Monthly
Privilege escalation in Portainer Community Edition stems from permissive default endpoint security settings that grant non-admin users with endpoint access the ability to create containers with bind mounts, privileged mode, host namespaces, device mappings, sysctl settings, and Linux capabilities. An authenticated low-privilege user can leverage these defaults to read arbitrary host files or break out of the container boundary to achieve root-equivalent code execution on the Docker host. Publicly available exploit code exists per CVSS v4.0 threat metrics (E:P), but the issue is not listed in CISA KEV.
Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate directory contents, potentially revealing sensitive files, configuration data, or internal path structures. Both the Appliance and Rack deployment forms are confirmed affected per Dell advisories DSA-2025-434 and DSA-2025-435. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, but the combination of Information Disclosure and Privilege Escalation tags suggests the exposed directory contents may facilitate further privilege escalation beyond initial information leakage.
Incorrect default permissions in Progress Software MOVEit Automation expose embedded sensitive data to authenticated low-privileged users over the network. Affected versions span the 2025.0.x line before 2025.0.11 and the 2025.1.x line before 2025.1.7. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:H) indicates that any network-accessible instance running a vulnerable version can be exploited by a legitimately authenticated user with minimal privileges, resulting in high confidentiality impact with no integrity or availability loss. No public exploit identified at time of analysis and this CVE is not listed in CISA KEV.
Cross-tenant DNS and TLS poisoning in Windmill versions prior to 1.703.2 allows authenticated low-privilege users to write to /etc/hosts, /etc/resolv.conf, and the system CA bundle from inside nsjail script sandboxes, persisting tampered state across every subsequent job on the same worker pod. Because poisoned entries survive between executions, attackers can hijack hostname resolution, perform transparent HTTPS man-in-the-middle, and steal WM_TOKEN JWTs to escalate to workspace-admin in other tenants. Publicly available exploit code exists per SSVC (poc), and CVSS 4.0 rates this 8.6 with high confidentiality and integrity impact.
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrated Circuit) interface configuration that allows local users with standard privileges to cause permanent denial of service or corrupt memory module integrity via unprotected firmware access. The vulnerability affects Ryzen 4000, 7000, 7020, 7030, 7035, 7040, 7045 series processors and Threadripper Pro 3000 WX-series, requiring local system access but no special privileges or user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.
Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights.
Privilege escalation in AMD GPIO controller driver for Windows allows authenticated local users with low privileges to execute arbitrary code with elevated rights via insecure directory permissions. Affects nearly the entire AMD processor portfolio from Ryzen 3000-series through latest EPYC 9005 and Ryzen AI 300. AMD has released patched chipset drivers (version 7.04.09.545 for most desktop/mobile products, 8.03.16.641 for server platforms) addressing the vulnerability. EPSS score and KEV status not provided in source data, but the local attack vector and user interaction requirement limit remote exploitation risk despite the 7.0 CVSS score.
CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.
Hiseeu C90 v5.7.15 exposes a UART bootloader in debug mode when the device battery is disconnected, allowing unauthenticated physical attackers with direct hardware access to achieve privilege escalation and potentially execute arbitrary code with full device control. This vulnerability requires physical tampering to trigger but bypasses all software-based security controls once activated.
Privilege escalation in Portainer Community Edition stems from permissive default endpoint security settings that grant non-admin users with endpoint access the ability to create containers with bind mounts, privileged mode, host namespaces, device mappings, sysctl settings, and Linux capabilities. An authenticated low-privilege user can leverage these defaults to read arbitrary host files or break out of the container boundary to achieve root-equivalent code execution on the Docker host. Publicly available exploit code exists per CVSS v4.0 threat metrics (E:P), but the issue is not listed in CISA KEV.
Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate directory contents, potentially revealing sensitive files, configuration data, or internal path structures. Both the Appliance and Rack deployment forms are confirmed affected per Dell advisories DSA-2025-434 and DSA-2025-435. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, but the combination of Information Disclosure and Privilege Escalation tags suggests the exposed directory contents may facilitate further privilege escalation beyond initial information leakage.
Incorrect default permissions in Progress Software MOVEit Automation expose embedded sensitive data to authenticated low-privileged users over the network. Affected versions span the 2025.0.x line before 2025.0.11 and the 2025.1.x line before 2025.1.7. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:H) indicates that any network-accessible instance running a vulnerable version can be exploited by a legitimately authenticated user with minimal privileges, resulting in high confidentiality impact with no integrity or availability loss. No public exploit identified at time of analysis and this CVE is not listed in CISA KEV.
Cross-tenant DNS and TLS poisoning in Windmill versions prior to 1.703.2 allows authenticated low-privilege users to write to /etc/hosts, /etc/resolv.conf, and the system CA bundle from inside nsjail script sandboxes, persisting tampered state across every subsequent job on the same worker pod. Because poisoned entries survive between executions, attackers can hijack hostname resolution, perform transparent HTTPS man-in-the-middle, and steal WM_TOKEN JWTs to escalate to workspace-admin in other tenants. Publicly available exploit code exists per SSVC (poc), and CVSS 4.0 rates this 8.6 with high confidentiality and integrity impact.
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrated Circuit) interface configuration that allows local users with standard privileges to cause permanent denial of service or corrupt memory module integrity via unprotected firmware access. The vulnerability affects Ryzen 4000, 7000, 7020, 7030, 7035, 7040, 7045 series processors and Threadripper Pro 3000 WX-series, requiring local system access but no special privileges or user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.
Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights.
Privilege escalation in AMD GPIO controller driver for Windows allows authenticated local users with low privileges to execute arbitrary code with elevated rights via insecure directory permissions. Affects nearly the entire AMD processor portfolio from Ryzen 3000-series through latest EPYC 9005 and Ryzen AI 300. AMD has released patched chipset drivers (version 7.04.09.545 for most desktop/mobile products, 8.03.16.641 for server platforms) addressing the vulnerability. EPSS score and KEV status not provided in source data, but the local attack vector and user interaction requirement limit remote exploitation risk despite the 7.0 CVSS score.
CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.
Hiseeu C90 v5.7.15 exposes a UART bootloader in debug mode when the device battery is disconnected, allowing unauthenticated physical attackers with direct hardware access to achieve privilege escalation and potentially execute arbitrary code with full device control. This vulnerability requires physical tampering to trigger but bypasses all software-based security controls once activated.