Monthly
Remote command execution in certain ASUS router firmware allows a network man-in-the-middle attacker to force the router to download and run arbitrary commands from a spoofed update/download server. The root cause is a failure to validate both the integrity check value (CWE-354) and the TLS server certificate, so an attacker positioned in the network path can impersonate a legitimate ASUS server. No public exploit identified at time of analysis and the flaw is not in CISA KEV; ASUS self-reported it and rates it critical (CVSS 4.0 9.5), though exploitation requires the attacker to first achieve a MITM position (AT:P).
Denial-of-service in Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT ControlLogix EtherNet/IP communication modules lets an unauthenticated network attacker drop active device connections by sending malformed CIP Implicit (I/O) Connection packets. Because CVSS 4.0 rates only availability impact (VC:N/VI:N/VA:H) and connections recover immediately once the traffic stops, the flaw enables repeatable disruption rather than persistent outage or code execution. No public exploit identified at time of analysis, and the module is not in CISA KEV.
MAC forgery in wolfSSL 5.9.0 and later allows an attacker to authenticate arbitrary tampered messages when HMAC-BLAKE2 is used with keys exceeding the BLAKE2 block size. The wc_Blake2bHmacFinal and wc_Blake2sHmacFinal functions incorrectly reused the running message hash state to process oversized keys, discarding accumulated message data and producing a MAC that depends solely on the key, not the message. No public exploit has been identified at time of analysis, but the integrity failure is straightforward to exploit in any protocol or application that uses wolfSSL HMAC-BLAKE2 with keys longer than 128 bytes (BLAKE2b) or 64 bytes (BLAKE2s).
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered packages install silently because the tarball extraction worker skips hash verification whenever the lockfile resolution has no `integrity` field. An attacker who can both edit `pnpm-lock.yaml` to drop the `integrity:` line and cause the referenced registry URL to serve altered content can push a malicious package through `pnpm install --frozen-lockfile` without any integrity error - a fail-open gap that npm's `npm ci` does not share. Publicly available exploit code exists; EPSS is low (0.12%, 2nd percentile) and the issue is not in CISA KEV.
Signature bypass in Mastodon's ActivityPub federation layer allows remote unauthenticated attackers to falsely attribute article authorship by manipulating the `toot:attributionDomains` property of signed Update activities. Affected are all Mastodon instances running versions 4.3.0 through 4.5.10 or 4.4.x through 4.4.17, where a JSON-LD definition error renders Linked Data Signatures on this specific property non-binding. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the low attack complexity (CVSS AV:N/AC:L/PR:N) and the federated, internet-exposed nature of the protocol make exploitation straightforward for any actor able to send ActivityPub messages.
Linked-Data Signature normalization in Mastodon allows unauthenticated remote attackers to remove JSON entries from valid signed ActivityPub activities, effectively spoofing or distorting federated content attributed to legitimate third-party actors. All Mastodon instances prior to versions 4.5.10, 4.4.17, and 4.3.23 are affected across all maintained release branches. The CVSS vector (AV:N/AC:L/PR:N/UI:N) reflects low-complexity network exploitation with no authentication required; no public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV.
Authentication bypass in Apache APISIX's jwe-decrypt plugin (versions 3.8.0 through 3.16.0) allows unauthenticated network attackers to circumvent JWE token integrity validation and reach services protected by the gateway. The root cause (CWE-354) is improper validation of the JWE authentication tag under the plugin's default configuration, meaning crafted or tampered tokens are accepted as legitimate. No public exploit code and no CISA KEV listing are identified at time of analysis; the vendor-released fix is Apache APISIX 3.17.0.
Denial-of-service in Rockwell Automation 1769 CompactLogix 5370 controllers allows remote unauthenticated attackers to induce a minor fault on the PLC by abusing Connection IDs exposed via the device's web interface and sending forged CIP traffic. The CVSS 4.0 base score of 8.7 reflects high availability impact with no authentication or user interaction required, and no public exploit has been identified at time of analysis.
Integrity-check bypass in OpenSSL 3.4.x, 3.5.x, 3.6.x, and 4.0.0 allows PKCS#12 files protected with PBMAC1 to be accepted even when secured by dangerously short HMAC keys, undermining the authentication of the keystore contents. Vendor patches are available in 3.4.6, 3.5.7, 3.6.3, and 4.0.1, and no public exploit identified at time of analysis; EPSS is 0.00% and the issue is not on the CISA KEV list.
Pre-NVD disclosure via GitHub release 'OpenSSL 4.0.1' (openssl/openssl). OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in `PKCS7_verify()`. ([CVE-2026-45447]) * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. ([CVE-2026-34182]) * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. ([CVE-2026-34183]) * Fixed double-free when checking OCSP stapled respo
Remote command execution in certain ASUS router firmware allows a network man-in-the-middle attacker to force the router to download and run arbitrary commands from a spoofed update/download server. The root cause is a failure to validate both the integrity check value (CWE-354) and the TLS server certificate, so an attacker positioned in the network path can impersonate a legitimate ASUS server. No public exploit identified at time of analysis and the flaw is not in CISA KEV; ASUS self-reported it and rates it critical (CVSS 4.0 9.5), though exploitation requires the attacker to first achieve a MITM position (AT:P).
Denial-of-service in Rockwell Automation 1756-EN2, 1756-EN3, and 1756-ENBT ControlLogix EtherNet/IP communication modules lets an unauthenticated network attacker drop active device connections by sending malformed CIP Implicit (I/O) Connection packets. Because CVSS 4.0 rates only availability impact (VC:N/VI:N/VA:H) and connections recover immediately once the traffic stops, the flaw enables repeatable disruption rather than persistent outage or code execution. No public exploit identified at time of analysis, and the module is not in CISA KEV.
MAC forgery in wolfSSL 5.9.0 and later allows an attacker to authenticate arbitrary tampered messages when HMAC-BLAKE2 is used with keys exceeding the BLAKE2 block size. The wc_Blake2bHmacFinal and wc_Blake2sHmacFinal functions incorrectly reused the running message hash state to process oversized keys, discarding accumulated message data and producing a MAC that depends solely on the key, not the message. No public exploit has been identified at time of analysis, but the integrity failure is straightforward to exploit in any protocol or application that uses wolfSSL HMAC-BLAKE2 with keys longer than 128 bytes (BLAKE2b) or 64 bytes (BLAKE2s).
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered packages install silently because the tarball extraction worker skips hash verification whenever the lockfile resolution has no `integrity` field. An attacker who can both edit `pnpm-lock.yaml` to drop the `integrity:` line and cause the referenced registry URL to serve altered content can push a malicious package through `pnpm install --frozen-lockfile` without any integrity error - a fail-open gap that npm's `npm ci` does not share. Publicly available exploit code exists; EPSS is low (0.12%, 2nd percentile) and the issue is not in CISA KEV.
Signature bypass in Mastodon's ActivityPub federation layer allows remote unauthenticated attackers to falsely attribute article authorship by manipulating the `toot:attributionDomains` property of signed Update activities. Affected are all Mastodon instances running versions 4.3.0 through 4.5.10 or 4.4.x through 4.4.17, where a JSON-LD definition error renders Linked Data Signatures on this specific property non-binding. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the low attack complexity (CVSS AV:N/AC:L/PR:N) and the federated, internet-exposed nature of the protocol make exploitation straightforward for any actor able to send ActivityPub messages.
Linked-Data Signature normalization in Mastodon allows unauthenticated remote attackers to remove JSON entries from valid signed ActivityPub activities, effectively spoofing or distorting federated content attributed to legitimate third-party actors. All Mastodon instances prior to versions 4.5.10, 4.4.17, and 4.3.23 are affected across all maintained release branches. The CVSS vector (AV:N/AC:L/PR:N/UI:N) reflects low-complexity network exploitation with no authentication required; no public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV.
Authentication bypass in Apache APISIX's jwe-decrypt plugin (versions 3.8.0 through 3.16.0) allows unauthenticated network attackers to circumvent JWE token integrity validation and reach services protected by the gateway. The root cause (CWE-354) is improper validation of the JWE authentication tag under the plugin's default configuration, meaning crafted or tampered tokens are accepted as legitimate. No public exploit code and no CISA KEV listing are identified at time of analysis; the vendor-released fix is Apache APISIX 3.17.0.
Denial-of-service in Rockwell Automation 1769 CompactLogix 5370 controllers allows remote unauthenticated attackers to induce a minor fault on the PLC by abusing Connection IDs exposed via the device's web interface and sending forged CIP traffic. The CVSS 4.0 base score of 8.7 reflects high availability impact with no authentication or user interaction required, and no public exploit has been identified at time of analysis.
Integrity-check bypass in OpenSSL 3.4.x, 3.5.x, 3.6.x, and 4.0.0 allows PKCS#12 files protected with PBMAC1 to be accepted even when secured by dangerously short HMAC keys, undermining the authentication of the keystore contents. Vendor patches are available in 3.4.6, 3.5.7, 3.6.3, and 4.0.1, and no public exploit identified at time of analysis; EPSS is 0.00% and the issue is not on the CISA KEV list.
Pre-NVD disclosure via GitHub release 'OpenSSL 4.0.1' (openssl/openssl). OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in `PKCS7_verify()`. ([CVE-2026-45447]) * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. ([CVE-2026-34182]) * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. ([CVE-2026-34183]) * Fixed double-free when checking OCSP stapled respo