Monthly
Arbitrary command execution in F5 BIG-IP and BIG-IQ Certificate Manager allows highly privileged attackers with Certificate Manager role to run OS commands by modifying configuration objects. The vulnerability requires network access and high privileges (PR:H) but enables scope change (S:C) with high confidentiality and integrity impact. Vendor-released patch available per F5 Security Advisory K000160971. EPSS data not provided; no confirmed active exploitation (not in CISA KEV) or public exploit code identified at time of analysis.
OpenXiangShan NEMU emulator's RISC-V Hypervisor extension implementation allows VS-mode guest writes to the sie (supervisor interrupt-enable) CSR to corrupt machine-level mie state, breaking privilege isolation between virtualization layers. Fixed in commit 55295c4 per GitHub PR #938. Despite CVSS 9.8 Critical rating with network attack vector (AV:N), the EPSS score of 0.03% (9th percentile) indicates extremely low observed exploitation probability, and the vulnerability specifically affects RISC-V emulator environments rather than typical network-accessible services. No CISA KEV listing or public exploit identified at time of analysis, suggesting this is a theoretical high-severity issue in specialized research/development contexts rather than an imminent widespread threat.
Apache Cassandra 5.0 through 5.0.6 in mTLS environments using MutualTlsAuthenticator allows authenticated users with only CREATE permission to escalate privileges to superuser via certificate identity manipulation through the ADD IDENTITY command. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with SSVC indicating non-automatable exploitation but total technical impact. Apache released patch version 5.0.7+ addressing this privilege escalation flaw (CWE-267: Privilege Defined With Unsafe Actions).
Improper access control in REB500 firmware allows authenticated users with low privileges to read and modify unauthorized directories via the DAC protocol. An attacker with valid credentials can escalate their file system access beyond their intended permissions, potentially compromising sensitive data or system integrity. No patch is currently available for this vulnerability.
Authenticated users with Installer role in REB500 firmware can bypass directory access controls to read and modify files outside their authorized scope. This privilege escalation affects systems where installer accounts are provisioned, enabling unauthorized data access and manipulation. No patch is currently available.
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]
The Drupal Role Delegation module versions 1.3.0 through 1.5.0 contains an unsafe privilege definition vulnerability that permits authenticated users with delegation permissions to escalate their privileges within the application. An attacker with limited account access could exploit this flaw to gain elevated permissions and modify system settings or access restricted functionality. No patch is currently available for this vulnerability.
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2. [CVSS 5.4 MEDIUM]
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Arbitrary command execution in F5 BIG-IP and BIG-IQ Certificate Manager allows highly privileged attackers with Certificate Manager role to run OS commands by modifying configuration objects. The vulnerability requires network access and high privileges (PR:H) but enables scope change (S:C) with high confidentiality and integrity impact. Vendor-released patch available per F5 Security Advisory K000160971. EPSS data not provided; no confirmed active exploitation (not in CISA KEV) or public exploit code identified at time of analysis.
OpenXiangShan NEMU emulator's RISC-V Hypervisor extension implementation allows VS-mode guest writes to the sie (supervisor interrupt-enable) CSR to corrupt machine-level mie state, breaking privilege isolation between virtualization layers. Fixed in commit 55295c4 per GitHub PR #938. Despite CVSS 9.8 Critical rating with network attack vector (AV:N), the EPSS score of 0.03% (9th percentile) indicates extremely low observed exploitation probability, and the vulnerability specifically affects RISC-V emulator environments rather than typical network-accessible services. No CISA KEV listing or public exploit identified at time of analysis, suggesting this is a theoretical high-severity issue in specialized research/development contexts rather than an imminent widespread threat.
Apache Cassandra 5.0 through 5.0.6 in mTLS environments using MutualTlsAuthenticator allows authenticated users with only CREATE permission to escalate privileges to superuser via certificate identity manipulation through the ADD IDENTITY command. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with SSVC indicating non-automatable exploitation but total technical impact. Apache released patch version 5.0.7+ addressing this privilege escalation flaw (CWE-267: Privilege Defined With Unsafe Actions).
Improper access control in REB500 firmware allows authenticated users with low privileges to read and modify unauthorized directories via the DAC protocol. An attacker with valid credentials can escalate their file system access beyond their intended permissions, potentially compromising sensitive data or system integrity. No patch is currently available for this vulnerability.
Authenticated users with Installer role in REB500 firmware can bypass directory access controls to read and modify files outside their authorized scope. This privilege escalation affects systems where installer accounts are provisioned, enabling unauthorized data access and manipulation. No patch is currently available.
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]
The Drupal Role Delegation module versions 1.3.0 through 1.5.0 contains an unsafe privilege definition vulnerability that permits authenticated users with delegation permissions to escalate their privileges within the application. An attacker with limited account access could exploit this flaw to gain elevated permissions and modify system settings or access restricted functionality. No patch is currently available for this vulnerability.
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2. [CVSS 5.4 MEDIUM]
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.