Authenticated remote code execution in the FileOrganizer WordPress plugin before 1.2.0 lets users granted file-manager access upload arbitrary PHP files because several file-management operations skip file-type validation. Publicly available exploit code exists, and the flaw is an incomplete fix of CVE-2024-7985, which only hardened the upload operation while leaving other file-management endpoints unvalidated. With CVSS 3.1 base 8.8 (PR:L) and a working PoC, any low-privileged account with file-manager rights - extendable to sub-administrator roles via the premium add-on - can achieve full site compromise.
The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web scripts that execute in the context of a logged-in administrator.
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary accounts, including administrators, and take over the site.
The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.
### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "UNIT CELL TRANSLATION" block of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
Privilege escalation to root command execution in Coolify (self-hosted PaaS) prior to 4.0.0-beta.471 lets any authenticated user holding the lowest-privilege team 'member' role run arbitrary OS commands as root on every server Coolify manages. The flaw lives in the GetLogs Livewire component, whose $container public property is unsanitized and lacks the #[Locked] attribute, so any team member can tamper with it over the Livewire wire protocol. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but the low authentication barrier and full CIA impact make it high priority for any multi-tenant Coolify deployment.
Authenticated remote code execution in FOSSBilling 0.6.10 through 0.7.2 lets an admin-privileged user inject arbitrary PHP into config.php via the Config::prettyPrintArrayToPHP() method, which fails to escape single quotes in string configuration values. Because config.php is pulled in through a bare include on every HTTP request, injected code runs persistently on all subsequent requests. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.9, elevated by the persistent, server-wide impact once an admin account is abused.
Authenticated command injection in Coolify (self-hostable PaaS) before 4.0.0-beta.471 lets any user with rights to add file storage execute arbitrary OS commands on the host. The LocalFileVolume::saveStorageOnServer routine assembles shell commands from user-controlled fs_path and parent_dir values without escaping, and submitFileStorage never validates the file-mount path before volume creation, so injected shell metacharacters run when the storage is saved. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; risk stems from the low bar (PR:L) and full-compromise impact.
Authentication bypass in NATS Server (nats-io/nats-server) lets an unauthenticated attacker on an adjacent network connect to the cluster (route) or leafnode listener and be silently dropped into the privileged no_auth_user account, bypassing the separate route/leafnode authorization. Any server configured with no_auth_user is affected up to the fixed releases (v2.11.16, v2.12.7, v2.14.0), enabling cross-account message injection over the internal route protocol. No public exploit identified at time of analysis, though the vendor's own regression test demonstrates the exact attack.
Command injection in Coolify self-hosted PaaS versions prior to 4.0.0-beta.474 allows an authenticated user to run arbitrary OS commands inside the PostgreSQL database container by supplying malicious postgres_user or postgres_db values that are interpolated into shell-form healthcheck commands (CWE-78). Because the CVSS vector is PR:L/UI:N with full high impact to confidentiality, integrity, and availability, any user able to create or configure a database can achieve container-level code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
OS command injection in Coolify (self-hosted server/app/database management platform) versions 4.0.0-beta.471 through 4.0.0-beta.473 lets an authenticated team member run arbitrary shell commands on the underlying host. A regression weakened the SHELL_SAFE_COMMAND_PATTERN allowlist so that ampersands were permitted in custom Docker Compose build, start, and pre/post-deployment command fields, enabling command chaining. The issue is fixed in 4.0.0-beta.474; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Remote code execution via unsafe Java deserialization affects the camel-pqc component of Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x. The HashiCorp Vault and AWS Secrets Manager KeyLifecycleManager implementations (and a legacy-migration path in the file-based manager) read post-quantum key metadata back with a raw ObjectInputStream.readObject() lacking any ObjectInputFilter or allow-list, so a principal able to write to the key backend can plant a gadget object that executes during normal key-lifecycle operations. No public exploit has been identified at time of analysis and EPSS is low (0.19%), but SSVC rates technical impact as total; this is an incomplete-remediation follow-on to CVE-2026-40048.
Multi-factor authentication bypass in Devolutions Server (DVLS) versions 2026.2.4 through 2026.2.8 lets an attacker who already holds valid user credentials authenticate without completing MFA, defeating an enforced 'MFA Required' policy. The flaw triggers when DVLS encounters an invalid default MFA value, causing the mandatory second factor to be skipped. It is vendor-reported with a patch available; no public exploit identified at time of analysis and EPSS exploitation probability is low (0.18%, 8th percentile).
Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote attacker exhaust or crash the network communication subsystem, taking the appliance offline. The flaw is pre-authentication and network-reachable (CVSS 4.0 8.7, availability-only impact), but affects availability only - no confidentiality or integrity loss. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation and memory corruption in Qualcomm Snapdragon WLAN firmware occurs when the driver parses malformed HT40 (40 MHz channel-bonding) layouts during dynamic channel switching, allowing a low-privileged local process to trigger a stack-based buffer overflow (CWE-121) that crosses a trust boundary (CVSS scope changed). Disclosed in the July 2026 Qualcomm security bulletin, it carries a CVSS 8.8 with full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Cross-workspace agent hijacking in Coder (self-hosted cloud development environment platform) lets a user with template-authorship or external-provisioner privileges rebind another user's workspace app to an attacker-controlled agent. By submitting a crafted CompleteJob payload referencing a known victim app UUID, the attacker causes later app traffic - including IDE and terminal sessions - to be proxied through their own workspace, enabling interception. No public exploit is identified at time of analysis; it is not listed in CISA KEV. Fixed in v2.34.2, v2.33.8, v2.32.7, and v2.29.17.
SQL injection in PROG MIS's Prog Management System allows unauthenticated remote attackers to inject arbitrary SQL commands and read arbitrary database contents. The flaw carries a CVSS 4.0 base score of 8.7 (High) and requires no authentication, privileges, or user interaction, but its impact is limited to confidentiality (data disclosure) rather than data modification or service disruption. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed via Taiwan's TWCERT.
Denial of service in vLLM inference servers prior to 0.24.0 allows remote unauthenticated attackers to hang an inference worker indefinitely by submitting a single request with an adversarial regular expression via the structured_outputs.regex API parameter. The pattern is passed to grammar compiler backends (xgrammar with no guard, outlines with structural-but-not-complexity validation) where nested quantifiers trigger exponential state-space expansion (ReDoS). No public exploit identified at time of analysis, though the trivial request-based trigger makes weaponization straightforward.
Privilege retention in FOSSBilling before 0.8.0 allows a suspended or deactivated client, staff, or admin to keep full authenticated access because the session identity loaders in src/di.php never re-check account status. Suspending or deactivating a user does not terminate their live session - access persists until the session expires naturally. This is an authenticated (PR:L) session-management flaw with no public exploit identified at time of analysis and no CISA KEV listing; the vendor rates it 8.7 (CVSS 4.0).
Privilege escalation and unauthorized access in FOSSBilling before 0.8.0 lets authenticated low-privileged staff accounts invoke admin API endpoints they should not reach, exposing sensitive data and enabling actions reserved for higher-privilege roles. The flaw stems from the framework-level can_always_access module flag combined with weak per-endpoint permission checks, so any staff login becomes a stepping stone to sensitive settings. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the GitHub Security Advisory rates it CVSS 4.0 8.7 (High).
Uncontrolled memory allocation in the Elixir Mint HTTP client (Mint.HTTP1 module, versions 0.5.0 through 1.9.0) lets a malicious or compromised HTTP server exhaust a client's memory and force an out-of-memory crash. When decoding a chunked response, Mint buffers every byte of the current chunk in an unbounded iolist and withholds it from the caller until the full declared chunk length arrives, so a server that advertises a huge chunk size (e.g. 0x7FFFFFFF ≈ 2 GiB) and then dribbles bytes slowly drives client memory arbitrarily high. This CWE-770 flaw is a denial-of-service only (VA:H, no confidentiality or integrity impact) with no public exploit identified at time of analysis and no CISA KEV listing.
Unauthenticated denial-of-service in elixir-mint's hpax (the HPACK header-compression library for Elixir HTTP/2, versions 0.1.1 through 1.0.3) allows a remote attacker to force superlinear (~O(N²)) CPU consumption by sending a small header block containing an HPACK integer with a long run of continuation octets. Because BEAM integers are arbitrary-precision, the decoder builds an ever-growing bignum with no upper bound, turning a few crafted bytes into a large, attacker-controlled amount of CPU and transient memory - a classic decompression/amplification DoS. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch (version 1.0.4) is available.
Persistent denial of service in multiple WSO2 products - including WSO2 API Manager, WSO2 Universal Gateway, WSO2 Traffic Manager, and WSO2 API Control Plane - allows an unauthenticated remote attacker to send malicious JSON payloads to the throttling event handling mechanism, crashing or corrupting API Gateway state so that legitimate API traffic can no longer be processed. Because the outage is persistent and requires manual intervention to restore service, and the CVSS scope is changed (S:C), a single request can take down the entire API Gateway tier. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
SQL injection in the Amazon (agentic-community) mcp-gateway-registry before 1.0.13 allows an authenticated remote user to execute arbitrary SQL queries by supplying a crafted table_name that the metrics-service retention policy component interpolates directly into SQL in identifier position. Because the injection sits in an identifier (table name) position rather than a parameterizable value, it bypasses ordinary prepared-statement protections and grants broad read/write access to the metrics datastore. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list; a vendor patch (v1.0.13) is available.
Server-side request forgery in Crawl4AI's Docker API server (versions prior to 0.9.0) lets a remote unauthenticated client coerce the server into fetching attacker-chosen internal, private, or link-local URLs and streaming the response body back. The SSRF destination allowlist check was enforced on the non-streaming /crawl path but omitted from the streaming code path, so requests to POST /crawl/stream - or POST /crawl with crawler_config.stream=true - bypass validation entirely. No public exploit identified at time of analysis, but the fix is public in commit 60886d1 and the root cause (a guard applied to one path but not its sibling) is trivial to reproduce.
Broken object-level authorization in FOSSBilling 0.5.3 through 0.7.2 lets an authenticated client read and reset API key service secrets belonging to orders that are no longer active, such as suspended or canceled orders. Two client API endpoints skip the order-state check that the frontend UI and the module's own isActive() helper otherwise enforce, exposing high-value credentials to any logged-in customer for their non-active services. There is no public exploit identified at time of analysis, and the flaw is fixed in version 0.8.0.
Credential disclosure in Leantime's JSON-RPC API allows an authenticated user to read any account's full credential row - password hashes, TOTP secrets, and session tokens - by invoking the users.getUser method with arbitrary user IDs (CWE-639, broken object-level authorization). Because the API returns records without verifying the caller owns or is authorized for the requested ID, a low-privileged user can enumerate and harvest credentials for every account, including administrators. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 base score is 8.6 (High).
Login CSRF (session fixation) in Leantime's OpenID Connect authentication flow allows an attacker to authenticate a victim into an attacker-controlled account. The root cause is a stubbed verifyState() method that unconditionally returns true, so the OIDC state parameter is never validated, letting a crafted callback URL carrying an attacker-supplied authorization code complete login as the attacker. No public exploit identified at time of analysis, but a vendor patch and a public technical advisory (VulnCheck) exist; CVSS 4.0 is rated 8.6 (High).
Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows an authenticated, low-privileged attacker to manipulate input parameters and read resources or data beyond their authorization scope. The flaw enables information disclosure across authorization boundaries and, per the vendor's CVSS 4.0 vector, can impact downstream systems. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation is restricted to accounts holding specific permissions.
Persistent privilege escalation in FOSSBilling versions prior to 0.8.0 lets a low-privileged staff account holding only the staff.create_and_edit_staff permission promote itself to arbitrary permissions via the admin API, defeating role-based access control. By calling /api/admin/staff/permissions_update against its own account, the staff user writes any permission structure and effectively gains full administrative control. Rated CVSS 4.0 8.5 (High); no public exploit identified at time of analysis and it is not listed in CISA KEV, but the attack is trivially reproducible once a qualifying staff account exists.
Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.
Unauthenticated OS command execution in flyto-core (Python package, confirmed on 2.26.2) allows any client that can reach the HTTP MCP endpoint (POST /mcp) to run arbitrary shell commands as the server process. The JSON-RPC tools/call handler lacks the require_auth dependency present on the equivalent REST route, so an attacker can invoke execute_module against sandbox.execute_shell and reach asyncio.create_subprocess_shell with attacker-controlled input. Publicly available exploit code exists (a curl one-liner and poc.py in the advisory); there is no CISA KEV listing and no EPSS score provided, and by default the server binds to 127.0.0.1, making this a local (CVSS 8.4) issue that becomes network-exploitable only when started with --host 0.0.0.0.
Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 4.0 base score is 8.4 (High).
SSH configuration injection leading to arbitrary code execution in Coder's `coder config-ssh` CLI command allows a malicious or compromised Coder server to write attacker-controlled directives into a developer's `~/.ssh/config`. The command copied server-supplied `HostnameSuffix` and `SSHConfigOptions` values verbatim without stripping newlines, letting an attacker in control of those values inject a directive such as `ProxyCommand` that runs on every SSH connection from the workstation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was found and disclosed by Anthropic's Security Team and is fixed across all supported release lines.
Traffic interception in Coder's tailnet coordinator allows a malicious workspace agent to hijack another agent's tailnet address by advertising forged WireGuard AllowedIPs prefixes. The coordinator authorizes an agent's Addresses against its authenticated UUID but performs no equivalent check on AllowedIPs, which it forwards verbatim to tunnel peers; because ServerTailnet routes by tailnet IP, an attacker who claims a victim's prefix can intercept web terminal and workspace app traffic and serve spoofed content. Rated CVSS 8.2 (CWE-285, improper authorization); a vendor patch is available and no public exploit is identified at time of analysis.
Untrusted Java deserialization in Apache OpenNLP's SvmDoccatModel (libsvm document categorization module, versions 3.0.0-M1 through before 3.0.0-M4) lets an attacker who supplies a crafted serialized stream to the public static SvmDoccatModel.deserialize(InputStream) trigger deserialization of an arbitrary object graph before the SvmDoccatModel cast occurs. Where a usable gadget chain exists on the consuming application's classpath, this yields remote code execution in the loading JVM; OpenNLP ships no gadget itself, so realistic risk falls on downstream apps that embed the module alongside vulnerable transitive dependencies. No public exploit identified at time of analysis and the flaw is not in CISA KEV, though the SSVC assessment marks it automatable with partial technical impact.
Channel-binding downgrade in the pgjdbc PostgreSQL JDBC Driver (releases 42.7.4 through 42.7.11) lets an active man-in-the-middle silently strip SCRAM-SHA-256-PLUS channel binding down to plain SCRAM-SHA-256 even when the client explicitly set channelBinding=require, defeating the exact protection that setting promises. The flaw stems from the bundled com.ongres.scram:scram-client returning an empty binding for certificates whose signature algorithm lacks a tls-server-end-point hash, combined with pgJDBC's ScramAuthenticator failing to reject that empty binding. No public exploit identified at time of analysis and it is not listed in CISA KEV; it is fixed in 42.7.12.
Arbitrary out-of-tree file/symlink write via path traversal in pnpm before 10.34.4 and 11.8.0 allows a malicious repository to escape node_modules/.pnpm-config by committing a crafted pnpm-lock.yaml whose env-lockfile configDependencies section carries a traversal-shaped package name. When a victim runs pnpm install, pnpm trusts that attacker-controlled name and creates a config-dependency symlink at the derived path, letting an attacker place symlinks outside the intended directory. No public exploit is identified at time of analysis, but exploitation only requires the victim to install dependencies from the poisoned repo (UI:R); CVSS is 8.2 (High) with a scope change.
Cypher injection in Apache Camel's camel-neo4j producer allows attackers who control JSON key names in the CamelNeo4jMatchProperties map to execute arbitrary Cypher queries against the connected Neo4j database, enabling unauthorized read, modification, or deletion of any node or relationship. The flaw exists across three release streams (4.10.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) and is a direct bypass of the partial fix introduced in CVE-2025-66169, which bound property values as query parameters but left property names (JSON keys) concatenated verbatim into the WHERE clause. No public exploit code or CISA KEV listing has been identified at time of analysis, though the prior related CVE in the same producer indicates recurring injection exposure in this component.
Stored cross-site scripting in the DrawIO for ownCloud app (versions prior to 1.0.2, shipping with ownCloud 10 before 10.15.3) allows an authenticated user with access to the DrawIO app to persist a malicious payload that later executes in another user's browser session. Because the payload is stored and rendered to victims within the trusted ownCloud origin, it can hijack sessions or act on the victim's behalf. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Remote code execution in the Apache Camel camel-hazelcast component allows an attacker who can join or reach the Hazelcast cluster to run arbitrary code on every Camel node. The flaw exists because Camel-created Hazelcast instances apply no Java deserialization filter by default, so crafted serialized objects sent over the cluster protocol are deserialized (ObjectInputStream.readObject) before Camel processes them. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x whenever a hazelcast consumer or repository uses Camel's own default configuration; there is no public exploit identified at time of analysis and EPSS is low (0.49%, 39th percentile).
Remote code execution in Apache Camel's camel-vertx-http component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0) arises when a producer endpoint deserializes 5xx HTTP response bodies marked application/x-java-serialized-object through a raw java.io.ObjectInputStream with no class filtering. Exploitation is limited to non-default deployments where transferException=true or allowJavaSerializedObject=true is set and throwExceptionOnFailure remains true, letting an attacker who controls or intercepts the backend deliver a malicious serialized object and, given a gadget chain on the classpath, run code on the Camel host. This is a vendor-reported (Apache) issue with a publicly available advisory; there is no public exploit identified at time of analysis and EPSS is low at 0.39% (31st percentile).
Unauthorized tool invocation in the Langroid Python LLM-agent framework lets a user of an exposed chat interface directly execute server-side tool handlers by sending raw tool JSON, even when the tool was registered with use=False, handle=True. Because the dispatch path (agent_response → handle_message → get_tool_messages) never checks whether a message originated from Entity.USER versus Entity.LLM, the use=False guard — which developers reasonably assume blocks end-user invocation — only stops the LLM from emitting the tool, not a user from calling it. A working PoC exists in the advisory (publicly available exploit code exists); depending on which handled tools are enabled, this yields file read/write, database queries, or access to internal orchestration tools.
Blind out-of-band data exfiltration in Apache Camel 4.14.0-4.20.x arises because the default ObjectInputFilter pattern bundled with several components ('java.**;javax.**;org.apache.camel.**;!*') uses a recursive java.** glob that allow-lists java.net.URL and java.net.InetAddress. Remote attackers who can deliver a Java-serialized payload to an affected Camel consumer - most notably the camel-jms family, where JmsBinding.extractBodyFromJms calls ObjectMessage.getObject() by default (mapJmsMessage=true) - can force the JVM to issue DNS queries to an attacker-controlled host during deserialization side-effects, yielding an observable out-of-band channel. Reported by Apache; there is no public exploit identified at time of analysis, EPSS is low (0.31%, 23rd percentile), and it is not listed in CISA KEV.
Remote code execution in ownCloud 10 (before 10.15.3) lets an authenticated administrator abuse a relative path traversal weakness to write or reference files outside intended directories and execute arbitrary code on the server. The high-privilege requirement (PR:H) and high attack complexity (AC:H) constrain who can trigger it, but successful exploitation yields full compromise with a scope change beyond the application context. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.
Identity/authorization header spoofing in Traefik reverse proxy (before v2.11.51, v3.6.22, and v3.7.6) lets an attacker reaching a protected route smuggle an underscore-variant HTTP header past the BasicAuth, DigestAuth, and ForwardAuth middlewares' sanitization. Traefik strips canonical dashed spoofed headers before setting its own trusted value but ignores underscore forms (e.g. X_Forwarded_User vs X-Forwarded-User) that many backends normalize identically, so the forged header reaches the backend alongside — or, on the ForwardAuth authResponseHeaders path, instead of — Traefik's intended value. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but a vendor fix and upstream commit are published.
Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.
Local privilege escalation via memory corruption affects Qualcomm Snapdragon platforms, where allocating memory with sizes exceeding the maximum allowed value corrupts adjacent memory (CWE-126, buffer over-read/overflow). A local attacker with low privileges (PR:L) and no user interaction can compromise confidentiality, integrity, and availability (all High), scoring CVSS 7.8. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.