2026-07-17
Sensitive information disclosure in FOSSASIA Open Event Server through 1.19.1 lets unauthenticated remote attackers export the full member roster of any group - email addresses, names, join dates, and roles - because the group followers CSV export endpoint carries no authentication decorator. Publicly available exploit code exists; the flaw is trivially automatable by enumerating sequential group IDs, triggering an export, and polling the unauthenticated task-status endpoint for the download URL. No public exploit has been added to CISA KEV, but the CVSS 4.0 base score of 8.7 (High) and confirmed PoC make it a credible mass-scraping risk.
Arbitrary code execution in Cursor for Windows 3.2.16 lets remote attackers run code on a developer's machine by planting a malicious git.exe in a repository's root directory. Because Cursor resolves and executes the workspace-resident git.exe at IDE startup and on a recurring timer, simply cloning and opening a crafted repository triggers execution under the current user's privileges with no explicit user action beyond opening the project. Publicly available exploit code exists and the flaw was reported by VulnCheck; there is no CISA KEV listing or active-exploitation confirmation in the data.
Privilege escalation in the User Registration & Membership WordPress plugin before 5.2.3 lets unauthenticated visitors self-assign an arbitrary published membership tier during public registration, gaining that tier's user role - including administrator where such a tier exists. The plugin never validates that the tier submitted in the registration form is one the form actually offers, so an attacker simply tampers with the submitted tier value. Publicly available exploit code exists (reported by WPScan), though active exploitation has not been confirmed.
Session token theft in SigNoz through 0.133.0 lets unauthenticated attackers hijack any user account on instances configured with Google OAuth, SAML, or OIDC single sign-on. Because the unauthenticated sessions-context endpoint accepts an attacker-controlled 'ref' parameter that is embedded unvalidated into the SSO state/redirect, an attacker crafts a login URL that returns the victim's access and refresh tokens to an attacker-controlled host once the victim completes SSO. Reported by VulnCheck (CWE-601, open redirect), publicly available exploit code exists, though it is not listed in CISA KEV and EPSS was not provided.
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash of the request body that anyone can compute. This allows unauthenticated attackers to forge a payment-success notification and mark unpaid WooCommerce orders as paid without any payment being made.
Broken access control in Maybe Finance (self-hosted personal finance app) through 0.6.0 lets any authenticated low-privilege member-role user read and rewrite instance-wide hosting settings because Settings::HostingsController applies the ensure_admin before_action only to clear_cache, leaving show and update exposed. A member can exfiltrate the operator's Synth API key rendered in plaintext in a form field, replace it with an attacker-controlled value, enable open public registration, and disable email-confirmation enforcement to disrupt the instance. Publicly available exploit code exists (reported by VulnCheck); this is not listed in CISA KEV, so there is no public exploit identified beyond the released POC.
Cross-organization data disclosure in TheHive through 4.1.24 allows any authenticated user to download attachments belonging to other organizations by supplying a known content-hash identifier. The flaw is a broken object-level authorization (BOLA/IDOR) in the attachment download endpoints, where AttachmentSrv.visible acts as a pass-through datastore traversal without enforcing organization scoping. Publicly available exploit code exists (published by VulnCheck / geo-chen), though there is no public exploit identified as actively exploited in the wild (not in CISA KEV).
Improper authorization in Dendrite (the Go-based Matrix homeserver) through version 0.13.8 lets any authenticated local user delete another user's third-party identifier (3PID) bindings via the POST /account/3pid/delete endpoint, because the Forget3PID handler removes the supplied address/medium without verifying ownership. By stripping a victim's email or MSISDN binding and rebinding it through an identity server, an attacker can hijack the victim's account-recovery/password-reset flow. Publicly available exploit code exists; there is no CISA KEV listing, so this is not confirmed as actively exploited.
Remote code execution is possible in the ProfilePress WordPress plugin (Paid Membership, Ecommerce, User Registration) in all versions through 4.16.18, where the DigitalProducts UploadHandler unconditionally registers an upload_mimes filter that whitelists executable extensions (.exe, .apk, .msi) across every WordPress upload context site-wide. Authenticated attackers with author-level access or above (per CVSS PR:L) can leverage this expanded MIME allowlist to upload executable files, leading to code execution. There is no public exploit identified at time of analysis, and this CVE is not listed in CISA KEV.
Sensitive configuration file disclosure in Grav CMS before 2.0.4 lets unauthenticated remote attackers bypass the bundled .htaccess protections by requesting blocked file types with uppercase or mixed-case extensions (e.g., .YAML, .PHP). The shipped rules omit the Apache [NC] flag, so extension matching is case-sensitive and fails to block case variants on case-insensitive filesystems (Windows/NTFS, macOS/HFS+, Docker volume mounts), exposing files that may hold API keys and credentials. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authorization bypass in OpenClaw versions 2026.1.20 through 2026.5.26 allows low-trust, authenticated callers to invoke the device.pair.approve feature and perform device-pairing approvals that should require stronger role-management authorization. Because the feature can be reached through configured input paths, an attacker holding only limited privileges can escalate their effective authority over device pairing, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the flaw was reported by VulnCheck and carries a CVSS 4.0 base score of 8.7.
Privilege escalation in the getgrav grav-plugin-api before 1.0.6 allows a low-privileged manager holding the api.users.write permission to become a super-admin. The createApiKey, generate2fa, and disable2fa endpoints never re-check super-admin status, so an attacker can mint API keys bound to super-admin accounts or strip 2FA from super-admin users and take over the entire Grav instance. No public exploit identified at time of analysis, but the vendor GHSA advisory and VulnCheck confirm the flaw.
Stored cross-site scripting in the ChronoForms extension for Joomla lets unauthenticated attackers persist malicious JavaScript that executes in the browser of anyone who later views the affected page. The flaw carries a CVSS 4.0 base score of 8.7 and requires no authentication (PR:N), though a victim must load the poisoned content (UI:P). There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Authorization bypass in the Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 lets any valid API key perform actions far beyond its intended scope. Although keys can be provisioned with a restricted scopes array (e.g. read-only), the ApiKeyAuthenticator class never reads or enforces those scopes and instead returns the owning user's full account object, so a limited key can execute any write, delete, or administrative operation the owner is entitled to. Reported by VulnCheck with no public exploit identified at time of analysis, but the flaw is trivially exploitable by any key holder against default configurations.
Reflected cross-site scripting in Sangoma Switchvox SMB Edition 8.3 (build 104997) lets an unauthenticated remote attacker execute arbitrary JavaScript in a victim's browser by luring them to a crafted link. The flaw stems from the application reflecting an unsanitized 'portal' parameter into JavaScript emitted by the invalid_browser and invalid_browser_login handlers. No public exploit is identified at time of analysis, though the reporting researcher (SRA) has published a technical writeup, and no evidence of active exploitation exists.
Arbitrary file write in GitHub Enterprise Server (all releases before 3.22) lets an attacker who already has code execution inside the Dependabot updater container escape the intended dependency-file directory via path traversal and symlink manipulation, planting attacker-controlled files anywhere in a repository - including GitHub Actions workflows under .github/workflows/. Because path validation checked the declared rather than the effective (symlink-resolved) path, an injected workflow can run with the repository's Actions secrets when the repo uses pull_request_target or auto-merge. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; CVSS 4.0 base score is 8.6 (High).
Cross-tenant data disclosure in Google Cloud Firebase Studio (versions prior to the 2026-04-15 fix) let an authenticated user retrieve other tenants' deployed source code and sensitive data by issuing unauthorized GCS signed-URL requests. The flaw stems from a missing authorization check (CWE-862) on the object-signing path rather than a code-execution bug, so impact is confidentiality-centric. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Server-side request forgery in Grav CMS before 2.0.4 allows authenticated users holding the api.webhooks.write permission to register webhooks with dangerous cURL protocol handlers (file://, dict://, gopher://) that fire when webhook events trigger. By abusing these unrestricted protocols an attacker can read local files, enumerate process and service information, and pivot to internal-only network services from the trust position of the Grav server. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; risk is driven by the CWE-918 primitive rather than confirmed in-the-wild activity.
Arbitrary code execution in ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, occurs because the tool auto-loads and honors a repository's project-local .mcp.json at startup without asking the user. A malicious repository can define mcpServers entries with arbitrary command/args (e.g. bash -c), so simply running the forge CLI inside a cloned untrusted repo spawns attacker-chosen commands as the invoking developer. Reported by VulnCheck with a vendor patch available; no public exploit tool is identified at time of analysis, though the CVE description itself embeds a working payload example.
Economic resource exhaustion in the ZenHive mpp Elixir library (versions 0.2.0 through 0.5.x) lets an unauthenticated remote client inflate a sponsoring fee-payer's gas cost per payment by roughly 7.4x, draining the sponsor wallet over sustained abuse. When deployed with fee_payer: true, MPP.Tempo.Transaction.cosign_fee_payer/3 re-signs client-supplied base fields of the 0x76 AASigned envelope verbatim - including an oversized EIP-2930 access list - without validating length or contents, so intrinsic gas is charged for fabricated entries that touch nothing on-chain. No public exploit identified at time of analysis, but the attack is fully detailed in the vendor advisory and fixed in 0.6.0.
Fee-payer wallet draining in ZenHive mpp (Elixir) 0.2.0-0.5.x lets an unauthenticated remote client empty the sponsor's wallet in a single request when the server runs with fee_payer: true. Because MPP.Tempo.Transaction.cosign_fee_payer/3 co-signs the client-supplied gas ceilings (max_fee_per_gas / max_priority_fee_per_gas) of the 0x76 AASigned envelope without bounds checking, an attacker sets arbitrarily large per-gas rates that are billed against the server's wallet, after which it can no longer sponsor legitimate payments. No public exploit identified at time of analysis; the issue was reported by the Erlang Ecosystem Foundation (EEF) and patched in 0.6.0.
Sensitive token exposure in the Grav CMS API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 allows attackers to hijack valid admin sessions after JWT access tokens leak from URLs. Because JwtAuthenticator::extractBearerToken accepts tokens via the ?token= query string on every API route, those tokens are written verbatim into web server access logs, Referer headers, browser history, and upstream proxy/CDN logs, and any captured token grants full admin API access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 4.0 score of 8.2 reflects the high value of the leaked admin credentials.
Google OAuth2 login can be fully impersonated in the Perl module Dancer::Plugin::Auth::Google (all versions through 0.07) because its default user agent is initialised with SSL_verify_mode set to SSL_VERIFY_NONE, disabling TLS certificate validation on calls to googleapis.com. A network man-in-the-middle can intercept the OAuth2 token exchange and userinfo fetch and return a forged access_token and profile, authenticating as any Google user to the Dancer application. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but an upstream fix (PR #5) is available.
Wallet-draining denial of service in ZenHive mpp (Elixir library) versions 0.2.0 through 0.5.x affects deployments configured as a Tempo fee payer (fee_payer: true), where the MPP.Methods.Tempo method co-signs and broadcasts a client-supplied EVM transaction without verifying the client's gas_limit is high enough to complete execution. An unauthenticated remote client can submit a signed transferWithMemo transaction with gas_limit set just below the required amount, causing an on-chain out-of-gas revert that still charges the sponsor's fee-payer wallet while the attacker pays nothing. There is no public exploit identified at time of analysis and this is not on CISA KEV, but repeated low-cost requests can exhaust the sponsor wallet and stop the server from funding gas for legitimate payment requests.
NoSQL injection in AhnLab EPP (Endpoint Protection Platform) Management v1.0.14.32-6249 allows an authenticated attacker to manipulate backend NoSQL queries through the eventlog/agentEvent/list endpoint, as the CVSS:3.1 vector (PR:L) indicates a low-privilege authenticated session is required. Successful exploitation yields high confidentiality and integrity impact (C:H/I:H), enabling extraction or tampering of security event-log data across the managed endpoint fleet. A public GitHub repository named for this CVE suggests exploit/PoC material may exist; it is not listed in CISA KEV and no EPSS score was provided.
Code injection leading to remote code execution affects IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 when an attacker can influence the JDBC connection URL passed to the driver. An attacker who controls the JDBC URL (typically via an application that builds connection strings from user input) can inject malicious properties or references that cause arbitrary code to execute in the context of the connecting application/driver host. IBM has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authorization bypass in OpenClaw before 2026.5.18 lets a low-trust, authenticated caller escape the exec allowlist by abusing weak glob matching, executing or persisting actions beyond their intended authorization. Reported by VulnCheck and tracked as a path-traversal-class flaw (CWE-22), it carries a CVSS 4.0 score of 7.7 with high confidentiality, integrity, and availability impact but requires the affected exec feature to be enabled. No public exploit identified at time of analysis; there is a GitHub security advisory and a corresponding VulnCheck advisory.
Authorization bypass in OpenClaw before 2026.6.5 lets a low-privileged, authenticated caller reach admin-scoped tools and perform privileged actions they should not be authorized for. The flaw stems from insufficient policy checks on configured input paths (CWE-862, Missing Authorization), so a lower-trust principal can escalate the scope of operations available to it. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was reported by VulnCheck with a CVSS 4.0 base score of 7.7.
Privilege escalation in OpenClaw's isolated cron job feature (versions 2026.6.1 through 2026.6.8) lets a lower-trust authenticated caller reclaim execution tools that authorization policy had explicitly denied, enabling actions and persistence beyond their intended trust level. The flaw is an incorrect-authorization (CWE-863) issue rooted in misconfigured input path handling within the cron subsystem, and carries a CVSS 4.0 score of 7.7. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Privilege escalation and unauthorized action execution in OpenClaw before 2026.6.6 arises from incomplete environment-variable filtering in its host exec path, which fails to strip rustup startup variables before spawning processes. A low-privilege caller (PR:L) with access to lower-trust invocation paths or configured input paths can influence the child process environment to run or persist actions above their intended authorization level, yielding high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authorization bypass in OpenClaw before 2026.6.5 lets a low-trust, authenticated caller execute node exec actions beyond their approved permissions by exploiting mismatched gateway and node environment configurations. The flaw (CWE-863, Incorrect Authorization) enables privilege escalation within the approval workflow and can be used to persist or run unauthorized actions. Reported by VulnCheck with a CVSS 4.0 base of 7.7; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authorization bypass in OpenClaw before 2026.5.18 lets low-privileged, authenticated callers escalate their actions through the device-pair approval feature, executing or persisting operations beyond their intended trust level. The flaw stems from improper authorization checks (CWE-863) on device-pairing input paths, and per the CVSS 4.0 vector it fully compromises confidentiality, integrity, and availability of the affected system. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Privilege escalation via authorization bypass in OpenClaw's QQBot exec approvals feature affects builds from 2026.5.14-beta.1 up to (but not including) 2026.5.27, letting a lower-trust or non-allowlisted sender execute or persist actions beyond their intended authorization. The CVSS 4.0 vector requires low existing privileges (PR:L) and a present attack requirement (AT:P), meaning the exec approvals feature must be enabled and reachable for exploitation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a fixed release (2026.5.27) and a vendor security advisory are available.
Authorization bypass in OpenClaw's ClickClack agent-mode dispatch (versions 2026.5.10-beta.1 through 2026.6.4) allows a lower-trust caller to invoke actions that should be blocked by the toolsAllow policy, because that policy check can be skipped during dispatch. With CVSS PR:L, an already low-privileged authenticated caller (or an attacker-controlled input path) can escalate the scope of actions when the agent-mode feature is enabled and reachable. No public exploit identified at time of analysis; the issue was reported by VulnCheck and fixed in 2026.6.5.
Sensitive information exposure in the LearnPress LMS plugin for WordPress (versions up to and including 4.4.1) lets unauthenticated attackers pull correct-answer markers, complete option lists, explanations, and full question content for any quiz on the site through the check_answer logic in its frontend REST API. This exposes graded assessment material for paid courses the attacker never enrolled in or paid for, defeating the plugin's course-access model. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the network-facing, no-authentication nature makes it trivially reproducible against affected sites.
Sensitive file disclosure in the Wazuh Manager (versions 4.0.0-4.10.3 and 4.11.0-4.14.4) allows a malicious enrolling agent to exfiltrate manager secrets by abusing the group parameter during enrollment. The authd enrollment daemon fails to filter path traversal ("..") sequences in the agent-selected group name, so remoted later builds shared-configuration paths that reach /var/ossec/etc and stream files such as client.keys, ossec.conf, and internal certificates to the attacker-controlled agent. There is no public exploit identified at time of analysis, but the network-reachable, unauthenticated CVSS 7.5 profile makes this a meaningful confidentiality risk for exposed manager enrollment services.
Denial of service in Wazuh's analysis engine (wazuh-analysisd) lets an unauthenticated remote attacker permanently halt SIEM alert processing on Wazuh manager versions 1.0.0 through 4.14.4. Because the official wazuh/wazuh-docker deployment ships with password-less agent enrollment enabled by default, an attacker can register as an agent and send a crafted rootcheck event that overflows a fixed 30-byte heap buffer, crashing the daemon while the dashboard and API keep showing stale data - silently blinding the SIEM. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to reach a critical function that lacks any authentication check, exposing confidential data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H) indicates trivial network exploitation with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).
Session hijacking in SEPPmail Secure Email Gateway and SEPPmail Cloud before 15.0.4.2 lets an attacker who can observe traffic replay a victim's GINA web portal session because the session token is exposed both in the URL and in an HTTP header. Because the token travels in the request URL, it can leak into proxy logs, browser history, and Referer headers, enabling account takeover of the secure-message portal. There is no public exploit identified at time of analysis and the CVSS 4.0 exploit-maturity metric is 'Unproven' (E:U); the vendor CVSS 4.0 base score is 7.5.
Sensitive information disclosure in iKAS Technology Inc.'s E-Commerce platform (all versions through build 03062026) allows remote unauthenticated attackers to retrieve embedded sensitive data returned in server responses. Classified under CWE-201, the flaw causes confidential data to be inserted into data sent to clients, exposing it without authentication or user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CSIRT (TR-CERT/USOM).
Sensitive information disclosure in Proliz Software's OBS (a student information management system) affects all versions before v3.6.0, allowing remote unauthenticated attackers to reach functionality that is not properly restricted by access-control lists (CWE-201) and retrieve confidential data. The CVSS 7.5 vector (AV:N/AC:L/PR:N/UI:N, C:H only) confirms network-reachable, no-privilege access with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CERT (TR-CERT/USOM).
Remote denial of service in the h2o HTTP server (all versions prior to commit 9265bdd) allows unauthenticated attackers to exhaust server memory by combining HPACK header-decompression amplification with Slowloris-style HTTP/2 stream stalling. By opening many streams that stall mid-request, an attacker forces the server to retain large volumes of amplified decoded header state, degrading or crashing the service. There is no public exploit identified at time of analysis, and the CVSS 7.5 (A:H only) reflects an availability-only impact with no confidentiality or integrity effect.
Stored cross-site scripting in the Kali Forms - Contact Form & Drag-and-Drop Builder plugin for WordPress (all versions through 2.4.18) lets fully unauthenticated attackers persist arbitrary JavaScript through the form's 'digitalSignature' field value, which is neither sanitized on input nor escaped on output. Because the form-submission nonce is exposed on any page rendering the form shortcode, the normal anti-CSRF barrier provides no protection, and the injected script executes in the browser of any user (including administrators) who later views the affected page. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a practical scan-and-spray candidate.
SQL injection in OpenRemote's datapoint crosstab export endpoint (all versions before 1.26.0) lets an authenticated user with asset creation or rename permissions exfiltrate database contents by embedding SQL into an asset display name that is concatenated into a raw PostgreSQL crosstab query. Injected SELECT results are streamed back inside the ZIP/CSV export response, giving a practical read primitive against any table the manager's database role can reach - including other tenants' data in multi-tenant deployments. Publicly available exploit code exists (VulnCheck/GHSA proof of concept); no active exploitation has been reported.
Session hijacking in Proxmox Virtual Environment (PVE 9.x/8.4.x) lets an authenticated user with rights to call the "vncproxy" API race the parallel "vncwebsocket" call and seize a VNC console session that a different user legitimately opened for a different VM. The flaw (CWE-362, CVSS 7.2) grants full interactive console access to another tenant's virtual machine, breaking isolation between users. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Broken object-level authorization in the Hashtopolis server web-interface chunk activity component lets any authenticated low-privilege account read all cracked hashes across the entire server, regardless of access-group membership. Affecting all versions prior to 0.14.8, the flaw exposes recovered plaintext credentials - the core sensitive output of the platform - to users who should only see their own group's data. No public exploit is identified at time of analysis, but the vendor confirmed the issue and shipped a fix in v0.14.8.
Cross-origin data exposure in the Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 stems from a hardcoded 'Access-Control-Allow-Origin: *' header returned on every response, including authenticated endpoints and preflight (OPTIONS) responses. Because the plugin authenticates via the Authorization and X-API-Token request headers rather than cookies, any malicious website scripting a leaked access token can read the response bodies of authenticated endpoints and perform write actions as that token's user. Reported by VulnCheck with no public exploit identified at time of analysis; not listed in CISA KEV.
Untrusted plugin loading in OpenClaw before 2026.5.22 lets an attacker with lower-trust caller access, or control over configured input paths, get malicious workspace plugins loaded through the setup-mode discovery process, executing or persisting actions above their intended authorization level. Exploitation is local and requires active user interaction plus a specific attack precondition (CVSS 4.0 base 7.1), and there is no public exploit identified at time of analysis. The root cause is inclusion of functionality from an untrusted control sphere (CWE-829) during setup-mode plugin discovery.
Insecure direct object reference in Chat2DB before 5.3.0 lets any authenticated non-admin user read the decrypted database credentials of datasources belonging to other users by enumerating IDs against GET /api/connection/datasource/{id}. Because the handler returns the plaintext password field and omits an ownership check, a single low-privileged account can harvest every other tenant's stored connection secrets. No public exploit has been identified at time of analysis, but exploitation is trivial and the EPSS/KEV signals were not supplied in the input.