Account takeover in Capgo before 12.128.2 stems from a password-change endpoint that omits current-password validation (CWE-620), letting an attacker who holds any temporary or low-privilege session set a new password without proving they know the old one. Because the CVSS 4.0 vector reflects a low-privilege (PR:L) network attacker with high confidentiality and integrity impact, a hijacked or briefly-borrowed session can be converted into permanent control, locking legitimate users out. No public exploit identified at time of analysis and the flaw is not on CISA KEV, so risk is credible but not confirmed as actively exploited.
Privilege escalation within RustDesk before 1.4.9 lets an authenticated peer that was granted only a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) send control messages and login options reserved for a full Remote session, because the server never re-validates a session's authorized scope. The result is that a peer given, for example, file-transfer-only access can observe and control the host's screen and input as if it held full remote-control rights. No public exploit has been identified at time of analysis, though the fixing pull request and commit are public, and no EPSS or CISA KEV data was supplied.
Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured via management.oauth_client_secret, prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The obsolete GET /api/auth endpoint returns the configured OAuth 2 client secret to unauthenticated callers, allowing any remote party with network reach to the management interface to harvest the credential and potentially impersonate the broker to its identity provider. No public exploit identified at time of analysis, and it is not listed in CISA KEV, though the fix and root cause are fully documented in the vendor GitHub Security Advisory GHSA-pj24-8j6m-vq9q.
{username}?task=save with data[password]. The saveUser handler checks that the caller has user-management rights but never verifies the caller is allowed to edit that specific target, an authorization gap (CWE-639) carrying a CVSS 4.0 score of 8.7. No public exploit identified at time of analysis; the fix is expected in 1.10.53.
Uncontrolled resource consumption in Grav flat-file CMS before 1.7.53 and 2.0.0-rc.8 lets a remote unauthenticated visitor crash or degrade a server by requesting on-the-fly image derivatives with absurdly large dimensions. Because Grav::fallbackUrl forwards URL query image actions such as forceResize straight to ImageMedium magic actions with no dimension or pixel ceiling, a single crafted request forces the server to allocate huge amounts of memory and CPU to build the derivative. No public exploit identified at time of analysis, but the attack is trivial and scriptable given the CVSS 4.0 VA:H, AV:N/AC:L/PR:N profile.
Missing authentication on the ST Engineering iDirect iQ200 satellite terminal exposes the /api/identity and /api/ REST endpoints to any unauthenticated party on the network, letting them harvest the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and firmware version. Because the DID and TPK underpin satellite-network authentication on the iDirect platform, the leaked identifiers can support terminal impersonation and targeted reconnaissance. Reported by CISA ICS-CERT (ICSA-26-183-01); no public exploit identified at time of analysis, and no EPSS score was provided.
Command execution allowlist bypass in PraisonAI before 4.6.78 lets a low-privileged attacker who can supply commands to the framework's restricted-execution feature slip past its shell-metacharacter filters by abusing find's built-in -exec, -execdir, and -delete actions. Because those actions run binaries and delete files entirely inside the find process, they never trip the metacharacter allowlist, so the attacker can read blocked files, delete arbitrary files, and launch non-allowlisted binaries. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the CVSS 4.0 base score of 8.7 (High) reflects full loss of confidentiality, integrity, and availability of the affected system.
Information disclosure in Capgo before 12.128.2 lets unauthenticated remote attackers call the get_orgs_v7(userid) RPC endpoint with arbitrary user UUIDs to read foreign users' organization memberships, roles, management emails, and billing metadata. The endpoint remained publicly invokable despite intended private access controls, so any internet-facing Capgo deployment on an affected version exposes tenant data cross-account. No public exploit has been identified at time of analysis, though the trivial invocation pattern (supply a UUID) makes weaponization straightforward.
WAF filtering bypass in OWASP ModSecurity (libmodsecurity) before 3.0.16 lets remote unauthenticated attackers smuggle malicious payloads past inspection rules by exploiting a multipart/form-data parser differential. The engine silently strips embedded line breaks from non-file form-field values before populating ARGS and ARGS_POST, so any rule whose detection depends on a newline (e.g. command, header, or injection syntax spanning a line break) fails to match while the backend still receives and acts on the intact payload. No public exploit identified at time of analysis, but the CVSS base score of 8.6 reflects a scope-changing integrity impact on every application shielded by an affected deployment.
Arbitrary file write leading to remote code execution in the Frappe framework (versions prior to 15.112.0 and 16.23.0) allows a privileged user to abuse the Package Import feature, where tarfile members are extracted without adequate path validation (a TarSlip / path-traversal flaw, CWE-22). An attacker who can upload a crafted package tarball can write files outside the intended extraction directory to overwrite application files and achieve code execution as the Frappe service account. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.6, reflecting high impact gated by a high-privilege prerequisite.
Authorization-model destruction in FlaskBB forum software (versions up to and including 2.2.0) lets an authenticated administrator wipe all six built-in permission groups through the management bulk-delete AJAX endpoint. Because the endpoint compares JSON integer group IDs against string literals, the guard meant to protect built-in groups never matches and silently allows their removal, collapsing the forum's entire permission model and potentially bricking the site. No public exploit identified at time of analysis; the flaw was reported by VulnCheck and is fixed in commit a5da9a5.
Authorization-gate bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker reach protected upstream LLM functionality through the /codex/* path, which next.config.mjs rewrites to /api/v1/responses without ever passing through the dashboardGuard API-key check. Because src/dashboardGuard.js only allowlists /v1, /v1beta, /api/v1, and /api/v1beta — omitting /codex — attackers can force the server to make upstream provider calls billed to operator-stored LLM credentials. No public exploit identified at time of analysis; fixed in 0.5.2.
Stored and reflected cross-site scripting in Grist (grist-core) before 1.7.15 lets an attacker place a javascript: URL into an unvalidated link href and execute script in a victim's authenticated Grist origin on a single click. Two entry points are affected: the /welcome/select-account page reflects its next query parameter into account-button links, and the GristDocTour table's Link_URL column renders as a clickable tour button, so a document editor can plant a payload that runs when another user opens the document. Because the script executes as the victim, it can drive Grist APIs to read or modify data and change sharing/access rules, letting an editor escalate to owner-level control. There is no public exploit identified at time of analysis and it is not in CISA KEV.
Privilege escalation in Logto's self-hosted SAML IdP (before 1.41.0) lets an authenticated low-privilege user forge signed SAML attributes such as roles, enabling elevated access at any relying Service Provider that authorizes on SAML attributes. Because user-controlled profile fields (name, email, custom attribute-mapping values) were string-substituted into an unescaped XML template via samlify 2.10.0, an attacker embeds XML markup that Logto then cryptographically signs as legitimate. Rated CVSS 8.5 with scope change; no public exploit identified at time of analysis, but the fix is confirmed in release v1.41.0 with a corresponding GitHub advisory and commit.
Arbitrary Python code execution in PraisonAI (praisonaiagents) before 1.6.78 occurs when AgentFlow._resolve_pydantic_class resolves a string output_pydantic reference in a workflow step, causing the framework to import a sibling tools.py from the workflow file's directory via importlib exec_module without any sandboxing. Because this loader ignores the PRAISONAI_ALLOW_*_TOOLS environment guardrails, an attacker who supplies a malicious workflow file plus its tools.py runs code with the workflow runner's privileges the moment the workflow is executed via WorkflowManager or loaded through load_yaml. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.
Local privilege escalation to arbitrary command execution in Samsung Bixby (versions prior to 4.0.70.8) allows a malicious co-located Android app to invoke improperly exported application components and run commands with Bixby's elevated privilege level. Reported by Samsung Mobile Security and rated CVSS 4.0 base 8.5; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation requires attacker-controlled code already present on the device (e.g., a rogue installed app), not remote network access.
SQL injection in Dell PowerFlex Manager prior to version 5.1.0.1 allows a remote, low-privileged authenticated attacker to inject crafted SQL commands through the management interface, resulting in information disclosure and unauthorized access to data beyond the attacker's authorized scope. Rated CVSS 8.5 with a scope-changed vector, the flaw is reported by Dell (DSA-2026-066) and carries confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary code execution in Samsung's libpadm.so system library on Galaxy devices allows a local, low-privileged attacker to corrupt memory via an out-of-bounds write and run code in the context of the vulnerable component prior to the SMR Jul-2026 Release 1. The flaw was reported internally by Samsung Mobile Security and carries a CVSS 4.0 base score of 8.4 (high). No public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege-escalating code execution in Samsung's libsavsac.so native library (used in Galaxy devices running firmware prior to the SMR Jul-2026 Release 1) allows a low-privileged local attacker to trigger an out-of-bounds write and execute arbitrary code in the context of the affected component. The flaw was reported by Samsung's own Mobile Security team and carries a CVSS 4.0 base score of 8.4 (High). No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Local privilege escalation to arbitrary code execution in Samsung's fabricKeymaster trustlet affects Galaxy devices running builds prior to the SMR Jul-2026 Release 1 security patch level. A local attacker who already holds privileged (root/system-level) access on the device can exploit a time-of-check-to-time-of-use race condition to run arbitrary code within the Keymaster trusted application, undermining the hardware-backed key store. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw was reported directly by Samsung's own mobile security team.
Out-of-bounds write in Samsung's Quram image codec library (libimagecodec.media.quram.so) on Samsung Android devices lets remote attackers corrupt memory outside allocated bounds by delivering a malformed DNG (Adobe Digital Negative) raw image, prior to the SMR Jul-2026 Release 1 patch level. The flaw carries CVSS 4.0 8.3 (High) with a network attack vector, no privileges and no user interaction, but a present attack requirement (AT:P). No public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds memory write in the Quram image codec (libimagecodec.media.quram.so) used by Samsung mobile devices allows remote attackers to corrupt memory while the library parses a malformed TIFF image, affecting builds prior to SMR Jul-2026 Release 1. Reported by Samsung's own mobile security team, the flaw carries a CVSS 4.0 base score of 8.3 (High) with a network vector and no privileges or user interaction required, though an attack requirement (AT:P) indicates a specific precondition. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Integrity bypass in Chainguard's apko (and the shared logic in melange) allows a network attacker to swap the actual installed contents of an apk package while its signature check still passes, because apko validated only the control-section hash (.PKGINFO) against the signed APKINDEX and never verified the data-section hash. Anyone able to compromise a package mirror, poison a fetch cache, or MITM the download can therefore inject arbitrary files into images built with these tools. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.
Authentication bypass in 9Router (decolua/9router) versions prior to 0.5.2 lets remote unauthenticated attackers reach protected /v1/* proxy APIs because src/dashboardGuard.js trusts any request arriving over loopback. When 9Router runs behind a same-host reverse proxy that forwards public traffic through 127.0.0.1 - the standard production deployment - external requests are misclassified as local, exposing /v1/models and enabling abuse of configured upstream AI provider credentials. No public exploit identified at time of analysis; scored CVSS 8.3 with a scope change reflecting downstream provider-credential abuse.
Update-signing bypass in @capgo/capacitor-updater (capgo OTA plugin for Capacitor apps) before 12.128.2 undermines its end-to-end encryption by shipping the same private key to every device that downloads the app. Because the public verification key can be derived from that distributed private key, an attacker with a man-in-the-middle position or control of the Capgo delivery server can forge a validly signed update bundle and push attacker-controlled code to devices. Reported by VulnCheck with a CVSS 4.0 base score of 8.3; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Unauthenticated arbitrary file write in EverOS, an AI-agent memory runtime by EverMind-AI, affects all versions prior to 1.0.1 via the POST /api/v1/memory/add ingestion endpoint. Because the per-message sender_id field is not sanitized as a path-safe identifier (unlike app_id and project_id), an attacker can supply ../ sequences that redirect where extracted memory episodes are written, letting a remote unauthenticated caller create or overwrite .md files outside the memory root with partially attacker-controlled content. No public exploit identified at time of analysis, and no EPSS score was provided, but the CVSS 8.2 rating and unauthenticated network reach make it a meaningful integrity risk for exposed instances.
Credential disclosure in R-SOFT DMS lets an attacker who obtains the stored superadmin password hash recover the plaintext password, because credentials are protected with a non-salted, nested MD5 hash that is trivially reversible via brute-force and precomputed rainbow tables. The superadmin account is high-value and cannot be rotated through the UI - the password can only be changed by editing the configuration file - so recovered credentials remain valid indefinitely. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Local privilege escalation in Lima (lima-vm) before 2.1.3 lets any unprivileged user inside a guest VM reach root when the instance runs the QEMU driver with the guest agent enabled. Because the world-reachable /run/lima-guestagent.sock exposes address tunneling - including Unix sockets for privileged daemons such as D-Bus - an in-guest attacker can proxy to root-owned services and execute arbitrary commands as root. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Authentication-bypass via timing side-channel in Phalcon's Crypt::decrypt (cphalcon PHP framework prior to 5.14.1) allows remote attackers to forge valid HMAC tags and have tampered ciphertext accepted as authentic. Because the HMAC verification uses PHP/Zephir identity comparison that short-circuits on the first mismatching byte, an attacker who can observe response timing can recover a valid tag byte-by-byte and break the encrypt-then-MAC integrity guarantee. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is confirmed and patched by the vendor in 5.14.1.
Authentication bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker forge a 'Host: localhost' header so the /v1 LLM proxy treats the request as local and skips API-key checks. Once past authentication, an attacker abuses stored provider credentials for upstream LLM calls and leverages /v1/search's searxng provider_options.baseUrl to force server-side requests to internal or cloud-metadata endpoints (SSRF). No public exploit identified at time of analysis, though the fixing commit is public, and EPSS/KEV signals are not provided.
Authentication bypass in the LoginPress Pro WordPress plugin (versions up to and including 6.2.3) lets unauthenticated attackers hijack any existing account, including administrators, by abusing the GitHub OAuth social-login callback. The loginpress_on_github_login() function binds the login session to profile[0]['email'] from GitHub's /user/emails endpoint without checking the verified flag, so an attacker who adds an unverified email matching a victim's account and triggers the callback can be logged in as that user. This maps to CWE-287 and carries a CVSS 8.1; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Object injection in the Drupal Tealium iQ Tag Management contributed module (versions before 2.4.0) lets authenticated attackers manipulate dynamically-determined object attributes to compromise data confidentiality and integrity. Because the CVSS vector (AV:N/AC:L/PR:L) indicates a low-privileged authenticated user over the network, any user with a foothold on the site can potentially abuse the flaw; there is no public exploit identified at time of analysis and the EPSS probability is low (0.42%). Drupal has published advisory SA-CONTRIB-2026-064 and released a fixed version.
Authentication bypass in the LoginPress Pro WordPress plugin (versions ≤ 6.2.3) lets unauthenticated attackers log in as any existing user - including Administrators - when the Spotify Social Login addon is enabled. The flaw stems from the plugin trusting the unverified email returned by Spotify's /v1/me endpoint to match and authenticate a WordPress account, so an attacker who registers a Spotify account with a victim's email gains that victim's session. No public exploit has been identified at time of analysis; CVSS is 8.1 with attack complexity rated High due to the required addon configuration.
Authentication bypass in the LoginPress Pro WordPress plugin (versions ≤ 6.2.3) lets unauthenticated attackers hijack any existing account - administrators included - by exploiting the Discord OAuth login handler, which trusts the email returned by Discord without checking Discord's verified flag. An attacker who knows a target's WordPress email registers a Discord account with that same (unverified) email and completes the normal OAuth flow to receive an authenticated session as the victim. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw was reported by Wordfence and is a full account-takeover primitive.
Server-side request forgery in Typebot before 3.17.2 lets an authenticated workspace editor or creator bypass the shared SSRF validator using the IPv6 unspecified address :: (and its expanded form), which validateIPAddress in packages/lib/src/ssrf/validateHttpReqUrl.ts fails to block. By configuring a server-side HTTP Request block or guarded script fetch, an attacker coerces the Typebot server to reach local HTTP services via safeKy, including flows reachable through startChat and continueChat endpoints. No public exploit identified at time of analysis, but the fix is confirmed in 3.17.2 and the technical root cause is documented in the vendor advisory.
Authentication step-up bypass in Logto self-hosted auth infrastructure prior to 1.41.0 lets an already-authenticated user manage MFA factors without re-proving their identity. The Account Center accepted any of the user's own verified records - including a self-created WebAuthn passkey-registration record - as proof of identity verification, so an attacker holding only a valid Account API bearer token could forge the logto-verification-id header and satisfy step-up checks. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the flaw is fixed in 1.41.0.
Improper permission enforcement in JetBrains TeamCity before 2026.1.2 lets authenticated low-privilege users modify CI/CD pipelines they should not control, undermining build integrity and potentially exposing pipeline secrets. Reported by JetBrains itself and carrying a CVSS 8.1, the flaw is a missing-authorization issue (CWE-862) rather than a memory-safety bug. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Privilege escalation in ZITADEL identity platform (before 4.15.3) allows an attacker holding a low-privilege OAuth2 token to exchange it for elevated permissions at a different application, because the token-exchange endpoint fails to bind the subject token to the requesting client and does not constrain requested scopes to the original token's scopes. Any authenticated principal with a valid low-scope token can escalate laterally across relying applications; no public exploit is identified at time of analysis and it is not listed in CISA KEV. A vendor patch (4.15.3) and fixing commit are available.
Object injection in the Drupal contrib module Flag attendance field (all versions up to and including 1.2) lets an authenticated user with low privileges pass attacker-controlled data into a dynamically-determined object attribute (CWE-915), enabling PHP object injection and high-impact compromise of data confidentiality and integrity. The Drupal Security Team published advisory SA-CONTRIB-2026-049 and a fixed release is available. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.17%, 7th percentile).
Object injection in the Drupal Plotly.js Graphing contributed module (all releases 0.0.0 through 3.0.2) lets an authenticated attacker with low privileges tamper with dynamically-determined object attributes, undermining both confidentiality and integrity of the site. The flaw stems from improperly controlled modification of object properties (CWE-915), and the network-reachable, low-complexity CVSS 3.1 vector (8.1) reflects meaningful severity; however, EPSS is only 0.16% (6th percentile) and no public exploit identified at time of analysis. It is not listed in CISA KEV.
Privilege escalation in the WP Business Intelligence Lite WordPress plugin (all versions through 3.2.0) allows authenticated Subscriber-level users to tamper with stored SQL queries because the plugin fails to enforce a capability/authorization check on the query-modification action (CWE-862). When an administrator later views the maliciously altered query, the attacker's arbitrary SQL executes in the admin context, enabling account takeover or full site compromise. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; it was reported through the Wordfence threat intelligence program.
Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows a non-privileged local user to corrupt kernel memory through crafted GPU API calls, potentially achieving privilege escalation. The flaw stems from incorrect buffer indexing in the sparse-memory page-freeing path when pages larger than 4kB are handled. Rated CVSS 7.8 (CWE-787); no public exploit identified at time of analysis and EPSS is low at 0.17% (6th percentile).
Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unprivileged user trigger a use-after-free by issuing an improper sequence of GPU system calls. By forcing a failure path in the MMU mapping logic, an attacker leaves internal driver state incompletely cleaned up, enabling unauthorized read/write access to physical memory from shader code. There is no public exploit identified at time of analysis and EPSS is low (0.15%), but the flaw carries high confidentiality, integrity, and availability impact for local attackers.
Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user trigger a use-after-free by abusing an integer overflow in GPU memory-mapping system calls. The flaw allows two GPU virtual addresses to alias the same physical page; freeing one mapping releases the page while the second dangling mapping retains read/write access, enabling cross-process memory disclosure and corruption. No public exploit is identified at time of analysis and EPSS is low (0.15%), but the local read/write UAF primitive is a strong stepping stone to kernel-level compromise.
Privilege escalation in Imagination Technologies' Graphics DDK GPU driver allows kernel-level software inside a Host VM to post malformed commands to the GPU firmware, forcing an improper GPU register access that can be leveraged to gain elevated privileges. The flaw (CWE-280, improper handling of permissions) affects multiple DDK release branches from 1.18 through 26.1 and is rated CVSS 7.8 (local, low complexity). There is no public exploit identified at time of analysis, and its EPSS probability is low (0.14%).
Local privilege escalation and memory corruption in Imagination Technologies Graphics DDK (PowerVR GPU driver kit) lets a malicious kernel driver inside a Host VM issue improper commands to the GPU firmware, causing a memory write outside the host kernel's permitted range. The flaw is a TOCTOU race in which values are altered in memory after the firmware validates them but before it uses them, bypassing the firmware's range enforcement. No public exploit identified at time of analysis, EPSS is low (0.12%, 2nd percentile), and it is not listed in CISA KEV.
Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.
Stored and reflected cross-site scripting in Grist (grist-core) prior to 1.7.15 lets a document editor inject script into a document's name or description that executes when higher-privileged users open the document, and lets attackers abuse the OAuth2 end-of-flow page's reflected openerOrigin parameter. Because the injected script runs in the victim's authenticated Grist origin, a mere document editor can read or modify data, alter sharing settings and access rules, and escalate to owner-level control. No public exploit identified at time of analysis; the issue is CWE-79 and is fixed upstream in the tagged 1.7.15 release.
{maintenance_id} endpoint authorizes the original record and asset but trusts an attacker-supplied asset_id without re-checking company scope, breaking multi-tenant isolation (CVSS 7.7, scope-changed). No public exploit identified at time of analysis, but the upstream fix commit and GitHub Security Advisory (GHSA-575r-357h-fhch) are published.
SQL injection in Dell PowerFlex Manager before 5.1.0.1 lets a low-privileged, remotely authenticated user inject crafted SQL into a backend query, resulting in unauthorized reading of database contents (information exposure). The flaw is fixed in 5.1.0.1 per Dell advisory DSA-2026-066, and there is no public exploit identified at time of analysis. Because exploitation requires a valid low-privilege account, the practical risk is highest in multi-tenant or broadly-provisioned management deployments rather than internet-facing unauthenticated exposure.