Trust-boundary bypass in Copier 9.5.0 through 9.15.1 lets an attacker-controlled template execute arbitrary commands without the usual --trust confirmation. The flaw stems from the trust prefix check using a raw str.startswith on the un-normalized template URL, so a reference that textually begins with a trusted prefix but contains '..' is granted trust while actually resolving to a different template whose tasks/migrations/jinja_extensions then run. No public exploit identified at time of analysis, and it is not in CISA KEV; fixed in 9.15.2.
Remote heap corruption in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free (CWE-416) in Ozone, the platform abstraction layer that mediates windowing, graphics, and input. A remote attacker who lures a victim into loading a crafted HTML page can trigger the freed-memory reuse and potentially achieve renderer-level code execution; Chromium rates the underlying flaw Critical. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, low-complexity CVSS 8.8 profile makes it a high-priority browser patch.
Privilege/authorization bypass in Progress MOVEit Transfer's Audit User module lets an authenticated low-privileged user perform actions beyond their intended permissions, achieving high confidentiality, integrity, and availability impact (CVSS 8.8). Affected builds are all releases before 2025.0.7 and the 2025.1.x line before 2025.1.3. No public exploit has been identified at time of analysis, and the low EPSS score (0.18%, 8th percentile) with CISA SSVC marking exploitation as 'none' indicates no observed exploitation despite MOVEit's history as a ransomware target.
Heap corruption in Google Chrome's Views UI framework (versions prior to 150.0.7871.115) lets a remote attacker exploit a use-after-free by luring a victim to a crafted HTML page. The flaw, rated Critical by Chromium and CVSS 8.8, requires user interaction (visiting a malicious page) but no authentication; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Google has shipped a stable-channel fix.
Heap corruption in Google Chrome's DOM implementation before 150.0.7871.115 lets a remote attacker corrupt memory when a victim opens a crafted HTML page, a High-severity Chromium bug rated CVSS 8.8. Google has shipped a Stable channel fix and the flaw requires user interaction (visiting a malicious page) but no privileges. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Heap corruption in Google Chrome's Codecs component allows a remote attacker to trigger out-of-bounds read and write operations by luring a victim to open or play a crafted video file, affecting all desktop builds prior to 150.0.7871.115. Rated High by Chromium and CVSS 8.8, it requires user interaction (viewing malicious media) but no privileges, and combines information disclosure with potential memory corruption that could lead to code execution. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Cross-origin WebSocket hijacking in the Cline Hub dashboard server (the process started by `cline dashboard`) before version 3.0.30 lets a malicious website drive an active local Cline session. Because the /browser WebSocket endpoint does not validate the Origin header and isAuthorizedBrowserRequest() trusts any request when ROOM_SECRET is unset on a 127.0.0.1 bind, any site a victim visits can send desktopCommand frames to read workspace state, alter MCP and provider/model settings, and-when a provider or model is configured-invoke command execution on the developer's machine. There is no public exploit identified at time of analysis and it is not in CISA KEV; the flaw is a classic origin-validation gap (CWE-346) fixed in 3.0.30.
Sandbox escape in the OpenJDK packages shipped by Ubuntu allows a compromised sandboxed application to break out and run arbitrary code on the host. Because the packages' .jar MIME handlers execute any file flagged executable (when the mailcap package is present), an app abusing the OpenURI portal through xdg-desktop-portal-gtk can drop a malicious .jar, set its executable bit, and invoke the handler. There is no public exploit identified at time of analysis, but the flaw carries a CVSS 8.8 with a changed scope, reflecting full loss of host confidentiality, integrity and availability once the sandbox boundary is crossed.
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.
Denial of service (with conditional memory corruption) in Das U-Boot bootloader versions through 2026.04-rc3 lets a network-adjacent attacker crash the device before the OS loads by returning a malformed TCP SYN+ACK to a connection U-Boot has initiated. Because the CVSS 4.0 vector (VA:H, no confidentiality/integrity impact) reflects an availability-only bug rooted in an integer underflow (CWE-191), the practical outcome is a bricked/failed boot; when CONFIG_LMB is disabled, the same underflow can corrupt memory. No public exploit identified at time of analysis; not listed in CISA KEV.
Local file inclusion in Repomix's git clone HTTP endpoint lets unauthenticated remote attackers read arbitrary tracked file contents from git repositories on the server's filesystem. The isValidRemoteValue validation in src/core/git/gitRemoteParse.ts does not reject file:// scheme URLs, so a supplied file:///path/to/repo value is passed directly to git clone. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.7 (High) driven by high confidentiality impact with no authentication required.
Denial of service in Parse Server (versions prior to 8.6.82 and 9.9.1-alpha.12) allows remote attackers to hang the Node.js event loop by submitting deeply nested $or, $and, or $nor query operators through the REST API or LiveQuery interface, triggering exponential-time processing in the internal query-traversal helper. Because the vulnerable code path is reachable without authentication and consumes CPU without bound, a single crafted request can render the backend unresponsive to all clients. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service in pypdf before 6.14.2 lets a remote attacker hang any application that parses an attacker-supplied PDF: a page content stream carrying an unterminated inline image with an ASCII85 or ASCIIHex filter drives the parser into an infinite loop (CWE-835), most notably during page text extraction. The pure-Python library is very widely used in document-processing and data-ingestion pipelines, so a single malicious file can pin a CPU core and stall the worker. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the root cause is well-described and trivially reproducible.
Container-to-host sandbox escape in HashiCorp Nomad and Nomad Enterprise lets an authenticated job submitter using the Docker task driver bind-mount an arbitrary host path into their container even when volume bind mounts are administratively disabled, enabling read and write access to files on the underlying host. The scope-changing flaw (CVSS 3.1 8.7) affects the Community and Enterprise editions and is fixed in Nomad 2.0.4 (CE), and Enterprise 2.0.4, 1.11.8, and 1.10.14. There is no public exploit identified at time of analysis and it is not on CISA KEV.
Denial of service in the pypdf Python PDF library (all versions prior to 6.14.1) allows a remote attacker to hang a consuming application by supplying a malicious PDF. A page content stream containing an unterminated inline image drives the inline-image end-marker detection logic into an infinite loop, most notably triggered during page text extraction. No public exploit has been identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects an unauthenticated, low-complexity availability attack, and a fixed release (6.14.1) is available.
Denial of service in the Immutable.js JavaScript library (versions before 4.3.9 and 5.1.8) allows attackers who can influence an index or size value to crash or hang a Node.js/browser process. Passing a value between 2^30 and 2^31 to List#set, setSize, setIn, updateIn (or the functional equivalents) drives setListBounds into an uncatchable infinite loop on empty Lists, unbounded memory allocation until process abort on populated Lists, or a silent integer wrap on setSize. No public exploit code has been identified at time of analysis, and the flaw is not on the CISA KEV list; impact is availability-only.
Uncontrolled resource consumption in Immutable.js prior to 4.3.9 and 5.1.8 lets an attacker who controls keys inserted into an Immutable.Map or Immutable.Set exhaust CPU by supplying many keys that share the same 32-bit hash. Because collisions are stored in a HashCollisionNode bucket that is scanned linearly, insertion and lookup degrade from near-constant to quadratic time, producing a denial of service. No public exploit identified at time of analysis and no active exploitation is indicated, but the CVSS 4.0 score of 8.7 reflects an easy, unauthenticated, network-reachable availability impact wherever user-supplied objects reach these structures.
Denial of service in node-tar prior to 7.5.18 allows remote attackers to hang a Node.js application by feeding it a crafted tar archive: a checksum-valid header carrying a negative base-256 encoded entry size makes the tar.replace scanner advance zero bytes and re-parse the same header forever. No public exploit or active exploitation is identified at time of analysis, but the CVSS 4.0 base score of 8.7 reflects the high, easily-reachable availability impact. Only applications that call tar.replace on untrusted archive input are affected.
Stored cross-site scripting in the Plate rich-text editor (versions 53.0.0 through 53.1.3) lets a crafted document execute attacker JavaScript when a victim opens it. The media embed renderer trusts serialized provider/sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, so an attacker can flag a URL as a legitimate video provider while keeping a javascript: payload that MediaEmbedElement renders directly as an iframe src. No public exploit has been identified at time of analysis, and the flaw is fixed in 53.1.4.
Authorization bypass in Zalando Skipper (<= v0.26.8) lets remote unauthenticated attackers defeat the opaAuthorizeRequestWithBody OPA filter by sending the request body with HTTP/1.1 Transfer-Encoding: chunked or HTTP/2 framing that omits content-length. Because net/http sets ContentLength = -1 for such requests, Skipper's body extractor buffers an empty body, so Rego policies that gate on input.parsed_body evaluate against an empty document, fail open, and forward the forbidden payload upstream. Publicly available exploit code exists (a full E2E Go PoC is embedded in the GHSA advisory); the flaw is not in CISA KEV and no EPSS score was provided.
Cross-origin admin account takeover in the Grav CMS API plugin before v1.0.0-rc.16 stems from two combined weaknesses: JWT tokens are accepted through the ?token= URL query parameter and every API response returns the wildcard Access-Control-Allow-Origin: * header. Any attacker who harvests a leaked JWT from access logs, proxy logs, browser history, or Referrer headers can replay it in fully authenticated cross-origin requests from an arbitrary malicious site, then create persistent super-admin accounts and exfiltrate configuration and user data. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but a vendor patch (v1.0.0-rc.16) is available.
Cross-tenant bundle deletion in Capgo (Capacitor live/OTA update platform) before 12.128.2 lets holders of an upload-scoped API key rewrite the mutable app_versions.r2_path column through the PostgREST data API, retargeting it at another tenant's Cloudflare R2 objects. By pointing a soft-deleted attacker version at a victim bundle and firing the on_version_update cleanup trigger, an attacker deletes the victim's R2 object, breaking that app's over-the-air update delivery. No public exploit is identified at time of analysis, but the mechanism is fully described and CVSS 4.0 rates availability impact as High (8.7).
Broken access control in Capgo (the Capacitor live-update/OTA platform) before 12.128.2 lets any unauthenticated caller holding only the public publishable API key read arbitrary users' organization data. The Supabase PostgREST RPC function public.get_orgs_v6 runs as SECURITY DEFINER and is granted to the anon role, yet trusts a caller-supplied user UUID instead of the authenticated identity, exposing org membership, roles, subscription/trial metadata, and the management_email PII. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but exploitation is trivial and requires no credentials beyond the intentionally-public key.
Unauthenticated arbitrary file/directory deletion in the Appium storage plugin (versions prior to 1.1.6) allows a remote client to recursively delete writable files outside the storage root via the POST /storage/delete endpoint. The handler feeds the user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, so ../ sequences escape the intended directory. No public exploit was identified at time of analysis, but the fix is straightforward to reverse-engineer from the published patch (commit 5fee017 / PR #22362).
Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. The CVSS 4.0 base score is 8.5 (High), reflecting complete confidentiality, integrity, and availability impact despite the local attack vector.
Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. No public exploit identified at time of analysis and the flaw is not in CISA KEV; exploitation requires local file placement plus a victim executing the installer (UI:A).
Credential exposure in OpenClaw before 2026.5.28 lets a lower-trust actor who can write to a workspace's configured input paths plant a dotenv file that overrides trusted provider credentials, causing sensitive secrets to leak across intended trust boundaries. VulnCheck reported the issue and it is fixed in 2026.5.28; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The vendor CVSS 4.0 base score is 8.4 (High), reflecting high confidentiality and integrity impact but requiring local path access and user interaction.
## Summary Remote code execution and denial of service in FreeRDP before 3.22.0 stem from a use-after-free in the dynamic virtual channel manager (drdynvc), where `dvcman_channel_close` and `dvcman_call_on_receive` access `channel_callback` without proper synchronization (CWE-362). A malicious or compromised RDP server can race DYNVC_DATA and DYNVC_CLOSE messages to free a channel callback while another thread still uses it, corrupting the client heap. This is a client-side flaw affecting anyone connecting to an attacker-controlled server; no public exploit identified at time of analysis, and it is not listed in CISA KEV. ## Technical Context FreeRDP is a widely used open-source implementation of the Microsoft Remote Desktop Protocol, embedded in clients such as Remmina, GNOME Connections, Weston, and numerous commercial and VDI products. The bug lives in the drdynvc (Dynamic Virtual Channel) subsystem, which multiplexes optional channels (clipboard, audio, device redirection, etc.) over the RDP connection and processes them on a dedicated client thread. Per CWE-362 (concurrent execution using shared resource with improper synchronization / race condition), `dvcman_channel_close` (handling DYNVC_CLOSE) can free the `channel_callback` structure while `dvcman_call_on_receive` (handling DYNVC_DATA) is concurrently dereferencing it, producing a heap use-after-free. Because the RDP server dictates the timing and ordering of DYNVC_DATA and DYNVC_CLOSE PDUs, a hostile server controls the race window. ## Risk Assessment The published CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H) yields 8.3 (High), driven mainly by high availability impact with lower confidentiality/integrity impact — consistent with a heap corruption that reliably crashes the client (DoS) but only potentially yields RCE. AC:H correctly reflects that success depends on winning a non-deterministic thread race, which is unreliable and may require many attempts. There is no EPSS score, no KEV listing, and no confirmed public POC in the provided data, so exploitation pressure is currently low-to-unknown; the RCE and Denial Of Service tags reflect potential impact, not observed attacks. One nuance to verify: the vector uses UI:N/PR:N, but this is a client-side vulnerability requiring the victim to connect to a malicious server — a real-world limiting factor that raw CVSS understates. Net: a legitimate patch priority for fleets whose users connect to untrusted or reachable RDP endpoints, but not an emergency mass-exploitation scenario given AC:H and no evidence of exploitation. ## Affected Products FreeRDP (the open-source RDP client/library and its FreeRDP-based clients) at all versions prior to 3.22.0 are affected; the flaw is fixed in FreeRDP 3.22.0. No CPE strings were provided in the input, so exact downstream package ranges (e.g., distribution builds of Remmina or the freerdp2/freerdp3 packages) should be confirmed against vendor trackers. Authoritative details are in the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). ## Remediation Vendor-released patch: FreeRDP 3.22.0 — upgrade all FreeRDP libraries and any FreeRDP-based clients (Remmina, GNOME Connections, xrdp clients, etc.) to 3.22.0 or later, rebuilding or updating downstream distribution packages that bundle the library. Until patched, reduce exposure by only connecting to trusted, known-good RDP servers and avoiding connections to untrusted or attacker-influenced hosts, since the malicious behavior originates server-side; where feasible, restrict outbound RDP (TCP 3389) from client machines to an allowlist of approved servers via egress firewall rules (trade-off: breaks ad-hoc connections to new servers). If specific dynamic virtual channels are not required, disabling optional channel redirections (clipboard, drive, audio) narrows the attack surface of drdynvc but does not fully eliminate the race and reduces functionality. Follow guidance in GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). ## Exploit Scenario An attacker stands up or compromises an RDP server and lures a victim into connecting with a vulnerable FreeRDP client (e.g., via a malicious .rdp file, phishing link, or a man-in-the-middle position). Once connected, the server rapidly interleaves DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win the race and trigger the heap use-after-free in the client's drdynvc thread, crashing the client or, with careful heap grooming, potentially executing code in the client process. No public POC is identified at this time, and the AC:H race condition makes reliable code execution difficult. ## Exploitation Conditions Exploitation requires the victim to establish an RDP session to an attacker-controlled or compromised server running against a FreeRDP client before 3.22.0, and the connection must use the drdynvc dynamic virtual channel path. The attacker must then concurrently send DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win a timing race in `channel_callback` access. Limiting factors: the attacker must control the RDP server side (this is a client-side vulnerability, so it cannot be triggered against an unwilling client that never connects), the exploit depends on winning a non-deterministic thread race (CVSS AC:H) so it is unreliable and may require repeated attempts, and reliable code execution beyond a crash requires heap-layout control. No authentication to the malicious server is needed, but the user must initiate the outbound connection. ## Attack Chain Lure victim to malicious RDP server → Client opens dynamic virtual channel (drdynvc) → Server races DYNVC_DATA and DYNVC_CLOSE → Trigger heap use-after-free on channel_callback → Crash client or execute code in client process ## Confidence Notes Affected/fixed version (before 3.22.0; fixed in 3.22.0), root cause, and functions are confirmed by the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h and the VulnCheck advisory. CVSS 4.0 vector, 8.3 score, and CWE-362 are provided in the input; RCE is described as potential, not demonstrated. Not listed in CISA KEV and no EPSS score or public POC was provided, so real-world exploitation status is unknown; downstream package version ranges are not confirmed due to absent CPE data. ## Prevalence high ## Prevalence Basis core open-source RDP library embedded in many Linux remote-desktop clients ## Assessed CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H ## Assessed CVSS Rationale Client-side flaw needing the victim to connect to a malicious server (UI:R) and to win a thread race (AC:H); heap corruption gives high availability impact with limited C/I. ## Assessed CVSS 4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Sandbox escape in Google Chrome on Windows prior to 150.0.7871.115 allows an attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page, chaining a codec input-validation flaw into higher-privileged host-process compromise. The bug is rated High by Chromium and carries a CVSS 8.3 with a scope-changing vector reflecting the sandbox-boundary crossing. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sandbox escape in Google Chrome's Core component on Windows (versions prior to 150.0.7871.115) lets an attacker who has already compromised the renderer process break out of the sandbox and reach the higher-privileged browser process via a crafted HTML page. The flaw is a CWE-416 use-after-free rated High by Chromium and CVSS 8.3, with a scope change reflecting the renderer-to-browser boundary crossing. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but as the second stage of a browser exploit chain it is a meaningful patch priority.
Sandbox escape in Google Chrome's GetUserMedia (WebRTC media capture) implementation allows an attacker who has already compromised the renderer process to break out of the browser sandbox by exploiting a race condition via a crafted HTML page, affecting all desktop Chrome builds prior to 150.0.7871.115. Rated High by Chromium and scored CVSS 8.3, this is a second-stage exploitation primitive typically chained after an initial renderer RCE; no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor patch is available in the 150.0.7871.115 Stable channel release.
Access-control bypass in OpenStack Ironic before 37.0.1 lets an Ironic user who is authorized to deploy nodes via the IPMI management interface invoke the send_raw deploy step to issue arbitrary IPMI commands directly to a node's BMC, sidestepping the permission model Ironic normally enforces on management actions. This is an authenticated privilege-boundary flaw (CVSS 8.2, PR:H) affecting bare-metal provisioning environments; no public exploit code has been identified and it is not listed in CISA KEV at time of analysis.
{{ huge_array | pop }}` trigger an O(N) full clone of an attacker-influenced array that bypasses the engine's configured memoryLimit budget, enabling denial of service through memory exhaustion. The `pop` array filter in src/filters/array.ts clones its input via `[...toArray(v)]` without routing the allocation through `this.context.memoryLimit.use(...)`, so the safety guard applications rely on is silently defeated. There is no public exploit identified at time of analysis, EPSS/KEV data was not supplied, and the impact is limited to availability (no confidentiality or integrity loss).
Security feature bypass in Microsoft Edge (Chromium-based) allows a remote, unauthenticated attacker to circumvent a browser security control over the network when a user is lured into interacting with attacker-controlled content. The scope-changing CVSS 8.2 vector and high confidentiality impact suggest the bypass can expose sensitive information beyond the browser's normal security boundary. Reported by Microsoft's own security team; no public exploit identified at time of analysis.
Authorization bypass in the Astro web framework version 6.4.7 lets remote unauthenticated attackers reach protected routes by exploiting an inconsistency between how the framework decodes URL paths for auth decisions versus route matching. Because authorization runs against a path that hit the iterative URL-decoder limit while later rewrite matching applies an extra decodeURI(), a request that appears benign at the auth gate resolves to a guarded route afterward, exposing protected content. No public exploit has been identified at time of analysis, but the fix in 6.4.8 and a published GitHub Security Advisory confirm the flaw.
Stored cross-site scripting in the lxml_html_clean Cleaner (≤ 0.4.4) and the bundled lxml legacy html.clean module (≤ 6.1.0) lets attackers smuggle javascript: URLs through HTML sanitization on the namespaced xlink:href attribute. When callers configure Cleaner with safe_attrs_only=False, the URL-scheme scrubber never inspects <a xlink:href="javascript:..."> inside SVG or MathML, so the payload survives and executes when a victim clicks the rendered anchor. Publicly available exploit code exists (a working reproducer ships with the advisory), but there is no public exploit identified as being used in active attacks and the issue is not in CISA KEV.
Certificate revocation bypass in etcd affects clusters running versions before 3.5.32 and before 3.6.13 that are configured with --listen-client-http-urls to serve HTTP and gRPC client traffic on separate listeners. In that split-listener mode the --client-crl-file Certificate Revocation List is silently ignored on the gRPC listener, so a client presenting a certificate the operator has explicitly revoked can still complete mutual-TLS authentication and gain full read/write access to the key-value store. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but the technical impact is total for anyone relying on CRL-based deauthorization.
Arbitrary file write in the AsyncSSH Python library (versions prior to 2.23.1) allows a malicious or compromised SSH server to plant files anywhere on an SCP client's filesystem when a user initiates a file-copy operation against it. Because the SCP client trusts server-supplied filenames verbatim, a hostile server can return names containing ../ sequences to escape the intended download directory, enabling code execution or system tampering. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV.
Privilege-boundary bypass in CAXperts UPVWebServices (2.4.2212.603-2.7.6) and the companion UDiTH Portal (2026.0.0-2026.2.0) lets any authenticated low-privilege user reach an administrative API endpoint that lacks an authorization check, enabling them to deactivate the application's license and disable the service. Rated CVSS 8.1 by the reporter, this is a broken-access-control (CWE-862) issue affecting engineering-portal deployments. There is no public exploit identified at time of analysis, EPSS is low (0.20%, 10th percentile), and it is not listed in CISA KEV, though SSVC rates the technical impact as total.
Insecure Direct Object Reference in NL Portal's Taak V2 module (nl.nl-portal:taak) versions 1.5.0 through 3.0.0 lets any authenticated portal user holding a valid 'burger' OAuth token complete and tamper with another user's task by supplying its task ID. Because the submitTaakV2 GraphQL mutation never verified task ownership, an attacker can overwrite another user's submitted form data (verzondenData) and read that user's previously entered personal data returned in the GraphQL response, breaking both integrity and confidentiality. No public exploit is identified at time of analysis, but the flaw is trivially exploitable by any logged-in user against a horizontally-adjacent task object.
{service} endpoint to download raw Frigate and nginx logs. Those logs record request query strings containing auto-generated admin passwords and camera credentials, so a viewer can harvest them and re-authenticate as administrator. No public exploit identified at time of analysis, but the flaw is mechanically trivial to abuse once any viewer session exists, and no fixed release has been identified.
Privilege escalation via Insecure Direct Object Reference in the WCFM Membership (WooCommerce Memberships for Multivendor Marketplace) WordPress plugin versions up to and including 2.11.10 lets authenticated users holding at least vendor-level access manipulate the 'wcfmvm_membership_change' AJAX action to reassign any user's account to the 'wcfm_vendor' role by altering their membership plan. Because the action never checks whether the caller is authorized to modify the targeted user, a low-privileged marketplace vendor can tamper with arbitrary accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high CVSS of 8.1 and network-reachable authenticated vector make it a meaningful multivendor-store risk.
OS command injection in the Horde_Vfs_Smb driver of the Horde Virtual File System (VFS) API before 3.0.1 lets authenticated users execute arbitrary shell commands on the server. The flawed _escapeShellCommand() method fails to neutralize shell command-substitution sequences, so attacker-controlled filenames passed through routine file operations are interpolated into a double-quoted /bin/sh -c context and executed via proc_open() before smbclient runs. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch (v3.0.1) exists and the CVSS 4.0 base score is 7.7 (High).
Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).
Local privilege escalation via heap buffer overflow in the X.Org Server (versions before 21.1.24) and Xwayland (before 24.1.13) allows a local user holding an X connection to corrupt heap memory by supplying a malicious PCX font. The flaw lives in the SetFont code path, where missing glyph boundary checks let an oversized or malformed glyph write past its heap allocation, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis; EPSS is low at 0.28% and CISA SSVC rates exploitation as none.
Sandbox escape in the Go standard library's os.Root API (os package) on Unix systems allows filesystem operations meant to be confined to a directory to reach files outside it. When a path's final component is a symbolic link and the path ends in a trailing slash (e.g. root.Open("symlink/")), os.Root improperly dereferences that symlink to a location outside the root, defeating the traversal protection the API is designed to enforce. Affects Go before 1.25.12, 1.26.5, and 1.27.0-rc.2; no public exploit is identified at time of analysis and it is not in CISA KEV.
Local privilege escalation in Omnissa Workspace ONE Tunnel for Windows lets an authenticated low-privileged local user abuse a path-traversal weakness (CWE-22) to gain higher (likely SYSTEM) privileges on the endpoint. The flaw affects the Windows Tunnel client used for per-app VPN in Workspace ONE managed fleets; no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is high across confidentiality, integrity, and availability, but exploitation is confined to attackers who already have a local foothold on the machine.
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigger stale field-pointer dereferences after the script deletes form fields, corrupting memory and crashing the application. The flaw affects Foxit PDF Editor 14.0.4 and earlier and Foxit PDF Reader 2026.1.1 and earlier and requires the victim to open a malicious file. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Foxit's own CVSS of 7.8 (C:H/I:H/A:H) implies potential code execution beyond the crash described.
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows a crafted PDF containing embedded JavaScript to free page objects and trigger a dangling write to pop-up annotation objects. An attacker who convinces a user to open a malicious document can crash the application and potentially achieve arbitrary code execution in the user's context. No public exploit identified at time of analysis; the flaw was reported privately by Foxit.