Monthly
Server-Side Request Forgery in NocoDB (npm/nocodb <= 0.301.3) allowed unauthenticated remote attackers to coerce the NocoDB server process into issuing arbitrary outbound HTTP requests, including to RFC 1918 internal services, cloud metadata endpoints, and loopback addresses. The attack exploited two compounding weaknesses: the spreadsheet-import endpoint `axiosRequestMake` required no authentication, and its file-extension allowlist regex was evaluated against the full URL string rather than the pathname alone, making bypass trivial by appending `?.csv` to any URL's query string. No public exploit has been identified at time of analysis, though the bypass technique is explicitly described in the GitHub Security Lab advisory GHSA-hmcr-rmjq-47qr and is trivially reproducible.
Cross-namespace package reference flaw in Fission prior to version 1.24.0 allows an authenticated tenant to point a Package CRD at an Environment in another namespace, because the buildermgr controller never verified that Package.spec.environment.namespace matched Package.metadata.namespace. With CVSS 7.7 and a scope-changed confidentiality impact, a low-privileged user in one namespace can cause the controller to read and build against environment resources belonging to other tenants. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthenticated LAN-to-WAN admin panel exposure in Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 allows any device on the local network to publish the router's own administrative interface to the public internet via a single UPnP SOAP request. Because the device fails to reject loopback and its own LAN IP as the InternalClient in AddPortMapping requests, an attacker can pivot a temporary LAN foothold into a permanent, internet-reachable management plane exposure. No public exploit is identified at time of analysis, but the technique is trivial and well-documented in the referenced advisory.
Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged app to bypass activity start restrictions through a confused deputy flaw in getCallingPackageName of Shared.java. No user interaction is required, and exploitation can yield high impact to confidentiality, integrity, and availability. No public exploit is identified at time of analysis, and SSVC indicates no observed exploitation in the wild.
Local privilege escalation in Google Android 14's PipTaskOrganizer component allows a low-privileged app to launch activities from the background by abusing a confused deputy condition, requiring no user interaction. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low privileges, and per the available data there is no public exploit identified at time of analysis (EPSS 0.01%, not on CISA KEV).
Man-in-the-middle interception in the Axios HTTP client library (all versions through 1.15.x) allows any prototype pollution elsewhere in the Node.js dependency tree to be escalated into full traffic hijacking. Because `config.proxy` is not defined in Axios defaults, `lib/adapters/http.js` reads it via prototype-chain traversal - letting an attacker who controls `Object.prototype.proxy` silently route every outbound HTTPS/HTTP request through their server, harvesting Authorization headers, cookies, and request bodies while tampering with responses. Publicly available exploit code exists in the disclosure; no public exploit identified at time of analysis in the wild and not on CISA KEV.
PyJWKClient in PyJWT prior to 2.13.0 passes attacker-influenced URIs directly to Python's urllib.request.urlopen() without restricting URI schemes, enabling Server-Side Request Forgery (SSRF) across file://, FTP, and data-URI schemes against applications that accept untrusted jku values. Affected deployments include any Python application using PyJWKClient where the jku URL originates from a JWT header, OAuth flow parameter, or externally influenced configuration. No public exploit exists and no CISA KEV listing is present; real-world exploitation is constrained by a CVSS-confirmed high attack complexity (AC:H) and required user interaction (UI:R), making opportunistic mass exploitation unlikely.
GitLab's Jira integration exposes out-of-scope Jira issues to authenticated GitLab users across all editions (CE and EE) from version 13.7 through the patched releases, due to the integration's project-scope filter operating only as a UI display control rather than an enforced access boundary. The Changed scope (S:C) in the CVSS vector reflects that impact crosses into Atlassian Jira - a component outside GitLab's own trust domain - allowing confidential Jira issue data to leak beyond intended project boundaries. No public exploit exists and no active exploitation has been confirmed; EPSS is negligible at 0.01% (3rd percentile), placing this firmly in low-exploitation-probability territory despite a broad version range spanning over five years of releases.
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors, enabling local attackers with workspace access to redirect runtime traffic to malicious endpoints. The vulnerability requires local access and user interaction but allows high confidentiality impact through traffic interception. No active exploitation has been identified, but a vendor-released patch is available.
OpenClaw versions 2026.4.5 through 2026.4.19 allow local attackers with user privileges to redirect credentialed MiniMax API requests to attacker-controlled servers via environment variable injection in workspace dotenv files, exposing MiniMax API keys in Authorization headers. The vulnerability requires user interaction (opening a malicious workspace) and local access but achieves high confidentiality impact by exfiltrating sensitive API credentials.
Server-Side Request Forgery in NocoDB (npm/nocodb <= 0.301.3) allowed unauthenticated remote attackers to coerce the NocoDB server process into issuing arbitrary outbound HTTP requests, including to RFC 1918 internal services, cloud metadata endpoints, and loopback addresses. The attack exploited two compounding weaknesses: the spreadsheet-import endpoint `axiosRequestMake` required no authentication, and its file-extension allowlist regex was evaluated against the full URL string rather than the pathname alone, making bypass trivial by appending `?.csv` to any URL's query string. No public exploit has been identified at time of analysis, though the bypass technique is explicitly described in the GitHub Security Lab advisory GHSA-hmcr-rmjq-47qr and is trivially reproducible.
Cross-namespace package reference flaw in Fission prior to version 1.24.0 allows an authenticated tenant to point a Package CRD at an Environment in another namespace, because the buildermgr controller never verified that Package.spec.environment.namespace matched Package.metadata.namespace. With CVSS 7.7 and a scope-changed confidentiality impact, a low-privileged user in one namespace can cause the controller to read and build against environment resources belonging to other tenants. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthenticated LAN-to-WAN admin panel exposure in Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 allows any device on the local network to publish the router's own administrative interface to the public internet via a single UPnP SOAP request. Because the device fails to reject loopback and its own LAN IP as the InternalClient in AddPortMapping requests, an attacker can pivot a temporary LAN foothold into a permanent, internet-reachable management plane exposure. No public exploit is identified at time of analysis, but the technique is trivial and well-documented in the referenced advisory.
Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged app to bypass activity start restrictions through a confused deputy flaw in getCallingPackageName of Shared.java. No user interaction is required, and exploitation can yield high impact to confidentiality, integrity, and availability. No public exploit is identified at time of analysis, and SSVC indicates no observed exploitation in the wild.
Local privilege escalation in Google Android 14's PipTaskOrganizer component allows a low-privileged app to launch activities from the background by abusing a confused deputy condition, requiring no user interaction. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low privileges, and per the available data there is no public exploit identified at time of analysis (EPSS 0.01%, not on CISA KEV).
Man-in-the-middle interception in the Axios HTTP client library (all versions through 1.15.x) allows any prototype pollution elsewhere in the Node.js dependency tree to be escalated into full traffic hijacking. Because `config.proxy` is not defined in Axios defaults, `lib/adapters/http.js` reads it via prototype-chain traversal - letting an attacker who controls `Object.prototype.proxy` silently route every outbound HTTPS/HTTP request through their server, harvesting Authorization headers, cookies, and request bodies while tampering with responses. Publicly available exploit code exists in the disclosure; no public exploit identified at time of analysis in the wild and not on CISA KEV.
PyJWKClient in PyJWT prior to 2.13.0 passes attacker-influenced URIs directly to Python's urllib.request.urlopen() without restricting URI schemes, enabling Server-Side Request Forgery (SSRF) across file://, FTP, and data-URI schemes against applications that accept untrusted jku values. Affected deployments include any Python application using PyJWKClient where the jku URL originates from a JWT header, OAuth flow parameter, or externally influenced configuration. No public exploit exists and no CISA KEV listing is present; real-world exploitation is constrained by a CVSS-confirmed high attack complexity (AC:H) and required user interaction (UI:R), making opportunistic mass exploitation unlikely.
GitLab's Jira integration exposes out-of-scope Jira issues to authenticated GitLab users across all editions (CE and EE) from version 13.7 through the patched releases, due to the integration's project-scope filter operating only as a UI display control rather than an enforced access boundary. The Changed scope (S:C) in the CVSS vector reflects that impact crosses into Atlassian Jira - a component outside GitLab's own trust domain - allowing confidential Jira issue data to leak beyond intended project boundaries. No public exploit exists and no active exploitation has been confirmed; EPSS is negligible at 0.01% (3rd percentile), placing this firmly in low-exploitation-probability territory despite a broad version range spanning over five years of releases.
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors, enabling local attackers with workspace access to redirect runtime traffic to malicious endpoints. The vulnerability requires local access and user interaction but allows high confidentiality impact through traffic interception. No active exploitation has been identified, but a vendor-released patch is available.
OpenClaw versions 2026.4.5 through 2026.4.19 allow local attackers with user privileges to redirect credentialed MiniMax API requests to attacker-controlled servers via environment variable injection in workspace dotenv files, exposing MiniMax API keys in Authorization headers. The vulnerability requires user interaction (opening a malicious workspace) and local access but achieves high confidentiality impact by exfiltrating sensitive API credentials.