2026-07-17
Authorization header leakage in OpenClaw before 2026.6.5 exposes credentials to unintended servers during MCP SSE redirect handling, allowing an authenticated lower-trust caller to gain access to resources beyond their intended authorization scope. The vulnerability affects deployments where the MCP SSE redirect feature is enabled and reachable by lower-trust input paths, with practical impact varying by operator configuration. Vendor-released patch 2026.6.5 is available; no public exploit code or active exploitation has been identified at time of analysis.
ReDoS in Grav CMS's Twig sandbox allows an authenticated page editor to crash the web server process via a catastrophically backtracking PCRE pattern supplied to the `regex_replace` filter. Affected versions are all Grav releases prior to 2.0.4. Exploitation requires a non-default configuration (`security.twig_content.process_enabled: true`) and at least page-editor-level authentication, limiting blast radius to deployments that have deliberately unlocked Twig processing in page content. No public exploit code or CISA KEV listing has been identified at time of analysis.
Missing authorization in OpenClaw's Discord moderation action handling allows a low-privilege caller to perform moderation operations - such as banning, kicking, or muting users - that should require elevated permissions. All OpenClaw versions prior to 2026.6.9 are affected per the vendor's GitHub security advisory (GHSA-f6p7-6326-vf7v), reported by VulnCheck. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS 4.0 integrity impact is rated High, reflecting meaningful abuse potential where a lower-trust actor gains outsized moderation authority over a Discord community.
Missing authorization controls in OpenClaw's MS Teams message actions feature permit a low-privilege authenticated caller to invoke operations that should require elevated permissions or policy checks, resulting in high integrity impact (VI:H per the CVSS 4.0 vector) on affected deployments. The flaw spans versions 2026.4.12-beta.1 through 2026.6.5, and practical severity is configuration-dependent - exploitation is gated on the MS Teams feature being enabled and reachable. No public exploit code exists and the vulnerability is not in the CISA KEV catalog; the vendor confirmed and patched the issue in 2026.6.6.
Authorization bypass in OpenClaw's hooks `allowedAgentIds` validation allows a lower-trust authenticated caller to circumvent agent ID restrictions by submitting blank agent IDs, effectively elevating privileges to perform actions gated behind stronger policy controls. Affected versions span OpenClaw 2026.2.12 through versions prior to 2026.5.26, with the flaw traceable to improper input validation of the agent identifier field during hook processing. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, though the high integrity impact (VI:H per CVSS 4.0) signals meaningful risk to deployments that rely on agent-scoped authorization boundaries.
Missing firmware integrity verification in ABB KNX Update Tool versions through 2.0.175 allows an adjacent network attacker with low-privilege access to inject tampered updates onto KNX building automation devices, leading to high integrity and availability impact. The vulnerability (CWE-353) means the tool accepts update packages without cryptographic validation, enabling a man-in-the-middle or rogue-update attack on the KNX bus segment. No public exploit code or CISA KEV listing has been identified at time of analysis, and active exploitation has not been confirmed.
Privilege enforcement failure in Apache Accumulo 2.1.4 and 2.1.5 allows any authenticated low-privileged user - one without system-level permissions - to remotely trigger graceful shutdown of critical cluster services including the manager, tserver, gc, compactor, compaction-coordinator, monitor, and sserver. The result is a denial of service against the distributed data store, disrupting availability for all cluster consumers until an administrator manually restarts the affected components. No public exploit has been identified at time of analysis; a vendor-released fix is available in version 2.1.6.
GitHub Enterprise Server (all versions prior to 3.22) is vulnerable to authenticated denial of service via unbounded YAML parsing depth in release notes configuration files. An authenticated user with repository access can craft a release notes configuration file containing arbitrarily deeply nested YAML structures; when release note generation is triggered, the YAML parser processes the nesting without any depth limit, causing excessive CPU and memory consumption that can render the entire GHES instance unresponsive. No public exploit has been identified at time of analysis, and this was responsibly disclosed through the GitHub Bug Bounty program.
Keycloak's identity provider management component exposes OIDC client secrets to delegated administrators who manipulate the masked sentinel value mechanism during IdP updates. When a delegated admin submits a configuration update using the sentinel placeholder for the client secret while simultaneously changing the token URL to an attacker-controlled endpoint, Keycloak improperly reuses the real underlying secret without validating the consistency of the changed security-sensitive field. On the next authentication flow through that identity provider, Keycloak transmits the real client secret to the attacker's token URL, resulting in credential exfiltration. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Keycloak's Client Policies enforcement mechanism - designed to mandate stronger OAuth/OIDC client authentication such as signed JWTs (RFC 7523) - can be bypassed by any attacker who already holds valid client credentials. By supplying a crafted, unsigned assertion header in the token request, the attacker causes Keycloak to evaluate policy compliance as satisfied without performing cryptographic verification, allowing authentication to proceed via a weaker method such as a plain client secret. No public exploit code has been identified and this vulnerability is not listed in CISA KEV; however, the integrity impact is meaningful for organizations that deployed Client Policies specifically to harden their authentication security posture, as those controls are silently neutralized.
Authorization code injection in Red Hat Build of Keycloak's keycloak-services component enables a network-positioned attacker to hijack OAuth 2.0 flows by intercepting and cross-client redeeming authorization codes. Because codes are not cryptographically bound to the originating client, an attacker who obtains a victim's in-flight code can submit it using their own registered client credentials and receive access tokens tied to the victim's identity. No public exploit has been identified at time of analysis, and the CVSS AC:H rating reflects the non-trivial code interception prerequisite that constrains opportunistic exploitation.
Unauthenticated settings reset in the Fense Proxy & VPN Blocker WordPress plugin (versions up to and including 3.0.1) allows any remote attacker to wipe the plugin's API key cache and configuration by invoking an unprotected AJAX endpoint. The fense_bpvt_save_settings() function is registered to both wp_ajax_* and wp_ajax_nopriv_* hooks without any capability check or nonce validation, meaning it is reachable without authentication and calls delete_option() and delete_transient() unconditionally on plugin-critical data. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but the attack is trivial to execute and carries a meaningful functional consequence: disabling the site's VPN and proxy detection capability.
SurrealDB versions 3.0.0 through 3.1.4 expose a query-planner authorization bypass that allows authenticated record users to infer the relative sort order of field values protected by field-level SELECT permissions. By issuing ORDER BY queries against indexed restricted fields, an attacker with normal table SELECT access can observe that rows are returned in the hidden field's true sorted order even though the field value itself is correctly redacted to null at projection time. No public exploit has been identified at time of analysis, and CISA KEV has not listed this vulnerability; however, the attack surface is inherent to any indexed field protected by field-level permissions in affected versions.
Missing authorization in GitHub Enterprise Server's delegated bypass endpoint exposes private repository metadata to any authenticated user with write access to a single repository on the same instance. The endpoint resolves rule suites from attacker-supplied encoded identifiers without verifying that the caller holds read permission on the target repository; because these identifiers are sequential, an attacker can enumerate them to harvest private repository names, owners, branch names, commit SHAs, commit messages, and pushing actors across the entire GHES instance. No public exploit identified at time of analysis; the issue was responsibly disclosed via the GitHub Bug Bounty program and vendor-released patches are available across all active support branches.
CAPTCHA bypass in GD::SecurityImage through version 1.75 for Perl stems from use of Perl's non-cryptographic rand() function to generate challenge text, making CAPTCHA tokens predictable and reversible by an unauthenticated network attacker. Any Perl web application relying on this library for bot protection is exposed to automated CAPTCHA solving, undermining form submission rate-limiting, account registration guards, and similar defenses. No public exploit code or active exploitation is identified at time of analysis, but the low attack complexity and the clear exploit path make this a practical integrity risk for deployed instances.
Out-of-bounds memory read and write in Tera Term's TTSSH2 SSH plugin exposes users who connect to attacker-controlled SSH servers to memory disclosure and potential client crashes. The root cause is an unsigned-to-signed integer conversion error (CWE-196) in the SSH connection handshake code, which can cause internal memory contents to be transmitted to the malicious server. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the network-reachable nature with no privilege requirement on the attacker side makes social-engineering lures a realistic delivery vector.
Out-of-bounds read/write in the TTSSH2 SSH plugin of Tera Term exposes users who connect to attacker-controlled SSH servers to memory disclosure and process crashes. A malicious SSH server can send crafted packets with inconsistent length parameters during connection establishment, causing the TTSSH2 plugin to read and write beyond allocated buffer boundaries - leaking adjacent memory contents (potentially including session data or credentials) back to the attacker's server. No public exploit or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated server-side position make this a credible threat for Tera Term users in environments where they may connect to untrusted SSH endpoints.
Authorization bypass in OpenClaw (versions 2026.3.28 through before 2026.5.19) allows low-privileged network attackers to exploit the browser act route's failure to validate current-tab URLs, enabling Server-Side Request Forgery (SSRF) that crosses authorization boundaries into restricted resources. The CVSS 4.0 scope-change metrics (SC:H/SI:L with VC:N/VI:N/VA:N) reveal that the primary impact falls on subsequent systems rather than OpenClaw itself - meaning attackers can reach internal resources or perform policy-restricted actions using their laundered, lower-trust credentials. No public exploit code or CISA KEV active exploitation listing has been identified at time of analysis.
Authentication bypass in OpenClaw before 2026.6.5 enables lower-trust network callers to forge A2UI actions that require higher authorization by submitting crafted HTTP Canvas responses through configured input paths. The flaw (CWE-345: Insufficient Verification of Data Authenticity) allows an attacker to subvert OpenClaw's trust hierarchy and execute privileged actions on downstream systems (SC:H/SI:H per CVSS 4.0), without any direct impact on the OpenClaw instance itself. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; the CVSS 4.0 score of 5.1 reflects significant real-world constraints from high attack complexity and required user interaction.
DNS rebinding protection bypass in OpenClaw before 2026.5.28 allows a lower-privileged caller to win a TOCTOU race window in the MS Teams safeFetch DNS validation path, potentially enabling requests to internal or restricted resources that should have been blocked by policy. Exploitation requires the safeFetch DNS rebinding check feature to be both enabled and reachable, and practical impact is heavily configuration-dependent. No public exploit code has been identified and no CISA KEV listing exists; the issue is confirmed via a vendor GitHub security advisory and VulnCheck reporting.
Full SYSTEM-level code execution in Broadcom's Symantec IT Management Suite (ITMS) 8.7.3 is reachable by any non-administrator interactive user via a DCOM and Windows Task Scheduler logic chain, requiring no network access and no memory corruption. The attack is confined to the local host, meaning a standard user account with an interactive session on the ITMS server is sufficient to achieve unrestricted SYSTEM privileges. No public exploit has been identified at time of analysis, though Broadcom's advisory carries the highest urgency rating (U:Red) and the CVSS 4.0 supplemental metric AU:Y indicates the exploitation steps can be automated once understood.
Local privilege escalation via a misconfigured WMI provider in Broadcom's Symantec IT Management Suite (Altiris) exposes SYSTEM-readable files to any local standard user. The AltirisAgent_Stream WMI class fails to re-impersonate the calling user when servicing queries, reverting to the LocalSystem context instead - allowing unprivileged local users to bypass filesystem ACLs and read files that are restricted to SYSTEM or Administrator accounts, including configuration files, service logs, and stored secrets. No public exploit has been identified at time of analysis, though the technique is mechanically straightforward for any authenticated local user; the Broadcom advisory (SA 37995) is the authoritative disclosure source.
Directory traversal via the unsanitized 'family' parameter in the Kirki plugin for WordPress (all versions up to and including 6.0.13) enables authenticated users holding editor-level access or above to delete arbitrary directories on the server filesystem, risking data loss and site unavailability. Reported by Wordfence, the flaw originates in insufficient path validation within FontService.php and GlobalDataController.php, which process the 'family' parameter without canonicalization or boundary enforcement. No public exploit code exists and no CISA KEV listing is present at time of analysis, but the potential for irreversible filesystem destruction makes this a meaningful risk on any WordPress site granting editor access to untrusted accounts.
Network policy bypass via Server-Side Request Forgery (SSRF) in OpenClaw's sandbox exec-server allows lower-trust callers to route HTTP requests to internal network destinations that OpenClaw policy is explicitly configured to block. All OpenClaw installations before version 2026.6.6 are affected. The CVSS 4.0 vector scores subsequent-system confidentiality impact as High (SC:H), reflecting that successfully bypassed network policies expose internal infrastructure - not the OpenClaw host itself - to unauthorized access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Server-side request forgery in OpenClaw's browser snapshot routes allows lower-privileged authenticated users to bypass the platform's network policy controls and reach internal destinations that should be blocked. Affected versions span 2026.4.14 through 2026.5.25; the fix shipped in 2026.5.26 per the vendor's GitHub security advisory. No public exploit code has been identified and this CVE is not listed in CISA KEV, though the CVSS 4.0 subsequent-system confidentiality rating of High reflects the real potential for lateral access to sensitive internal services.
Unauthorized role removal in Keycloak's admin REST API allows a delegated administrator to strip privileged child roles from composite roles they are not authorized to manage, corrupting the role hierarchy and revoking access for users and administrators who depend on those composite roles. Affected products span Red Hat Build of Keycloak, Red Hat Single Sign-On 7, Red Hat Data Grid 8, and Red Hat JBoss EAP Expansion Pack. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; however, in multi-tenant enterprise deployments where delegated administration is common, the integrity impact to IAM role structures is operationally significant.
Broken access control in Keycloak's organization management component allows a delegated administrator holding only organization management permissions to exploit the invitation API to provision new user accounts and inject unauthorized members into organizations. The attacker generates an invitation for a fabricated email address, then retrieves the secret registration link directly via the API - bypassing the email delivery step entirely - and uses it to self-register accounts without possessing user management permissions. No public exploit has been identified at time of analysis; exploitation is gated by the PR:H requirement (delegated administrator credentials), limiting realistic threat actors to insider or compromised-admin scenarios.
Forced browsing vulnerability in HCL DevOps Loop allows authenticated low-privileged users to access restricted administrative endpoints by directly navigating to protected URLs without proper authorization enforcement. The application fails to validate that the requesting user holds sufficient privileges before serving administrative responses, enabling unauthorized access to admin functionality over the network. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Directory traversal in the Ninja Forms - Excel Export WordPress plugin (versions ≤ 3.3.6) allows authenticated attackers with subscriber-level access to write .xls/.xlsx files to arbitrary server-side locations via the unsanitized 'spreadsheet_export_tmp_name' parameter. The vulnerability is a staging primitive: direct code execution is not possible through the traversal alone, but file placement in web-accessible or sensitive directories can enable follow-on attacks such as information disclosure or overwriting existing files. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.
Authorization bypass in the WP ERP WordPress plugin (versions through 1.17.6) allows authenticated attackers with subscriber-level access to create arbitrary company locations in the ERP database. The flaw stems from a missing authorization check in the plugin's Admin AJAX handler, as identified by Wordfence and corroborated by source code references at includes/Admin/Ajax.php. No public exploit code or CISA KEV listing exists at time of analysis, but the low privilege bar (any registered WordPress user) on a network-accessible endpoint makes opportunistic abuse straightforward on sites with open user registration.
Rate limit bypass in Wazuh's /events endpoint allows authenticated network users to inject events into analysisd beyond the administrator-configured global rate limit. A logic error in CheckRateLimitsMiddleware.dispatch() causes the endpoint-specific counter (hardcoded at 30 requests/min) to unconditionally overwrite the result of the global rate limit check, meaning the global max_request_per_minute threshold is silently ignored for this endpoint. Versions 4.6.0 through 4.14.4 are affected; no public exploit code has been identified and the issue is not listed in CISA KEV.
Subscriber-level WordPress users can exfiltrate complete PII datasets from all Ninja Forms submissions site-wide in Ninja Forms - Excel Export versions up to and including 3.3.6 by supplying arbitrary values to the `spreadsheet_export_form_id` parameter, which lacks authorization validation at the export endpoint. The missing access control enables horizontal privilege escalation across all form IDs on the installation, delivering names, email addresses, phone numbers, physical addresses, and any other collected PII as downloadable XLSX files to low-privileged users who should have no cross-form access. No public exploit code has been identified at time of analysis and CISA KEV listing is absent, but the low attack complexity (AC:L, no user interaction required beyond subscriber-level credentials) makes this a meaningful data privacy risk on WordPress sites with open user registration.
OAuth refresh token theft in HubSpot All-In-One Marketing - Forms, Popups, Live Chat (WordPress plugin 'leadin') exposes connected HubSpot tenants to unauthorized access. Authenticated WordPress users at contributor level or above can extract a plaintext HubSpot OAuth refresh token directly from the client-side window.leadinConfig JavaScript object, which is populated server-side via wp_localize_script() after the plugin decrypts the at-rest AES-256-CTR-encrypted token - rendering the encryption entirely ineffective against this attack path. A stolen token can be replayed against the HubSpot OAuth API to access or modify CRM contacts, marketing campaigns, and other tenant data in the connected HubSpot account. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.
Sensitive credential exposure in the keycloak-services authentication configuration endpoint allows view-only administrators to retrieve unmasked third-party service secrets, such as reCAPTCHA secret keys, through the administrative API. Affected deployments include Red Hat Build of Keycloak, Red Hat Single Sign-On 7, Red Hat Data Grid 8, and the JBoss EAP Expansion Pack. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; however, the confidential nature of the exposed values - functional API credentials for third-party services - elevates the practical impact beyond what the CVSS score of 4.3 might initially suggest.
Brute-force lockout bypass in Keycloak's Client-Initiated Backchannel Authentication (CIBA) flow allows an attacker holding valid OAuth client credentials to redeem previously approved authentication requests and obtain access and refresh tokens for a user account that has since been locked. This is an incomplete fix for CVE-2026-9798: the brute-force protection check was applied to the CIBA initiation handler but was never added to the token redemption handler, creating a gap that persists after the earlier patch. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Keycloak's default-groups REST endpoint and realm representation expose hidden group names and identifiers to delegated administrators who hold realm-viewing permissions but lack explicit group-viewing authorization. Affected products span Red Hat Build of Keycloak, Red Hat Single Sign-On 7, Red Hat Data Grid 8, and Red Hat JBoss EAP Expansion Pack. No public exploit code exists and CISA KEV listing is absent at time of analysis; the CVSS 4.3 Medium rating accurately reflects constrained impact limited to metadata disclosure.
CORS misconfiguration in HCL DevOps Loop enables authenticated network-adjacent attackers to perform unauthorized cross-origin requests against the application. The improper CORS policy potentially allows untrusted domains to read application responses, exposing session-bound resources to attacker-controlled origins. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the tag 'Authentication Bypass' suggests resource exposure can undermine access control assumptions.
Credential redaction bypass in OpenClaw before version 2026.6.1 allows lower-privileged local users to extract sensitive credentials through the trajectory export feature by exploiting misconfigured input paths or improperly accessible export functionality. The product's redaction controls fail to enforce trust boundaries, causing credentials that should remain opaque to lower-trust callers to surface in export output. No public exploit has been identified at time of analysis; exploitation requires local access, low privileges, and user interaction, which constrains realistic risk despite the high confidentiality impact when conditions are met.
HCL DevOps Loop omits critical HTTP security response headers, degrading browser-enforced protections against clickjacking, MIME-type sniffing, and cross-site scripting for all users of the application. The absence of headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options does not introduce a standalone exploit path but removes a layer of defense-in-depth that browsers rely on to block client-side attack chains. CVSS assigns a low score of 3.7 with high attack complexity, reflecting that meaningful impact requires chaining this weakness with a secondary technique; no public exploit has been identified and the vulnerability is not listed in CISA KEV.
Insecure file permissions on the HCL DFMPro (for CATIA), DFXAnalytics, and DFXServer installer executables allow any locally authenticated non-administrative user to overwrite or replace those binaries with malicious code. When a privileged user subsequently runs the tampered installer - during installation, upgrade, or reinstallation - the attacker's binary executes in the elevated context, completing a local privilege escalation. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor-reported CVSS 3.3 score materially understates the potential impact of a successful exploitation scenario.
Insufficient input validation in HCL DevOps Loop permits special characters in fields where they should be restricted, enabling authenticated network-accessible attackers under high-complexity conditions to trigger unintended application behavior resulting in limited information disclosure. The CVSS score of 3.1 (Low) reflects constrained real-world impact: exploitation requires prior authentication and specific conditions to materialize. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, indicating no confirmed active exploitation at time of analysis.
OpenClaw's QQBot media upload feature fails to enforce network-destination policy for lower-trust callers, enabling server-side requests to reach internal or blocked network addresses. Versions 2026.4.20 up to (but not including) 2026.5.28 are affected; the CVSS 4.0 score of 2.3 reflects that practical impact is tightly bounded by operator configuration - only subsequent-system confidentiality at a Low level is indicated (SC:L), with no direct impact to the vulnerable component itself. No public exploit code or active exploitation has been identified at time of analysis.
Broken access control in Grav Flex-Objects before 1.4.3 permits authenticated users holding only the api.access permission to perform full CRUD operations on directories lacking explicit permission configurations via the admin-next REST API. The vulnerability bypasses intended authorization controls (CWE-862) because the REST API fails to enforce object-level permission checks when no explicit policy is defined for a directory. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; however, the CVSS 4.0 AT:P metric confirms exploitation depends on the target instance containing permission-less directories, which may be common in default or lightly configured deployments.
Authorization bypass in OpenClaw before version 2026.5.18 allows authenticated low-privilege callers to exceed their intended permissions within the skill command dispatch subsystem. Exploiting misconfigured or reachable input paths, an attacker can circumvent tool policy restrictions and execute or persist actions at a higher trust level than authorized when the affected feature is active and reachable. No public exploit code or active exploitation has been identified; the CVSS 4.0 score of 2.3 reflects the specific preconditions required for successful exploitation.
Authorization bypass in OpenClaw MS Teams before 2026.5.12 allows authenticated lower-privileged users to escalate their effective permissions by spoofing display names that the `allowFrom` access-control feature trusts as immutable identifiers. The root flaw (CWE-290) is that the authorization decision is anchored to a mutable attribute - the display name - rather than a stable, non-spoofable identity token. No public exploit code and no CISA KEV listing have been identified at time of analysis; the CVSS 4.0 score of 2.3 reflects the limited blast radius and the attack requirement precondition.
Incorrect authorization in OpenClaw's ClickClack allowFrom feature permits a lower-trust, authenticated caller to exceed their intended permission boundary - executing or persisting non-allowlisted commands - on versions 2026.5.12 through before 2026.5.26. The flaw (CWE-863) is contingent on the ClickClack allowFrom feature being both enabled and reachable, which meaningfully limits the exploitable population. No public exploit exists and the vulnerability is not listed in CISA KEV; a CVSS 4.0 score of 2.3 reflects the constrained attack surface.
CSRF in grav-plugin-login before 3.8.11 allows a remote unauthenticated attacker to rotate a logged-in victim's TOTP secret by luring them to an attacker-controlled page that performs a top-level GET navigation to the Grav site's regenerate2FASecret task endpoint. Because Grav dispatches frontend tasks via GET URI parameters and the default SameSite=Lax session cookie policy permits cross-origin top-level GET navigations to carry cookies, the victim's authenticator app is silently invalidated, forcing 2FA re-enrollment - though the attacker gains no account access. No public exploit has been identified at time of analysis; CVSS 4.0 score is 2.3, reflecting genuinely low severity.
Prototype pollution in sagold json-schema-library 11.5.0 and 11.5.1 allows remote low-privileged attackers to corrupt the JavaScript Object prototype by supplying crafted schema definitions or input data containing reserved keys such as `__proto__` processed by the `parsePropertyDependencies` function. The CVSS 4.0 vector confirms low-privilege network exploitation with limited but real confidentiality, integrity, and availability impact; the E:P supplemental metric confirms proof-of-concept code exists. No CISA KEV listing is present, so confirmed mass exploitation is not established at time of analysis.
The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets.
The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses.