Monthly
Web application firewall body-inspection bypass in CrowdSec (the AppSec component, versions 1.5.0 through 1.7.7) lets unauthenticated remote attackers slip malicious payloads past every body-scanning WAF rule. When a request uses HTTP/1.1 'Transfer-Encoding: chunked' or HTTP/2 without a content-length, the parser treats the body as empty, so rules matching REQUEST_BODY, BODY_ARGS, ARGS_POST, JSON, or XML silently fail and the request is forwarded as 'allow' with no WAF log entry. There is no public exploit identified at time of analysis and no KEV listing, but the trigger is trivial - flipping a single framing header - making this a high-confidence protection-mechanism failure rather than a memory-safety bug.
Sandbox escape in OneUptime before 10.0.98 lets an authenticated user break out of the Node.js vm-module isolation that the platform relies on to safely run untrusted logic, gaining code execution in the host context. The vm module was never intended as a security boundary and can be escaped using error objects and infinite recursion, yielding full confidentiality, integrity, and availability impact (CVSS 9.9, scope-changed). No public exploit is identified at time of analysis, but the escape technique is well-documented for the Node.js vm module generally.
{% render %} partial, even when the caller explicitly invoked parseAndRender() with { ownPropertyOnly: true } to lock down the render. The root cause is Context.spawn() failing to propagate the resolved per-render ownPropertyOnly value to child contexts, silently discarding a documented security override. A publicly available proof-of-concept exploit exists demonstrating that top-level {{ user.passwordHash }} is correctly blocked while the identical expression inside a {% render %} partial returns the sensitive value; no vendor-released patch is available at time of analysis.
Sandbox escape in Lumiverse AI chat application versions prior to 0.9.7 allows remote attackers to execute arbitrary JavaScript in a victim's authenticated session by delivering a malicious theme pack (.lumitheme / .lumiverse-theme). The component override system's Sucrase-transpiled TSX sandbox is bypassed via string concatenation of blocked identifiers and DOM ref traversal to retrieve the real window object, defeating both static source validation and runtime global shadowing. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-rgp6-55rw-5xf4) documents the exact bypass technique.
{% do %} tag is permitted. No public exploit identified at time of analysis, but the issue was responsibly disclosed with vendor-confirmed root cause and an upstream patch.
{% sandbox %}{% include %}` tag path allows template authors to access every filter, function, and tag registered in the environment, regardless of the configured SecurityPolicy. This is an incomplete fix for CVE-2024-45411 (GHSA-6j75-5wfj-gh66): the prior fix added an explicit `checkSecurity()` re-invocation in `CoreExtension::include()` but did not update the compiled output of the `{% sandbox %}{% include %}` syntax, leaving it without the same guard. Twig versions prior to 3.26.0 using this deprecated tag in applications that allow user-controlled template authorship are affected. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.
Sandbox escape in Twig 3.9.0-3.25.x allows any attacker with template authoring access to fully bypass `SourcePolicyInterface`-driven security policies, enabling OS command execution via `|map("system")` and secret disclosure via `constant()`. The bypass occurs because `Environment::createTemplate()` compiles inline strings under a synthesized name (`__string_template__<hash>`) that name/path-based `SourcePolicy` implementations do not recognize, causing `checkSecurity()` to silently become a no-op on the inner template. No public exploit has been identified at time of analysis, though the vendor advisory provides sufficient technical detail for reproduction, and the RCE tag confirms the potential impact is critical for affected configurations.
KVM read-only execution isolation bypass in klever-go allows a low-privileged smart contract actor to commit irreversible contract deletion side effects through the `ExecuteReadOnlyWithTypedArguments` hook, violating the expected non-mutating guarantee of read-only calls. Affected are all deployments of klever-go prior to v1.7.17 where smart contract workflows invoke callees through read-only execution paths. A confirmed proof-of-concept was included with the original disclosure, demonstrating that `DeletedAccounts` in VM output transitions from zero entries to one after a read-only nested call - no public exploit is separately circulating and CISA KEV listing is not confirmed at time of analysis.
Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.
ServiceWorker policy enforcement failure in Google Chrome prior to version 148.0.7778.179 enables unauthenticated remote attackers to leak cross-origin data by luring a victim to a crafted HTML page. The vulnerability stems from Chrome's ServiceWorker layer failing to adequately enforce isolation boundaries (CWE-693), allowing a malicious origin to read data it should not have access to under the same-origin policy. No public exploit identified at time of analysis, and the CVSS score of 4.3 reflects limited confidentiality impact; however, the zero-privilege, network-accessible attack vector means any Chrome user browsing a malicious page could be affected.
Web application firewall body-inspection bypass in CrowdSec (the AppSec component, versions 1.5.0 through 1.7.7) lets unauthenticated remote attackers slip malicious payloads past every body-scanning WAF rule. When a request uses HTTP/1.1 'Transfer-Encoding: chunked' or HTTP/2 without a content-length, the parser treats the body as empty, so rules matching REQUEST_BODY, BODY_ARGS, ARGS_POST, JSON, or XML silently fail and the request is forwarded as 'allow' with no WAF log entry. There is no public exploit identified at time of analysis and no KEV listing, but the trigger is trivial - flipping a single framing header - making this a high-confidence protection-mechanism failure rather than a memory-safety bug.
Sandbox escape in OneUptime before 10.0.98 lets an authenticated user break out of the Node.js vm-module isolation that the platform relies on to safely run untrusted logic, gaining code execution in the host context. The vm module was never intended as a security boundary and can be escaped using error objects and infinite recursion, yielding full confidentiality, integrity, and availability impact (CVSS 9.9, scope-changed). No public exploit is identified at time of analysis, but the escape technique is well-documented for the Node.js vm module generally.
{% render %} partial, even when the caller explicitly invoked parseAndRender() with { ownPropertyOnly: true } to lock down the render. The root cause is Context.spawn() failing to propagate the resolved per-render ownPropertyOnly value to child contexts, silently discarding a documented security override. A publicly available proof-of-concept exploit exists demonstrating that top-level {{ user.passwordHash }} is correctly blocked while the identical expression inside a {% render %} partial returns the sensitive value; no vendor-released patch is available at time of analysis.
Sandbox escape in Lumiverse AI chat application versions prior to 0.9.7 allows remote attackers to execute arbitrary JavaScript in a victim's authenticated session by delivering a malicious theme pack (.lumitheme / .lumiverse-theme). The component override system's Sucrase-transpiled TSX sandbox is bypassed via string concatenation of blocked identifiers and DOM ref traversal to retrieve the real window object, defeating both static source validation and runtime global shadowing. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-rgp6-55rw-5xf4) documents the exact bypass technique.
{% do %} tag is permitted. No public exploit identified at time of analysis, but the issue was responsibly disclosed with vendor-confirmed root cause and an upstream patch.
{% sandbox %}{% include %}` tag path allows template authors to access every filter, function, and tag registered in the environment, regardless of the configured SecurityPolicy. This is an incomplete fix for CVE-2024-45411 (GHSA-6j75-5wfj-gh66): the prior fix added an explicit `checkSecurity()` re-invocation in `CoreExtension::include()` but did not update the compiled output of the `{% sandbox %}{% include %}` syntax, leaving it without the same guard. Twig versions prior to 3.26.0 using this deprecated tag in applications that allow user-controlled template authorship are affected. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.
Sandbox escape in Twig 3.9.0-3.25.x allows any attacker with template authoring access to fully bypass `SourcePolicyInterface`-driven security policies, enabling OS command execution via `|map("system")` and secret disclosure via `constant()`. The bypass occurs because `Environment::createTemplate()` compiles inline strings under a synthesized name (`__string_template__<hash>`) that name/path-based `SourcePolicy` implementations do not recognize, causing `checkSecurity()` to silently become a no-op on the inner template. No public exploit has been identified at time of analysis, though the vendor advisory provides sufficient technical detail for reproduction, and the RCE tag confirms the potential impact is critical for affected configurations.
KVM read-only execution isolation bypass in klever-go allows a low-privileged smart contract actor to commit irreversible contract deletion side effects through the `ExecuteReadOnlyWithTypedArguments` hook, violating the expected non-mutating guarantee of read-only calls. Affected are all deployments of klever-go prior to v1.7.17 where smart contract workflows invoke callees through read-only execution paths. A confirmed proof-of-concept was included with the original disclosure, demonstrating that `DeletedAccounts` in VM output transitions from zero entries to one after a read-only nested call - no public exploit is separately circulating and CISA KEV listing is not confirmed at time of analysis.
Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.
ServiceWorker policy enforcement failure in Google Chrome prior to version 148.0.7778.179 enables unauthenticated remote attackers to leak cross-origin data by luring a victim to a crafted HTML page. The vulnerability stems from Chrome's ServiceWorker layer failing to adequately enforce isolation boundaries (CWE-693), allowing a malicious origin to read data it should not have access to under the same-origin policy. No public exploit identified at time of analysis, and the CVSS score of 4.3 reflects limited confidentiality impact; however, the zero-privilege, network-accessible attack vector means any Chrome user browsing a malicious page could be affected.