Monthly
Keycloak's SAML broker endpoint contains a validation flaw that allows attackers with a valid signed SAML assertion to inject encrypted assertions for arbitrary principals when the overall SAML response is unsigned. This leads to authentication bypass and unauthorized access to protected resources. Red Hat build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. No evidence of active exploitation (not in CISA KEV) has been reported.
Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.
Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.
Cisco IOS XR Software's IS-IS routing implementation fails to properly validate incoming protocol packets, enabling an adjacent network attacker to trigger repeated process crashes and temporary routing outages. An attacker with Layer 2 adjacency can send malformed IS-IS packets to force denial of service conditions affecting network connectivity. No patch is currently available for this high-severity vulnerability.
Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. Organizations running affected SQL Server versions should prioritize access controls and network segmentation until remediation is released.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21 contain insufficient input validation in the intarray extension's selectivity estimator function, enabling authenticated users with object creation privileges to execute arbitrary code with database server privileges. The vulnerability requires valid database credentials but allows complete system compromise through code execution at the OS level. No patch is currently available for affected deployments.
Improper validation of the "oidvector" type in PostgreSQL allows authenticated database users to read small amounts of server memory, potentially exposing sensitive data. This vulnerability affects PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21, with no patch currently available for impacted systems.
Unauthenticated remote attackers can crash Cisco TelePresence Collaboration Endpoint and RoomOS devices by sending specially crafted text through meeting invitations or similar channels, exploiting insufficient input validation in the text rendering subsystem. The vulnerability requires no user interaction and causes device reloads resulting in denial of service. No patch is currently available.
M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information through crafted prompts over the network.
Keycloak's SAML broker endpoint contains a validation flaw that allows attackers with a valid signed SAML assertion to inject encrypted assertions for arbitrary principals when the overall SAML response is unsigned. This leads to authentication bypass and unauthorized access to protected resources. Red Hat build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. No evidence of active exploitation (not in CISA KEV) has been reported.
Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.
Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.
Cisco IOS XR Software's IS-IS routing implementation fails to properly validate incoming protocol packets, enabling an adjacent network attacker to trigger repeated process crashes and temporary routing outages. An attacker with Layer 2 adjacency can send malformed IS-IS packets to force denial of service conditions affecting network connectivity. No patch is currently available for this high-severity vulnerability.
Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. Organizations running affected SQL Server versions should prioritize access controls and network segmentation until remediation is released.
Windows Ancillary Function Driver for WinSock in Windows Server 2025, 2022, and Windows 10 1809 contains insufficient input validation that allows authenticated local users to escalate privileges. An attacker with local access and valid credentials can exploit this vulnerability to gain elevated system permissions, though no patch is currently available. This HIGH severity vulnerability affects multiple Windows Server and client versions with no active exploit mitigation path.
PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21 contain insufficient input validation in the intarray extension's selectivity estimator function, enabling authenticated users with object creation privileges to execute arbitrary code with database server privileges. The vulnerability requires valid database credentials but allows complete system compromise through code execution at the OS level. No patch is currently available for affected deployments.
Improper validation of the "oidvector" type in PostgreSQL allows authenticated database users to read small amounts of server memory, potentially exposing sensitive data. This vulnerability affects PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21, with no patch currently available for impacted systems.
Unauthenticated remote attackers can crash Cisco TelePresence Collaboration Endpoint and RoomOS devices by sending specially crafted text through meeting invitations or similar channels, exploiting insufficient input validation in the text rendering subsystem. The vulnerability requires no user interaction and causes device reloads resulting in denial of service. No patch is currently available.
M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information through crafted prompts over the network.