite files outside the intended hoisted node_modules directory when a victim installs dependencies. A malicious pnpm-lock.yaml can supply an alias containing traversal sequences (e.g. ../) to escape the module directory, or use reserved aliases like .bin or .pnpm to clobber pnpm-owned layout, enabling integrity compromise of the install tree. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is remotely deliverable through shared repositories or packages and requires only that a user run an install.
Arbitrary file deletion in pnpm before 10.34.4 and 11.7.0 allows a malicious project to delete any file reachable by the user when they run 'pnpm patch-remove'. A crafted patch entry escapes the configured patches directory via path traversal (CWE-22), so cloning or installing an attacker-controlled repository and running the patch-remove command destroys files outside the project. No public exploit identified at time of analysis and it is not on CISA KEV; exploitation requires the victim to run the specific command against poisoned configuration.
Sensitive key material can be exposed in Qualcomm Snapdragon platforms because AES-GCM key wrapping is performed with a hardcoded/static initialization vector instead of a unique per-call nonce. A local, low-privileged attacker who can collect multiple wrapped outputs can exploit the resulting IV/nonce reuse to recover confidentiality and forge integrity of wrapped keys. There is no public exploit identified at time of analysis, and the issue is disclosed via Qualcomm's July 2026 security bulletin.
Server-side request forgery in flyto-core (Python pip package) lets an authenticated workflow author bypass the built-in SSRF guard by encoding internal targets as IPv6 transition-form literals (IPv4-mapped `::ffff:127.0.0.1`, 6to4 `2002::/16`, or NAT64 `64:ff9b::/96`), causing the `http.get` atomic module and ~10 sibling fetch modules to perform outbound reads against loopback, RFC 1918, and cloud instance-metadata endpoints and return the response body. The reporter provides a full working end-to-end reproduction against a clean install of default-branch HEAD, so publicly available exploit code exists, though there is no evidence of active exploitation and no CISA KEV listing. CVSS 3.1 base is 7.1 (High); no EPSS score was supplied.
Heap out-of-bounds read in the Perl Imager module (versions before 1.032) lets a crafted SGI image over-read past a decode buffer and crash the process. The flaw lives in the bundled Imager::File::SGI reader's read_rgb_16_rle routine, where a 16-bit RLE literal run is length-checked in pixels but consumed as two bytes per pixel, defeating the bounds guard. No public exploit is identified at time of analysis and it is not listed in CISA KEV; a vendor patch shipped in 1.032.
Information disclosure in SUSE Rancher AI Agent 1.0 before 1.0.2 writes API keys and raw LLM response text (which may contain sensitive data) into logfiles when the DEBUG loglevel is enabled, letting a local attacker with access to those logs harvest credentials and confidential model output. Rated CVSS 4.0 base 7.0, the flaw requires local access and high privileges plus a non-default debug configuration. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation via memory corruption in Qualcomm Snapdragon platforms occurs when asynchronous input parameters are validated and then re-read after modification, a time-of-check/time-of-use race that yields total compromise of confidentiality, integrity, and availability. Affecting a broad range of Snapdragon connectivity, WCD codec, WSA, and compute SoCs, a local low-privileged attacker who can win the race can corrupt memory and gain elevated code execution. No public exploit has been identified at time of analysis and EPSS is negligible (0.09%), but the CVSS 7.0 and 'total' SSVC technical impact make it a meaningful firmware/driver patch target.
c-ares, the widely-embedded asynchronous DNS resolver library, received a security fix in version 1.34.7 addressing CVE-2026-33630, disclosed via the oss-security mailing list. The vulnerability was reported by Haruto Kimura of Stella and is also tracked under GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj. The nature of the flaw, its exploitability, and precise impact are not determinable from the available input data - no description, CVSS vector, or CWE was provided.