EventSerializer in Discourse improperly exposes private event invitation metadata - including invited group names, sample invitee usernames, and attendance statistics - to any user who can view the topic, regardless of their authorization to access the private invitee list. All Discourse installations prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 are affected when event functionality is in use. No public exploit or active exploitation (CISA KEV) has been identified, but the trivial network vector (AV:N/AC:L/PR:N/UI:N) makes this passively accessible to any user - authenticated or not - with topic-read access on an open or semi-open forum.
File upload authorization bypass in Open WebUI before 0.10.0 allows authenticated users with read-only knowledge base access to inject arbitrary files into restricted knowledge bases by supplying a crafted metadata.knowledge_id parameter. The upload endpoint omits the write-access check enforced by the dedicated /api/v1/knowledge/<id>/file/add route (CWE-862), creating a privilege escalation path for any authenticated platform user. No public exploit code or CISA KEV listing exists at time of analysis, but the impact extends beyond the low CVSS integrity score - injected content directly influences LLM responses for all users of the affected knowledge base, enabling indirect prompt injection.
Unauthorized plugin installation affects the Memberships and User Profiles for WooCommerce - ProfileGrid WooCommerce Integration plugin (versions up to and including 3.4), allowing any authenticated WordPress user at Subscriber level or above to force-install and activate the ProfileGrid plugin without administrative approval. The flaw stems from a dual failure - absent capability check and absent nonce validation - on the `pg_install_profilegrid()` AJAX handler, registered via the `wp_ajax_pg_install_profilegrid` hook. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; however, the low barrier to exploitation (any authenticated user) makes this a meaningful integrity risk on multi-tenant or open-registration WooCommerce stores.
Open WebUI's WEB_FETCH_FILTER_LIST blocklist enforcement fails to parse hostnames at label boundaries in versions prior to 0.10.0, enabling authenticated users to bypass administrator-configured host restrictions and trigger server-side fetches to internally restricted resources. Two bypass classes exist: embedding a blocked hostname in the URL path component (e.g., https://attacker.com/internal.corp/data) rather than the authority, and using a sibling domain sharing the blocked entry's suffix (e.g., evilinternalhost.example.com matching a blocklist entry for internalhost.example.com). No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
{tokenValue}/payments/{paymentId}` silently accepts and returns HTTP 200 for payment methods the store operator has explicitly excluded from the order's sales channel, while the equivalent checkout endpoint correctly rejects them with HTTP 422. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Improper authorization in Open WebUI 0.9.x allows deactivated or pending users to continue executing scheduled AI model automations after their accounts should have lost that capability. The `execute_automation` function rehydrated automation owners without re-verifying that the owner account was still active or still held the `features.automations` permission, and `check_model_access` enforced private-model grants only against the current user role at the time of check rather than re-validating eligibility at execution time. No public exploit has been identified at time of analysis, and the CVSS score of 3.1 reflects the low real-world severity: high attack complexity, limited availability impact, and no confidentiality or integrity impact per the official assessment.
Authorization bypass in the Crew HRM WordPress plugin (all versions ≤ 1.2.2) allows any authenticated subscriber-level user to delete, archive, unarchive, and duplicate arbitrary job listings - including associated stages, metadata, addresses, and applications - by supplying an arbitrary integer job_id. The nonce that nominally gates these actions via Dispatcher::dispatch() is deliberately exposed to every authenticated frontend visitor through wp_head script localization, making the bypass trivially reproducible by any user with a WordPress account. No public exploit code or active exploitation has been identified at time of analysis, and no KEV listing exists; however, the nonce leak collapses the practical access barrier to subscriber level.
Unauthorized shipping label manipulation in DHL eCommerce (Benelux) for WooCommerce versions up to 2.2.3 allows any authenticated WordPress user - down to Subscriber level - to create or delete DHL shipping labels for any WooCommerce order site-wide. The two vulnerable AJAX handlers lack both capability verification and nonce (CSRF token) checks, meaning the attacker-supplied order ID is acted upon without confirming the caller has order management rights. No public exploit is identified and this is not listed in CISA KEV, but the low authentication bar (any registered user) and operational impact on fulfillment make this a meaningful risk for Benelux e-commerce stores with open user registration.
Missing authorization in the DSGVO All in One for WP plugin (versions up to and including 4.9) allows any authenticated WordPress user with Subscriber-level access or higher to invoke the dsgvo_reset_policy_service_func() function and wipe all customized privacy policy content - cookie notices, Google Analytics policies, Facebook policies, and YouTube policies - back to plugin defaults. The root cause is a complete absence of both WordPress capability checks and nonce verification on a sensitive administrative function that accepts and acts on user-supplied parameters. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the low authentication barrier makes this accessible to a wide pool of potential abusers on sites with open user registration.
Unauthorized order modification in the Colissimo Officiel shipping plugin for WordPress (versions up to and including 2.9.0) allows any authenticated subscriber-level user to overwrite the shipping method, pickup-relay metadata, and shipping address of arbitrary WooCommerce orders - including orders belonging to other customers. The vulnerability stems from a completely unguarded AJAX handler: no capability check and no nonce verification are performed before acting on caller-supplied input. No public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog, though Wordfence has confirmed and disclosed it with specific source-line references.
Privilege escalation in VMware Pinniped's Kubernetes authentication layer allows an attacker who already controls Active Directory group distinguished names to gain elevated Kubernetes RBAC permissions beyond their legitimate entitlements. The flaw affects Pinniped v0.11.0 through v0.46.0 when the Supervisor is configured with an ActiveDirectoryIdentityProvider and a specific empty groupName attribute, and only when an attacker simultaneously holds write access to AD group entries and valid AD user credentials. No public exploit code exists and this is not listed in CISA KEV; the vendor CVSS score of 3.8 (Low) reflects the highly constrained exploitation prerequisites.
Cross-channel thread context disclosure in Open WebUI prior to 0.10.0 allows authenticated low-privilege users to reference messages from private or DM channels they do not have access to, leaking thread content across channel boundaries. The root cause is a missing channel-binding validation on the parent_id parameter in thread reply handling - the server does not verify that the referenced parent message belongs to the channel specified in the URL. No public exploit or active exploitation has been identified; this is a low-severity, high-complexity authorization bypass with confirmed vendor fix in v0.10.0.
Unauthenticated file deletion in Palo Alto Networks PAN-OS allows network-reachable attackers to delete files from a temporary directory via the management web interface, affecting PA-Series and VM-Series firewalls and Panorama appliances. Real-world risk is substantially bounded by the vendor's documented best-practice guidance to restrict management interface access to trusted internal IP addresses, which eliminates external attack surface. No public exploit code has been identified, CISA KEV listing is absent, and the vendor-provided CVSS 4.0 score of 2.7 with an E:U supplemental metric reflects no known active exploitation.
Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.
Path traversal in tumf mcp-text-editor up to version 1.0.2 allows remote attackers to read, write, or delete files outside the intended directory by supplying manipulated file path arguments to the `_validate_file_path` function in `mcp_text_editor/text_editor.py`. A public exploit has been disclosed (confirmed by VulDB and reflected in the CVSS 4.0 E:P modifier), and the vendor has closed the tracking GitHub issue without explanation, leaving the vulnerability unpatched. The CVSS 4.0 base score of 2.1 reflects limited confidentiality, integrity, and availability impact alongside a required user interaction step.
Cross-site scripting in YzmCMS through version 7.5 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript by manipulating the HTTP Host header processed by the `get_url` function in `/yzmphp/yzmphp.php`. The Header Handler component reflects the attacker-controlled `HTTP_HOST` value into generated page output without sanitization, enabling payload execution in a victim's browser upon page visit. A public proof-of-concept exploit has been disclosed; no patch exists and the vendor did not respond to coordinated disclosure, leaving all deployments at or below v7.5 exposed.
Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. A proof-of-concept exists (CVSS 4.0 E:P) but no confirmed active exploitation has been recorded in CISA KEV.
Resource identifier manipulation in macrozheng mall up to 1.0.3 allows authenticated remote attackers to access or affect return-application records belonging to other users by substituting arbitrary orderId values in POST requests to /returnApply/create. The flaw is classified as CWE-99 (Improper Control of Resource Identifiers), consistent with an Insecure Direct Object Reference (IDOR) pattern in the Portal Endpoint. A public exploit is available, and the vendor deleted the corresponding GitHub issue without comment, raising concerns about coordinated disclosure and patch status.
Privilege escalation in Palo Alto Networks Prisma® Browser on macOS enables a locally authenticated administrator with access to the local filesystem to perform actions at root privilege level. The vulnerability is scoped exclusively to macOS deployments of Prisma Browser - no other platforms or Palo Alto products are implicated per the advisory. No public exploit identified at time of analysis; the CVSS 4.0 base score of 2.0 reflects the substantial exploitation prerequisites that materially constrain real-world risk despite the full-system impact potential at root level.
Denial of service in pdeljanov Symphonia up to version 0.6.0 can be triggered locally by a low-privileged attacker who supplies a crafted audio file to the Metadata Handler component, causing improper resource release and application unavailability. The root cause is CWE-404 (Improper Resource Shutdown or Release) within the metadata parsing subsystem, with no impact on confidentiality or data integrity. A proof-of-concept exploit has been published; however, no patched release exists as the upstream fix (PR #514) remains unmerged at time of analysis.
Denial-of-service in fbxcel up to 0.9.0 allows a local, low-privileged attacker to crash any application embedding this Rust FBX-parsing library by supplying a crafted FBX file that triggers improper resource handling in the v7400 Node Header Handler. Impact is limited to availability with no confidentiality or integrity consequence, consistent with the CVSS 4.0 base score of 1.9. A public proof-of-concept exists (CVSS 4.0 E:P), though exploitation is constrained entirely to local access paths; no KEV listing or active exploitation has been reported.
Use-after-free in Open5GS 2.7.7's AMF component allows a local low-privileged user to access freed memory within the `amf_context_final` function in `src/amf/context.c`, producing a low-severity confidentiality exposure. Exploitation is strictly local - no network vector exists - and a public proof-of-concept is confirmed by the CVSS 4.0 E:P supplemental modifier. This vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of 1.9, reflecting its constrained real-world impact on what is a niche, telecom-research-oriented software stack.
OS command injection in the Android WebView JavaScript bridge of openclaw-android (versions up to 0.4.0) permits a local, low-privileged attacker to execute arbitrary OS commands through the `JsBridge.kt` component. Exploitation is constrained to local device access, limiting real-world blast radius, but a publicly disclosed proof-of-concept exists per the CVSS 4.0 E:P supplemental metric. No patch has been released - a remediation pull request (#137) is pending acceptance, leaving all users on version 0.4.0 or earlier exposed.
Security policy bypass in Palo Alto Networks PAN-OS exposes protected services behind the firewall to traffic that should be blocked, exploitable by unauthenticated remote attackers via crafted IPv6 packets targeting the dataplane. The CVSS 4.0 score of 1.7 reflects that direct impact on the firewall itself is nil (VC:N/VI:N/VA:N), with only low-severity downstream effect on subsequent systems (SC:L/SI:L), and specific attack conditions must be present (AT:P). No public exploit code exists and no active exploitation has been reported (E:U), though the automatable flag (AU:Y) indicates the attack could in principle be scripted once conditions are met.
Multiple stored and reflected cross-site scripting vulnerabilities in PAN-OS expose the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal, and Clientless VPN web interfaces to unauthenticated attackers who can inject and execute arbitrary JavaScript in victim browsers. Affected deployments span PA-Series and VM-Series firewalls and Panorama management platforms; Cloud NGFW is explicitly not affected. No public exploit code exists (CVSS 4.0 E:U), and the vendor states risk is substantially reduced - potentially minimized - when portal and management access is restricted to trusted internal IP ranges per Palo Alto's recommended hardening guidelines.
Privilege escalation in Palo Alto Networks Cortex XDR Broker VM permits locally authenticated users to perform operations as the root user within the appliance. The vulnerability is constrained to the Broker VM itself - the CVSS 4.0 vector (SC:N/SI:N/SA:N) confirms no scope change to subsequent or adjacent systems, limiting the blast radius to the VM appliance. No public exploit exists (E:U) and no CISA KEV listing is present; the vendor-assigned CVSS 4.0 score of 1.1 reflects this low-urgency posture.
Path traversal in psd-tools through v1.17.0 exposes any application processing untrusted PSD files to arbitrary file write and secondary arbitrary file read via the SmartObject API. SmartObject.save() consumes the embedded smart-object filename verbatim from the PSD binary - without basename stripping, absolute-path rejection, or directory-escape filtering - allowing a crafted PSD to write attacker-supplied bytes to any path the process can reach. A secondary issue in SmartObject.open() for external-kind objects uses the attacker-controlled fullPath descriptor as a read source, enabling file exfiltration to the write destination. A standalone proof-of-concept is publicly confirmed in the advisory; the fix is vendor-confirmed in v1.17.1 (PR #657). No public exploit identified at time of analysis beyond the advisory-embedded POC, and no CISA KEV listing was found.
Open redirect bypass in openrun prior to v0.17.7 allows remote unauthenticated attackers to redirect victims to arbitrary external URLs by exploiting a double-slash path prefix that evades the application's host/scheme validation. The referrer-based redirect logic correctly validates the host and scheme but passes the extracted path `//attacker.com` to the Location header, which browsers interpret as a protocol-relative URL and resolve to an external destination. A proof-of-concept is publicly documented in the security advisory; no active exploitation has been confirmed by CISA KEV at time of analysis.
System principal privilege escalation in Zen Browser prior to 1.21.5b allows a malicious webpage to bypass Firefox's content-to-file security boundary by exploiting the browser's custom glance and split-view context-menu features. The 'Open link in glance' and 'Split link in new tab' actions navigate attacker-supplied file:// URLs using the System principal rather than the originating page's content principal, granting access to local filesystem contents that would be blocked by an ordinary click. A vendor-released patch exists in version 1.21.5b; no public exploit has been identified at time of analysis.
Missing ownership enforcement on Sylius Shop API payment request endpoints allows any caller who possesses a valid payment request UUID hash to read sensitive order data - including customer email, shipping addresses, and order totals - or manipulate post-payment redirect URLs to an attacker-controlled domain. Affected versions span the 2.0.x, 2.1.x, and 2.2.x release lines, with fixes available in 2.0.18, 2.1.15, and 2.2.6 per the vendor advisory GHSA-mr9r-h354-966r. No public exploit code or CISA KEV listing has been identified at time of analysis; real-world exploitability is gated on acquiring the UUID hash out-of-band.
PHP object injection in YesWiki's BazaR import feature allows an attacker to reach an unsafe unserialize() sink in tools/bazar/services/CSVManager.php, where attacker-supplied base64 data is deserialized without allowed_classes=false, instantiating arbitrary classes and triggering magic methods (__destruct, and __toString via array_map('strval')). Because the importentries mode lacks CSRF protection (the assigned root cause CWE-352), a remote attacker can host an auto-POSTing HTML page that, when visited by a logged-in wiki admin, drives the deserialization using the admin's session - chaining published Doctrine PHPGGC gadgets into remote code execution on the host. Publicly available exploit code exists demonstrating the object-injection primitive, but no full end-to-end RCE chain is published and this is not confirmed actively exploited (not in CISA KEV).
{{ 7 * 7 }} rendering as 49, escalated to an interactive reverse shell); this vulnerability is not in CISA KEV and there is no evidence of active exploitation.
Certificate revocation in nebula-mgmt (forgekeep/nebula-mesh ≤ v0.3.6) is non-durable due to two distinct authorization gaps at certificate issuance time. Blocked hosts bypass blocklist enforcement entirely by re-enrolling with a new token because `enroll.go:128` calls `caMgr.Sign()` without consulting the blocklist - a fingerprint-keyed structure that treats any fresh certificate as unknown. Separately, hosts enrolled under a subsequently-disabled operator auto-renew certificates indefinitely because `signHostCert` never re-validates operator or CA lifecycle status, meaning operator offboarding does not terminate provisioned host access. No public exploit is identified at time of analysis; both issues were discovered during an internal offensive security audit (tracking issue #178).
Server-side request forgery (and cross-scheme local file disclosure) in the Ruby css_parser gem (all versions prior to 3.0.0) lets an attacker who can land a single @import url(...) rule in parsed CSS force the server to issue arbitrary HTTP/HTTPS GETs to any internal host, port or IP, and — via an attacker-controlled 302 redirect to a file:// URI — read local files. Premailer-style consumers that re-emit the parsed CSS into rendered HTML/email leak any CSS-shaped response bytes back to the attacker, turning this into a data-exfiltration channel rather than a blind SSRF. No public CVSS is published and it is not in CISA KEV, but a complete working proof-of-concept (poc.rb) is included in the advisory, so publicly available exploit code exists.
Heap buffer overflow in pymonocypher's argon2i_32 function allows memory corruption when callers supply an undersized nb_blocks buffer, violating the library's API contract without triggering any bounds check. Applications using pymonocypher prior to version 4.0.2.8 that invoke the Argon2i password-hashing interface are at risk of heap corruption, which can produce crashes or potentially enable controlled memory writes. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed.
Root-privileged arbitrary directory creation and file write affects Note Mark (self-hosted notes application) versions <= v0.19.4, arising because book and note slug validation uses the unanchored huma OpenAPI pattern '[a-z0-9-]+', letting a low-privilege authenticated user store a path-traversal slug such as '../../../../etc/cron.d/x'. When an administrator later runs the 'note-mark migrate export' or 'export-v1' CLI (routinely as root in Docker), the exporter joins the raw slug into the output path and writes '_index.md' outside the export directory, enabling escalation to code execution as root. Publicly available exploit code exists (a version-pinned Go reproducer plus an end-to-end Docker walkthrough); this is the unpatched sibling of GHSA-g49p-4qxj-88v3 and is not listed in CISA KEV.
CVE-2026-58382 is associated with Ubuntu vendor reporting but contains no description, CVSS data, CWE classification, or technical detail in the available intelligence sources. No impact, affected component, or attack surface can be determined from the provided data. Analysis cannot be completed without additional source material from the vendor advisory or NVD entry.
CVE-2026-58385 is reported by Ubuntu as the sole intelligence source, but no description, CVSS score, CWE classification, or technical detail is available at this time. The affected product is inferred to be Ubuntu Linux or a component distributed through Ubuntu, but the vulnerability type, impact, and affected versions cannot be determined from the provided data. No meaningful synthesis is possible without a CVE description or supplementary intelligence.
CVE-2026-55564 has been reported by Ubuntu but carries no publicly available description, CVSS score, vector, or CWE classification at time of analysis. The affected product, vulnerability class, and impact scope are entirely unconfirmed from available intelligence. No assessment of attacker capability or victim exposure is possible without a description or vendor advisory detailing the flaw.
CVE-2026-45093 is a vulnerability reported by Ubuntu with no description, CVSS score, vector, or CWE available at time of analysis. The affected product, impact class, and exploitation conditions are entirely unknown from provided intelligence. No meaningful risk characterization is possible without additional vendor disclosure.
CVE-2026-58387 is attributed to Ubuntu (vendor source) but no description, CVSS score, CWE classification, or technical details are available in the provided intelligence data. The nature, impact, and exploitability of this vulnerability cannot be characterized at this time. No assessment of attacker capability, affected versions, or real-world risk is possible without additional data.
Insufficient public data exists to characterize CVE-2026-45092 with analytical confidence. The only intelligence signal available is a vendor report attributed to Ubuntu; no description, CVSS vector, CWE, CPE, EPSS score, KEV status, or reference URLs were supplied. No public exploit has been identified at time of analysis. This record should be treated as a placeholder requiring enrichment before any prioritization decision is made.
CVE-2026-45094 has been reported by Ubuntu (vendor source) but no description, CVSS score, vector, or CWE data is available at time of analysis. The affected product or package within the Ubuntu ecosystem cannot be determined from available data. No impact, attack vector, or severity assessment can be made without a description or supporting intelligence.
Insufficient data exists to characterize CVE-2026-45097 at this time. The only available intelligence signal is a vendor attribution to Ubuntu, with no description, CVSS score, CWE classification, or references provided. No independent synthesis is possible without a vulnerability description, affected version range, or technical details.
CVE-2026-49862 cannot be meaningfully summarized - the description field is absent and no technical intelligence is available beyond a vendor attribution to Ubuntu. No CVSS score, CWE classification, affected product details, or advisory references were provided in the input data. Security teams should consult the Ubuntu Security Notices (USN) portal and the NVD entry directly before making any risk decisions.
Insufficient data exists to characterize CVE-2026-49863 meaningfully. The only available intelligence signal is a reporter attribution of 'vendor:ubuntu', suggesting the vulnerability affects a package or component within the Ubuntu ecosystem. No description, CVSS vector, CWE classification, affected version range, or exploitation status has been provided, making substantive analysis impossible at this time.
CVE-2026-44978 has insufficient public data to characterize at this time. The only confirmed intelligence source is a Ubuntu vendor report, but no description, CVSS metrics, CWE classification, or affected product details are available in the current dataset. Security teams should treat this as an unresolved entry requiring further data gathering before risk assessment or remediation decisions can be made.
CVE-2026-53590 has been reported by Ubuntu but contains no publicly available description, CVSS scoring, CWE classification, or technical detail at the time of this analysis. The absence of all structured vulnerability data - description, vector, severity, and CWE - makes it impossible to characterize the impact, affected component, or exploitation conditions. No public exploit has been identified, and no KEV listing exists. Security teams should monitor the Ubuntu Security Notices (USN) portal for updated advisories.
Insufficient data exists to characterize CVE-2026-58388 beyond its Ubuntu vendor attribution. No description, CVSS vector, CWE classification, affected version range, or technical detail was provided in the intelligence feed. The only confirmed data point is that Ubuntu (Canonical) reported or acknowledged this CVE. No impact, attack vector, or exploitation conditions can be stated without fabricating information.
CVE-2026-58386 is reported by Ubuntu with no description, CVSS score, CWE classification, or additional intelligence available at time of analysis. The affected product, vulnerability class, and impact cannot be determined from the provided data. Security teams should consult Ubuntu Security Notices (USN) directly for authoritative details on this CVE.