Skip to main content

CWE-1384

Improper Handling of Physical or Environmental Conditions

6 CVEs Avg CVSS 8.0 MITRE
3
CRITICAL
1
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-49325 MEDIUM This Month

Anti-theft bypass in the 2025 Indian Motorcycle Scout Bobber + Tech allows a physical attacker who can access the Wireless Control Module wiring harness to leave the motorcycle fully operable without ever supplying a valid rider PIN. The root flaw is a fail-open ECU design: the peer ECU cannot distinguish an authenticated WCM shutdown pulse from a simple open-circuit condition caused by disconnecting the relevant wire pair, so wire interruption silently suppresses the immobilizer. Reported by ASRG under coordinated disclosure with connector details withheld; no public exploit has been identified and the vulnerability is not confirmed actively exploited (CISA KEV).

Authentication Bypass Scout Bobber Tech
NVD VulDB
CVSS 4.0
4.1
EPSS
0.0%
CVE-2026-2760 CRITICAL PATCH Act Now

Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2759 CRITICAL PATCH Act Now

Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2757 CRITICAL PATCH Act Now

Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.

Information Disclosure Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-52557 HIGH This Week

CVE-2025-52557 is a stored/reflected XSS vulnerability in Mail-0's Zero email solution (version 0.8) that allows unauthenticated attackers to craft malicious emails containing unexecuted JavaScript code. When a victim opens the email in the web interface, the JavaScript executes in their browser context, enabling session hijacking and potential account takeover. The vulnerability has been patched in version 0.81, and exploitation requires user interaction (opening the email), making it a moderate-to-high severity issue suitable for rapid patching.

XSS Information Disclosure Session Fixation
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2024-39355 MEDIUM PATCH This Month

Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Suse
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
EPSS 0% CVSS 4.1
MEDIUM This Month

Anti-theft bypass in the 2025 Indian Motorcycle Scout Bobber + Tech allows a physical attacker who can access the Wireless Control Module wiring harness to leave the motorcycle fully operable without ever supplying a valid rider PIN. The root flaw is a fail-open ECU design: the peer ECU cannot distinguish an authenticated WCM shutdown pulse from a simple open-circuit condition caused by disconnecting the relevant wire pair, so wire interruption silently suppresses the immobilizer. Reported by ASRG under coordinated disclosure with connector details withheld; no public exploit has been identified and the vulnerability is not confirmed actively exploited (CISA KEV).

Authentication Bypass Scout Bobber Tech
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.

Information Disclosure Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.

Information Disclosure Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.

Information Disclosure Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

CVE-2025-52557 is a stored/reflected XSS vulnerability in Mail-0's Zero email solution (version 0.8) that allows unauthenticated attackers to craft malicious emails containing unexecuted JavaScript code. When a victim opens the email in the web interface, the JavaScript executes in their browser context, enabling session hijacking and potential account takeover. The vulnerability has been patched in version 0.81, and exploitation requires user interaction (opening the email), making it a moderate-to-high severity issue suitable for rapid patching.

XSS Information Disclosure Session Fixation
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Suse
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy