Uncontrolled resource consumption in the smallnest rpcx Go RPC framework (through 1.9.3) lets a single unauthenticated client crash the server by sending a small (<2 MB) gzip-compressed protocol message that decompresses into gigabytes of heap. Because protocol.Message.Decode inflates the payload via util.Unzip during readRequest - before any authentication - and the only size guard (protocol.MaxMessageLength) is checked against the compressed frame rather than the decompressed output, the server exhausts memory and becomes unavailable. Publicly available exploit code exists and a vendor patch (commit 047aec1) has been released; no public evidence of active exploitation at time of analysis.
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution.
Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. Publicly available exploit code exists (reported by VulnCheck) and a vendor patch is available (commit 86f4118); no active exploitation has been confirmed.
Remote denial of service in the JavaScript @libp2p/gossipsub module (all versions prior to 16.0.0) lets any connected peer stall a victim node by sending oversized IHAVE/IWANT control messages. Because defaultDecodeRpcLimits left maxIhaveMessageIDs and maxIwantMessageIDs set to Infinity, a single 4 MB RPC frame forces roughly 180,000 message IDs to be iterated synchronously, blocking the Node.js event loop and freezing the process. No public exploit identified at time of analysis; the flaw is remotely reachable without authentication against affected default configurations.
Denial of service in the httplib2 Python HTTP client library (all versions prior to 0.32.0) lets a malicious or compromised HTTP server crash the client by returning a small gzip- or deflate-compressed response body that expands without bound during automatic decompression, exhausting memory and triggering a MemoryError or OS OOM-kill. Any application that uses httplib2 to fetch content from untrusted or attacker-controllable endpoints is affected. No public exploit identified at time of analysis; EPSS not provided, but the class is trivially demonstrable and the fix is a one-line-scope behavioral change shipped in 0.32.0.
Sensitive file exfiltration in Composio SDK (the @composio/cli package) before 0.2.32-beta.283 lets attackers steal credential files by abusing a missing path-safety check in the readFileFromDisk function of tool-file-uploads.ts. Because the assertSafeFileUploadPath guard is absent, an attacker who can influence the agent's prompt can manipulate file_uploadable parameters to point at arbitrary paths such as ~/.ssh private keys, causing the CLI to upload those files to attacker-controlled storage. There is no public exploit identified at time of analysis, but the upstream fix, issue, and pull request are all public, which lowers the bar for reproduction.
Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X server via a maliciously crafted PCF bitmap font. The flaw sits in ComputeScaledProperties(), where a missing bounds check on the property buffer allows a heap overflow (CWE-122) that runs in the X server's security context - typically root on traditional Linux desktops. There is no public exploit identified at time of analysis; EPSS is modest at 0.58% and CISA SSVC rates exploitation as 'none' with 'total' technical impact.
Arbitrary file upload in the WHMCS Bridge plugin for WordPress (all versions through 6.9) lets authenticated users with Custom-level access or above upload files of any type via the unvalidated connect() function, potentially achieving remote code execution on the host. Reported by Wordfence and tracked as CWE-434, the flaw carries a CVSS of 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The impact hinges on the plugin's failure to enforce file-type checks before writing uploaded content to disk.
Command injection in yt-dlp and youtube-dl before 2026.7.4 lets a malicious video/webpage host smuggle attacker-controlled data into shortcut files generated by the --write-link, --write-url-link, and --write-desktop-link options. Because webpage_url and filename metadata are written to .url/.desktop files without validation or escaping, an attacker can inject a file:// URI on Windows or a newline-based Desktop Entry key on Linux that runs commands when the victim later opens the generated shortcut. No public exploit identified at time of analysis; EPSS is modest at 0.55% and CISA SSVC records exploitation as none, but technical impact is rated total.
Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. No public exploit is identified at time of analysis and CISA SSVC rates current exploitation as none, but the technical impact is rated total.
Remote code execution in the Widget Logic Visual WordPress plugin (all versions through 1.52) lets low-privileged authenticated users run arbitrary PHP on the server. The flaw stems from the widget-logic-update-conditional-tags AJAX action lacking a capability check and nonce verification, allowing any subscriber-and-above account to store attacker-controlled data in the 'nwlv[cod-tag]' parameter that is later passed to an eval() call by widget_logic_visual_check_visibility. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.
Server-controlled buffer overflow in Das U-Boot (bootloader) through 2026.04-rc3 lets a malicious or compromised NFS server corrupt memory in an U-Boot client built with CONFIG_CMD_NFS. The flaw lives in nfs_readlink_reply() (net/nfs-common.c), where relative symlink targets from consecutive READLINK responses are appended to the fixed 2048-byte nfs_path_buff without cumulative length checks; two responses of ~1100 bytes each overflow it and clobber adjacent BSS state (nfs_server_ip, nfs_server_mount_port, nfs_server_port, nfs_our_port, nfs_state, rpc_id), giving control over the NFS client state machine. Reported by VulnCheck with a CVSS 4.0 base score of 8.8; there is no public exploit identified at time of analysis and it is not on CISA KEV.
SQL and DDL injection in the Snowflake Terraform Provider before 2.18.0 lets an attacker who can influence pipeline workspace variables execute arbitrary SQL inside the provider's privileged Snowflake session (CWE-89), enabling data exfiltration and creation of long-lived credentials. A second flaw allows identifier-injection into user-management DDL, so accounts can be minted with attacker-controlled credentials that bypass operator-configured security controls. No public exploit identified at time of analysis; risk is authenticated/insider-driven rather than remote-unauthenticated.
Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the BitmapScaleBitmaps routine, where a 32-bit size calculation overflows during bitmap font scaling. Any client able to connect to the X Server and request scaled bitmap fonts can corrupt heap memory and run code within the X server's process context, which is frequently privileged. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS is low at 0.37% (29th percentile), consistent with the SSVC finding of no observed exploitation despite total technical impact.
Privilege escalation in the Duoshuo (多说社会化评论框) social commenting plugin for WordPress (all versions through 1.2) lets remote attackers seize full administrator control. An unauthenticated, web-accessible API endpoint (api.php/LocalServer.php) exposes an `update_option` handler that lacks capability and nonce checks and relies on a trivially forgeable HMAC-SHA1 signature keyed on an always-empty option, allowing attackers to overwrite any WordPress option - for example flipping `default_role` to `administrator` and enabling open registration, then self-registering an admin account. No public exploit is identified at time of analysis, and it is not in CISA KEV, but the flaw is straightforward to weaponize.
Authentication bypass in LiteLLM (BerriAI) proxy/AI Gateway before 1.84.0 lets a remote unauthenticated attacker reach MCP tooling by sending a fabricated Authorization header. The malformed header forces the MCP Streamable HTTP endpoint down an OAuth2 passthrough fallback that substitutes a failed key validation with an empty UserAPIKeyAuth() object, effectively treating the caller as authorized without any valid LiteLLM key. The CVSS 4.0 score of 8.8 reflects network-reachable, no-privilege access with high confidentiality impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.
Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page, stemming from an inappropriate implementation in the Forms component (Chromium severity: High). No public exploit identified at time of analysis, and the flaw is not on CISA KEV; Google has shipped a fixed Stable channel build. The high CVSS (8.8) reflects full compromise of the affected renderer process, though code execution is stated to be confined to the sandbox rather than a full host takeover.
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.
Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.
Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.
Trust-boundary bypass in Copier 9.5.0 through 9.15.1 lets an attacker-controlled template execute arbitrary commands without the usual --trust confirmation. The flaw stems from the trust prefix check using a raw str.startswith on the un-normalized template URL, so a reference that textually begins with a trusted prefix but contains '..' is granted trust while actually resolving to a different template whose tasks/migrations/jinja_extensions then run. No public exploit identified at time of analysis, and it is not in CISA KEV; fixed in 9.15.2.
Remote heap corruption in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free (CWE-416) in Ozone, the platform abstraction layer that mediates windowing, graphics, and input. A remote attacker who lures a victim into loading a crafted HTML page can trigger the freed-memory reuse and potentially achieve renderer-level code execution; Chromium rates the underlying flaw Critical. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, low-complexity CVSS 8.8 profile makes it a high-priority browser patch.
Privilege/authorization bypass in Progress MOVEit Transfer's Audit User module lets an authenticated low-privileged user perform actions beyond their intended permissions, achieving high confidentiality, integrity, and availability impact (CVSS 8.8). Affected builds are all releases before 2025.0.7 and the 2025.1.x line before 2025.1.3. No public exploit has been identified at time of analysis, and the low EPSS score (0.18%, 8th percentile) with CISA SSVC marking exploitation as 'none' indicates no observed exploitation despite MOVEit's history as a ransomware target.
Heap corruption in Google Chrome's Views UI framework (versions prior to 150.0.7871.115) lets a remote attacker exploit a use-after-free by luring a victim to a crafted HTML page. The flaw, rated Critical by Chromium and CVSS 8.8, requires user interaction (visiting a malicious page) but no authentication; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Google has shipped a stable-channel fix.
Heap corruption in Google Chrome's DOM implementation before 150.0.7871.115 lets a remote attacker corrupt memory when a victim opens a crafted HTML page, a High-severity Chromium bug rated CVSS 8.8. Google has shipped a Stable channel fix and the flaw requires user interaction (visiting a malicious page) but no privileges. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Heap corruption in Google Chrome's Codecs component allows a remote attacker to trigger out-of-bounds read and write operations by luring a victim to open or play a crafted video file, affecting all desktop builds prior to 150.0.7871.115. Rated High by Chromium and CVSS 8.8, it requires user interaction (viewing malicious media) but no privileges, and combines information disclosure with potential memory corruption that could lead to code execution. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Cross-origin WebSocket hijacking in the Cline Hub dashboard server (the process started by `cline dashboard`) before version 3.0.30 lets a malicious website drive an active local Cline session. Because the /browser WebSocket endpoint does not validate the Origin header and isAuthorizedBrowserRequest() trusts any request when ROOM_SECRET is unset on a 127.0.0.1 bind, any site a victim visits can send desktopCommand frames to read workspace state, alter MCP and provider/model settings, and-when a provider or model is configured-invoke command execution on the developer's machine. There is no public exploit identified at time of analysis and it is not in CISA KEV; the flaw is a classic origin-validation gap (CWE-346) fixed in 3.0.30.
Sandbox escape in the OpenJDK packages shipped by Ubuntu allows a compromised sandboxed application to break out and run arbitrary code on the host. Because the packages' .jar MIME handlers execute any file flagged executable (when the mailcap package is present), an app abusing the OpenURI portal through xdg-desktop-portal-gtk can drop a malicious .jar, set its executable bit, and invoke the handler. There is no public exploit identified at time of analysis, but the flaw carries a CVSS 8.8 with a changed scope, reflecting full loss of host confidentiality, integrity and availability once the sandbox boundary is crossed.
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.
Denial of service (with conditional memory corruption) in Das U-Boot bootloader versions through 2026.04-rc3 lets a network-adjacent attacker crash the device before the OS loads by returning a malformed TCP SYN+ACK to a connection U-Boot has initiated. Because the CVSS 4.0 vector (VA:H, no confidentiality/integrity impact) reflects an availability-only bug rooted in an integer underflow (CWE-191), the practical outcome is a bricked/failed boot; when CONFIG_LMB is disabled, the same underflow can corrupt memory. No public exploit identified at time of analysis; not listed in CISA KEV.
Local file inclusion in Repomix's git clone HTTP endpoint lets unauthenticated remote attackers read arbitrary tracked file contents from git repositories on the server's filesystem. The isValidRemoteValue validation in src/core/git/gitRemoteParse.ts does not reject file:// scheme URLs, so a supplied file:///path/to/repo value is passed directly to git clone. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.7 (High) driven by high confidentiality impact with no authentication required.
Denial of service in Parse Server (versions prior to 8.6.82 and 9.9.1-alpha.12) allows remote attackers to hang the Node.js event loop by submitting deeply nested $or, $and, or $nor query operators through the REST API or LiveQuery interface, triggering exponential-time processing in the internal query-traversal helper. Because the vulnerable code path is reachable without authentication and consumes CPU without bound, a single crafted request can render the backend unresponsive to all clients. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Denial of service in pypdf before 6.14.2 lets a remote attacker hang any application that parses an attacker-supplied PDF: a page content stream carrying an unterminated inline image with an ASCII85 or ASCIIHex filter drives the parser into an infinite loop (CWE-835), most notably during page text extraction. The pure-Python library is very widely used in document-processing and data-ingestion pipelines, so a single malicious file can pin a CPU core and stall the worker. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the root cause is well-described and trivially reproducible.
Container-to-host sandbox escape in HashiCorp Nomad and Nomad Enterprise lets an authenticated job submitter using the Docker task driver bind-mount an arbitrary host path into their container even when volume bind mounts are administratively disabled, enabling read and write access to files on the underlying host. The scope-changing flaw (CVSS 3.1 8.7) affects the Community and Enterprise editions and is fixed in Nomad 2.0.4 (CE), and Enterprise 2.0.4, 1.11.8, and 1.10.14. There is no public exploit identified at time of analysis and it is not on CISA KEV.
Denial of service in the pypdf Python PDF library (all versions prior to 6.14.1) allows a remote attacker to hang a consuming application by supplying a malicious PDF. A page content stream containing an unterminated inline image drives the inline-image end-marker detection logic into an infinite loop, most notably triggered during page text extraction. No public exploit has been identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects an unauthenticated, low-complexity availability attack, and a fixed release (6.14.1) is available.
Denial of service in the Immutable.js JavaScript library (versions before 4.3.9 and 5.1.8) allows attackers who can influence an index or size value to crash or hang a Node.js/browser process. Passing a value between 2^30 and 2^31 to List#set, setSize, setIn, updateIn (or the functional equivalents) drives setListBounds into an uncatchable infinite loop on empty Lists, unbounded memory allocation until process abort on populated Lists, or a silent integer wrap on setSize. No public exploit code has been identified at time of analysis, and the flaw is not on the CISA KEV list; impact is availability-only.
Uncontrolled resource consumption in Immutable.js prior to 4.3.9 and 5.1.8 lets an attacker who controls keys inserted into an Immutable.Map or Immutable.Set exhaust CPU by supplying many keys that share the same 32-bit hash. Because collisions are stored in a HashCollisionNode bucket that is scanned linearly, insertion and lookup degrade from near-constant to quadratic time, producing a denial of service. No public exploit identified at time of analysis and no active exploitation is indicated, but the CVSS 4.0 score of 8.7 reflects an easy, unauthenticated, network-reachable availability impact wherever user-supplied objects reach these structures.
Denial of service in node-tar prior to 7.5.18 allows remote attackers to hang a Node.js application by feeding it a crafted tar archive: a checksum-valid header carrying a negative base-256 encoded entry size makes the tar.replace scanner advance zero bytes and re-parse the same header forever. No public exploit or active exploitation is identified at time of analysis, but the CVSS 4.0 base score of 8.7 reflects the high, easily-reachable availability impact. Only applications that call tar.replace on untrusted archive input are affected.
Stored cross-site scripting in the Plate rich-text editor (versions 53.0.0 through 53.1.3) lets a crafted document execute attacker JavaScript when a victim opens it. The media embed renderer trusts serialized provider/sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, so an attacker can flag a URL as a legitimate video provider while keeping a javascript: payload that MediaEmbedElement renders directly as an iframe src. No public exploit has been identified at time of analysis, and the flaw is fixed in 53.1.4.
Authorization bypass in Zalando Skipper (<= v0.26.8) lets remote unauthenticated attackers defeat the opaAuthorizeRequestWithBody OPA filter by sending the request body with HTTP/1.1 Transfer-Encoding: chunked or HTTP/2 framing that omits content-length. Because net/http sets ContentLength = -1 for such requests, Skipper's body extractor buffers an empty body, so Rego policies that gate on input.parsed_body evaluate against an empty document, fail open, and forward the forbidden payload upstream. Publicly available exploit code exists (a full E2E Go PoC is embedded in the GHSA advisory); the flaw is not in CISA KEV and no EPSS score was provided.
Cross-origin admin account takeover in the Grav CMS API plugin before v1.0.0-rc.16 stems from two combined weaknesses: JWT tokens are accepted through the ?token= URL query parameter and every API response returns the wildcard Access-Control-Allow-Origin: * header. Any attacker who harvests a leaked JWT from access logs, proxy logs, browser history, or Referrer headers can replay it in fully authenticated cross-origin requests from an arbitrary malicious site, then create persistent super-admin accounts and exfiltrate configuration and user data. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but a vendor patch (v1.0.0-rc.16) is available.
Cross-tenant bundle deletion in Capgo (Capacitor live/OTA update platform) before 12.128.2 lets holders of an upload-scoped API key rewrite the mutable app_versions.r2_path column through the PostgREST data API, retargeting it at another tenant's Cloudflare R2 objects. By pointing a soft-deleted attacker version at a victim bundle and firing the on_version_update cleanup trigger, an attacker deletes the victim's R2 object, breaking that app's over-the-air update delivery. No public exploit is identified at time of analysis, but the mechanism is fully described and CVSS 4.0 rates availability impact as High (8.7).
Broken access control in Capgo (the Capacitor live-update/OTA platform) before 12.128.2 lets any unauthenticated caller holding only the public publishable API key read arbitrary users' organization data. The Supabase PostgREST RPC function public.get_orgs_v6 runs as SECURITY DEFINER and is granted to the anon role, yet trusts a caller-supplied user UUID instead of the authenticated identity, exposing org membership, roles, subscription/trial metadata, and the management_email PII. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but exploitation is trivial and requires no credentials beyond the intentionally-public key.
Unauthenticated arbitrary file/directory deletion in the Appium storage plugin (versions prior to 1.1.6) allows a remote client to recursively delete writable files outside the storage root via the POST /storage/delete endpoint. The handler feeds the user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, so ../ sequences escape the intended directory. No public exploit was identified at time of analysis, but the fix is straightforward to reverse-engineer from the published patch (commit 5fee017 / PR #22362).