Skip to main content

CWE-501

Trust Boundary Violation

18 CVEs Avg CVSS 7.3 MITRE
4
CRITICAL
6
HIGH
7
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-33828 HIGH PATCH NEWS This Week

Local privilege escalation in Microsoft Windows Attestation allows an authenticated local user with low privileges to gain elevated permissions on the host through a trust boundary violation (CWE-501). The flaw is rated CVSS 7.8 with high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. The issue is tagged as Information Disclosure by the reporter, but the CVSS vector indicates full system compromise potential once exploited.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24153 MEDIUM This Month

Information disclosure in NVIDIA Jetson Linux affects Xavier, Orin, and Thor series devices due to the nvluks trusted application remaining enabled in initrd. A local attacker with physical access and low-level privileges can exploit this to read sensitive data from the device, as confirmed by CWE-501 (CLS: Malicious Code Not Included in Executable) indicating improper access control to privileged components. CVSS 5.2 reflects the high confidentiality impact but requires physical attack vector and authenticated access; no public exploit or CISA KEV status reported.

Information Disclosure Nvidia
NVD VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-25725 npm CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE Docker Linux +2
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-49714 HIGH PATCH This Week

A security vulnerability in Trust boundary violation in Visual Studio Code - Python extension (CVSS 7.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Python Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48938 Go LOW PATCH Monitor

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Go Gh
NVD GitHub
CVSS 4.0
2.6
EPSS
0.4%
CVE-2025-1118 MEDIUM PATCH This Month

GRUB2 bootloader fails to enforce lockdown mode restrictions on the dump command, allowing local privileged users to read arbitrary memory contents and extract sensitive cryptographic material including signatures, salts, and other secrets. Grub2 is affected across multiple Linux distributions including Red Hat Enterprise Linux and SUSE Linux Enterprise. The vulnerability carries a CVSS score of 4.4 with a low EPSS exploitation probability of 0.05% (14th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-49050 HIGH PATCH This Week

Visual Studio Code Python Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-20265 MEDIUM This Month

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-1725 Go MEDIUM PATCH This Month

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Openshift Container Platform For Arm64 Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-23682 Maven HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Attestation allows an authenticated local user with low privileges to gain elevated permissions on the host through a trust boundary violation (CWE-501). The flaw is rated CVSS 7.8 with high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. The issue is tagged as Information Disclosure by the reporter, but the CVSS vector indicates full system compromise potential once exploited.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM This Month

Information disclosure in NVIDIA Jetson Linux affects Xavier, Orin, and Thor series devices due to the nvluks trusted application remaining enabled in initrd. A local attacker with physical access and low-level privileges can exploit this to read sensitive data from the device, as confirmed by CWE-501 (CLS: Malicious Code Not Included in Executable) indicating improper access control to privileged components. CVSS 5.2 reflects the high confidentiality impact but requires physical attack vector and authenticated access; no public exploit or CISA KEV status reported.

Information Disclosure Nvidia
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE +4
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A security vulnerability in Trust boundary violation in Visual Studio Code - Python extension (CVSS 7.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Python Authentication Bypass
NVD
EPSS 0% CVSS 2.6
LOW PATCH Monitor

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Go Gh
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

GRUB2 bootloader fails to enforce lockdown mode restrictions on the dump command, allowing local privileged users to read arbitrary memory contents and extract sensitive cryptographic material including signatures, salts, and other secrets. Grub2 is affected across multiple Linux distributions including Red Hat Enterprise Linux and SUSE Linux Enterprise. The vulnerability carries a CVSS score of 4.4 with a low EPSS exploitation probability of 0.05% (14th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Visual Studio Code Python Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Openshift Container Platform For Arm64 +3
NVD
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy