Information Disclosure
Monthly
Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.
Unauthenticated information disclosure in GPUStack through version 2.2.1 lets remote attackers reach the worker port's unprotected /serveLogs and /debug endpoints to stream live inference logs - including user prompts and model completions - and to alter worker runtime configuration such as log levels and memory profiling output. Because the flaw is missing authentication (CWE-306) on network-exposed endpoints, exploitation requires no credentials and no user interaction; publicly available exploit code exists, though the issue is not listed in CISA KEV. VulnCheck reported it and the vendor fixed it in commit 4e20551.
GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request to smuggle attacker-controlled Docker images into privileged CI/CD pipelines. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted PR code in the preview-docs-build and preview-fastgpt-build workflows are consumed by privileged workflow_run jobs, letting a malicious image be pushed to GHCR and, for documentation previews, deployed to a Kubernetes cluster using the secrets.KUBE_CONFIG_CN credential. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially reachable by any contributor.
SQL injection in MantisBT 2.28.3 and earlier (fixed in 2.28.4) lets an administrator poison the history_order configuration value, which core/history_api.php concatenates unsanitized into an ORDER BY clause; the injected SQL then fires whenever any authenticated user views a bug that has history entries. This converts an administrator's config-write into database-wide data theft (password hashes, cookie_strings, API tokens, private issues) and, where the MySQL account holds the FILE privilege, remote code execution via INTO OUTFILE dropping a PHP webshell in the web root. No public exploit identified at time of analysis; reported by McCaulay Hudson of watchTowr and tracked as GitHub advisory GHSA-mw6p-33vw-46cc.
Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected collaboration endpoints and room-based video devices through improper handling of exceptional conditions (CWE-703). The issue was internally discovered by Cisco's RoomOS engineering team as part of a hardening release bundling multiple flaws under this identifier, carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), and has no public exploit identified at time of analysis. Note that the CVSS vector reflects availability-only impact even though a source tag labels it 'Information Disclosure,' a discrepancy defenders should verify against the Cisco advisory.
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability through improperly validated input, resulting in a high availability impact (CVSS 7.5). The flaw was internally discovered during a Cisco engineering security review and shipped in a software hardening release bundling multiple CWE-20 input-validation issues. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.
Cross-origin credential leakage in Lightpanda, a headless browser built for AI and automation workloads, occurs because fetch() and XMLHttpRequest attach session cookies to every outbound HTTP request regardless of the caller's requested credentials mode. In versions prior to 0.2.9, the credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials controls are all ignored, so attacker-controlled content running inside a Lightpanda session can silently issue authenticated cross-origin requests against any victim origin whose cookies are present in the session's shared cookie jar. There is no public exploit identified at time of analysis and no CISA KEV listing, but the root-cause code fix is public in PR #2155, and the CVSS base score is 9.3.
Business-logic authentication bypass in Postiz self-hosted AI social media scheduler (gitroomhq/postiz-app) before 2.21.8 lets a low-privileged authenticated user grant any organization a lifetime PRO subscription without paying. The Nowpayments IPN (Instant Payment Notification) callback handler never validated the provider's shared-secret signature and trusted the subscription/organization identifier straight from the request body, so an attacker could forge a payment-confirmation callback. No public exploit identified at time of analysis and the issue is not in CISA KEV; it was privately reported and fixed by removing the crypto-payment code path entirely.
Home-directory hijacking in File Browser before 2.63.17 lets an unauthenticated attacker gain full read/write access to another user's files by registering a username that normalizes to a victim's scope. Because cleanUsername() is a many-to-one transform, distinct usernames such as team/one, team one, and team-one collapse to the same home directory, and the signup path never checked whether the derived scope was already owned. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but the fix commit and a regression test are public, making the root cause well understood.
Fullscreen mode in Zen Browser desktop prior to 1.19.13b exposes users to credential-theft phishing by failing to display a persistent, visible security notification when a webpage enters fullscreen. An attacker-controlled page can completely occlude the real browser chrome - including the address bar and origin indicators - then render a convincing imitation of a trusted site's login interface. When combined with long-domain URL eliding, this allows precise origin spoofing; no public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.3 reflects high subsequent-system integrity and confidentiality impacts despite the attack requiring user interaction.
Arbitrary file read in Metabase (versions from 1.57.0 up to the fixed releases) allows an attacker who already holds database-configuration privileges to exfiltrate files from the Metabase server's host filesystem by injecting unsafe JDBC parameters into a MySQL or MariaDB connection. The malicious driver options coerce the JDBC client to read local host files and surface their contents through query results or connection-validation error messages. No public exploit identified at time of analysis; the flaw affects self-hosted and embedded deployments of this open-source BI platform.
Limited memory disclosure and worker-process restart in NGINX Plus and NGINX Open Source arise when the optional ngx_http_slice_module is compiled in and configured alongside unnamed regex captures, or when a background cache update occurs, letting remote attackers trigger uninitialized memory access (CWE-908) in the data plane. The CVSS:4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with no user interaction, scored 8.8. There is no public exploit identified at time of analysis and no CISA KEV listing; F5 has released a patch and the issue does not affect the control plane.
Heap buffer over-read in NGINX Plus's MQTT filter module (ngx_stream_mqtt_filter_module) allows unauthenticated remote attackers to crash the NGINX worker process, causing a brief, recoverable service disruption. The vulnerability is data-plane only - no control plane exposure exists - and exploitation depends partly on runtime conditions outside the attacker's control, reflected by the CVSS 4.0 AT:P metric. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; F5 has released a patch documented in advisory K000162101.
Heap buffer over-read in the ngx_http_ssi_module of NGINX Open Source and NGINX Plus lets an unauthenticated man-in-the-middle attacker who can control upstream responses corrupt worker-process memory or crash the worker, but only in the non-default configuration combining Server-Side Includes, proxy_pass, and proxy_buffering off. The impact is confined to the data plane with no control-plane exposure, yielding limited memory modification and worker restarts (denial of service) rather than full code execution. No public exploit identified at time of analysis, though a vendor patch is available and the flaw carries a CVSS 4.0 score of 8.3.
Flameshot's 'Open With' feature prior to version 14.0.0 contains a TOCTOU (time-of-check to time-of-use) symlink-following race condition that allows a local unprivileged attacker on the same machine to overwrite arbitrary files writable by the victim user. By pre-planting a symlink at the predictable temporary file path before Flameshot writes the screenshot PNG, an attacker can redirect the write operation to any file within the victim's permissions - including configuration files, SSH keys, or application data. No public exploit identified at time of analysis, though the attack is straightforward given the deterministic path; the vendor-confirmed fix is available in v14.0.0.
Cross-context cache disclosure in Directus before 12.0.0 lets share-token holders and anonymous clients receive permission-filtered responses that were cached for a differently-scoped principal, because the cache key omits authorization context. When response caching is enabled, the key derived in api/src/utils/get-cache-key.ts covers only version, path, query, and accountability.user; since share tokens and anonymous requests both collapse to user null, requests to the same URL and query share a cache bucket and skip permission re-evaluation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is a straightforward, config-dependent information-disclosure issue fixed in 12.0.0.
Cross-origin data theft in LightRAG server versions prior to 1.5.4 allows any malicious website to make authenticated, credentialed API calls on behalf of a logged-in victim because the server ships with CORS_ORIGINS=* paired with allow_credentials=True. When an authenticated LightRAG user browses to an attacker-controlled page, that page can silently read documents and knowledge-graph data or issue destructive requests such as deleting the entire document store. No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the fix is confirmed released in version 1.5.4.
Information disclosure in ICU Scandinavia Boomerang (versions prior to 2.4.18.029) lets an unauthenticated attacker retrieve plaintext service-account and SMTP credentials by requesting specific XML configuration files served as static content from the webroot. The exposed credentials enable follow-on compromise of connected mail and service accounts. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; the vendor CVSS 4.0 base score is 7.1 (High).
Uncontrolled memory allocation in Huawei's vibration service crashes affected HarmonyOS and EMUI devices, resulting in a denial-of-service condition impacting device availability. The flaw is remotely triggerable with no privileges required but demands user interaction, consistent with delivery via crafted content such as a malicious application, webpage, or message that exercises the vibration API. No public exploit code or active exploitation has been identified at time of analysis, though Huawei has issued a July 2026 security bulletin addressing the issue.
Local information disclosure in Huawei HarmonyOS and EMUI stems from a flawed permission-control check in the file system, letting a local actor read data that should be access-restricted. Exploitation requires local access plus user interaction (CVSS UI:R), and Huawei's own scoring rates it high impact; no public exploit was identified at time of analysis and it is not listed in CISA KEV. Note the vendor CVSS also asserts integrity and availability impact, which the one-line description (confidentiality only) does not substantiate.
Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.
Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Memory leak in ImageMagick's TIFF encoder - affecting the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51 - allows an attacker or application to cause gradual memory exhaustion by repeatedly supplying an invalid tiff:tile-geometry parameter during TIFF encoding operations. The flaw scores 2.0 under CVSS 4.0 with only low availability impact, a local attack vector, high complexity, and prerequisite conditions, placing it firmly in the low-severity tier. No public exploit code has been identified and the vulnerability is absent from the CISA KEV catalog, indicating no confirmed active exploitation at the time of analysis.
ImageMagick's hough lines operation leaks a small amount of memory when a specific internal sub-operation fails, affecting the 7.x branch before 7.1.2-26 and the 6.x legacy branch before 6.9.13-51. This CWE-401 flaw is locally exploitable only under high attack complexity with specific prerequisites, producing a low availability impact with no confidentiality or integrity consequence - reflected in the CVSS 4.0 score of 2.1. No public exploit or active exploitation has been identified at time of analysis; this is a low-priority maintenance patch with no realistic threat-actor motivation.
ImageMagick's log colorspace color transformation leaks a small amount of memory when the operation fails, affecting versions prior to 7.1.2-26 and 6.9.13-51. The flaw (CWE-401) resides in an error-handling code path that fails to release allocated memory, meaning repeated invocations that trigger failures could contribute to incremental memory exhaustion. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified; the CVSS 4.0 score of 2.1 reflects the highly constrained and low-impact nature of this issue.
ImageMagick's TIFF encoder leaks a small quantity of memory when a temporary file cannot be created during encoding operations, affecting versions 7.x before 7.1.2-26 and 6.x before 6.9.13-51. The CVSS 4.0 score of 2.1 and vector (AV:L/AC:H/AT:P) place this firmly in minimal-severity territory: exploitation is local, requires high complexity, and depends on a platform-specific precondition. No public exploit has been identified, the flaw is not listed in CISA KEV, and the described impact is limited to a small, incremental availability reduction with no confidentiality or integrity consequences.
ImageMagick before 7.1.2-26 (7.x branch) and 6.9.13-51 (6.x branch) discloses one byte of process memory beyond a profile boundary when the `identify` command is run with debug output enabled and the embedded profile ends with a non-printable byte. The out-of-bounds read (CWE-125) is highly conditional - requiring local access, explicit debug mode activation, and a specifically crafted profile payload - keeping real-world impact extremely low despite ImageMagick's broad deployment footprint. No public exploit code or active exploitation has been identified at time of analysis.
Insufficient session invalidation in the Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 renders stolen JWT access tokens permanently valid for up to one hour post-compromise. Because tokens are issued without a jti (JWT ID) claim, the server retains no mechanism to selectively revoke them - meaning logout events, password resets, new token issuance, and even account disablement are all ineffective at terminating an active attacker's session. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; however, the CVSS 4.0 vector (AV:N/AC:L/PR:N) reflects that any attacker already in possession of a token can trivially exploit this revocation gap over the network.
PraisonAI's MCP HTTP-stream transport silently skips authentication when no API key is configured at startup, allowing unauthenticated clients to initialize sessions, enumerate tools via tools/list, and invoke arbitrary tools via tools/call. Affected versions are all releases before 4.6.78. Compounding this, the dispatcher passes tool-call arguments directly to handlers without validating them against the advertised inputSchema, meaning a client can supply malformed or out-of-schema arguments to any registered tool. No public exploit code or CISA KEV listing has been identified at the time of analysis.
Security-policy bypass in PraisonAI before 4.6.78 renders the default Subprocess Sandbox backend inert, so administrator-defined blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are silently ignored. Any actor able to feed instructions into a PraisonAI agent can execute arbitrary subprocess commands, read sensitive files, and perform destructive file operations even though an explicit deny policy is configured. Reported by VulnCheck with a CVSS 4.0 base score of 8.7; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Unauthorized external secret disclosure in n8n before 2.28.1 allows authenticated project editors to read plaintext secret values from external secret managers by embedding references in workflow node expressions. The flaw bypasses the intended access control model: users with project editor roles - who are not granted explicit secrets access permissions - can nonetheless resolve and exfiltrate secrets via expression syntax. No public exploit or active exploitation has been identified, but the CVSS 4.0 vector assigns SC:H (high confidentiality impact on subsequent systems), reflecting that secrets stored in downstream vaults or secret managers are fully exposed to insufficiently privileged users.
Credential inference via timing side-channel is possible in Hono before 4.11.10 when the built-in `basicAuth` or `bearerAuth` middlewares are in use, due to JavaScript's short-circuit `===` string equality operator being used inside the `timingSafeEqual` function for hash comparison. Because `===` terminates on the first differing character, response times vary slightly based on how many leading characters of a credential match the stored hash, enabling an attacker to recover credentials one character at a time through statistical timing analysis. No public exploit has been identified and the vendor GHSA advisory explicitly characterizes this as a hardening improvement with low practical exploitability outside highly controlled, low-jitter network environments.
Unauthenticated organization enumeration in Capgo before 12.128.2 lets attackers abuse the Supabase PostgREST SECURITY DEFINER RPC public.rescind_invitation, which returns distinguishable NO_ORG versus NO_RIGHTS errors when invoked with only a publishable (anon) API key. This oracle lets remote unauthenticated attackers confirm which organization IDs exist, building a target list for follow-on phishing and social engineering. Reported by VulnCheck; no public exploit code and no CISA KEV listing at time of analysis.
Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. Exploitation requires existing local, authenticated access to the cluster, limiting reach to insiders or attackers who have already established a foothold.
Remote command execution in certain ASUS router firmware allows a network man-in-the-middle attacker to force the router to download and run arbitrary commands from a spoofed update/download server. The root cause is a failure to validate both the integrity check value (CWE-354) and the TLS server certificate, so an attacker positioned in the network path can impersonate a legitimate ASUS server. No public exploit identified at time of analysis and the flaw is not in CISA KEV; ASUS self-reported it and rates it critical (CVSS 4.0 9.5), though exploitation requires the attacker to first achieve a MITM position (AT:P).
Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.
Credential theft in ASUS GameSDK allows a remote attacker to capture a local user's NTLM hash by luring them to a crafted web page that abuses a permissive cross-domain policy to send a UNC-path request to GameSDK's local service endpoint. The flaw affects systems running the ASUS GameSDK local service (bundled with ASUS gaming utilities) and requires the victim to visit an attacker-controlled page (UI required); no authentication is needed. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the leaked NTLM material can be relayed or cracked to reach other services.
Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.
Use of a hard-coded, device-shared cryptographic private key in TP-Link Kasa EC71 v4 and EC70 v4 camera firmware lets an adjacent-network attacker impersonate the device's web management service and break its transport encryption. Because the same private key is baked into every unit's read-only filesystem, anyone who extracts it from one firmware image can passively decrypt or actively man-in-the-middle traffic to any other device on the local network without authentication. TP-Link (the reporting vendor) has released fixed firmware; there is no public exploit identified at time of analysis and the CVE is not in CISA KEV.
Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via O_TRUNC, and can happen before full input validation completes (“truncation-before-validation”).
The payment withdrawal approval endpoint in xianyu-auto-reply executes state-changing financial approval actions in response to HTTP GET requests, violating the HTTP safe-method contract and enabling unintended approvals through automated link-prefetching clients. Any low-privileged authenticated user possessing a valid review token can approve withdrawal requests by issuing a GET to /api/v1/payment/withdraw/review?action=approve, and more critically, email clients or mail-security gateways that automatically prefetch URLs can trigger approvals silently when an administrator receives a notification email. A proof-of-concept has been publicly disclosed per CVSS 4.0 E:P; no CISA KEV listing or confirmed active exploitation was identified at time of analysis.
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause a following object write to land outside the destination with attacker-chosen contents. This issue is fixed in version 1.74.4.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.
HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.
Information disclosure in andreimarcu Linx (linx-server) versions 1.0 through 2.3.8 lets remote attackers retrieve sensitive data through the uploadRemote function in upload.go, which fetches attacker-supplied remote URLs on the server's behalf. The flaw carries a CVSS 9.1 rating with a network, unauthenticated, low-complexity vector, so exploitation requires no credentials or user interaction. No public exploit is identified, though a third-party vulnerability report is published for the CVE.
Certificate revocation bypass in forgekeep/nebula-mesh before 0.7.1 lets a blocked, offboarded, or compromised host keep full mesh connectivity because the per-CA blocklist is computed and shipped by the server but never applied by the agent. The agent decodes the updates response's Blocklist field and discards it, and the config generator has no field to emit pki.blocklist, so Nebula's only revocation control never reaches any peer's config.yml. Rated CVSS 8.1; no CISA KEV listing, but a benign proof-of-concept test is published and the fix is available in v0.7.1.
In multi-tenant HTTP mode (`ENABLE_MULTI_TENANT=true`), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope `workflow_versions` backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability. An authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope - for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected. `<= 2.57.3` `2.57.4` Upgrade to n8n-mcp `2.57.4` or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant. - Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it. - Run in stdio mode, which has no multi-tenant HTTP surface. - If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure. Reported by @DavidCarliez.
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this issue, users should upgrade to version 3.4.2.
Cleartext storage of operator session tokens in forgekeep/nebula-mesh (Go) lets anyone with read access to the SQLite operator database hijack every active operator session. The 32-byte hex session token is written verbatim as the PRIMARY KEY of the operator_sessions table and is the exact value carried in the operator's 24-hour session cookie, so a leaked backup, snapshot, file copy, or SQL-level disclosure yields directly-usable credentials with no further authentication. Affects versions <= 0.3.7, fixed in 0.3.8; no public exploit identified at time of analysis and the issue is not in CISA KEV.
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; NVIDIA rates exploitation as high-complexity (AC:H).
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the restricted unpickler that handles model-weight loading, potentially achieving code execution, privilege escalation, data tampering, and information disclosure. The flaw (CWE-502, CVSS 8.4) affects the GPU LLM-inference library and stems from the restricted unpickler failing to fully constrain what can be deserialized from an untrusted model artifact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
The `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target['__proto__']` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. **Scope of real-world risk is limited.** No first-party Feathers package routes input - trusted or untrusted - through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`. Fixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration - the standard remediation used by lodash and others. Avoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates. Reported responsibly by Andrew Ridings (@ridingsa).
Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.0 bearer access tokens provided through a URL query parameter, in addition to the standard Authorization header, which may increase the risk of access token exposure and replay against protected API endpoints. Upgrade auth0/symfony to version 5.9.0 or greater. Okta would like to thank Alex Yeara for their discovery.
Local tampering via symbolic-link following in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the bundled toolchain in Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) allows an authorized local attacker to redirect a privileged file operation to an unintended target, corrupting or replacing files outside their normal permissions. Microsoft (the reporter) has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The high CVSS 3.1 base score of 7.0 is tempered by high attack complexity and the requirement for existing low-level local access.
Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker gain higher privileges by abusing a flawed authentication algorithm implementation (CWE-303). Microsoft reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV. The 8.8 CVSS reflects high confidentiality, integrity, and availability impact reachable over the network with only low prior privileges.
Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Devolutions Server 2026.1.22.0 and 2026.2.11.0 exposes Azure Key Vault client secrets in cleartext within Recovery Kit response files, defeating an explicit 'exclude sensitive data' option that administrators rely on. Any party who obtains a copy of the generated response file can trivially read the credential without any decryption or tooling. No public exploit code exists and the vulnerability is not in CISA KEV; however, because successful exploitation yields a reusable cloud credential, the downstream blast radius in Azure environments substantially exceeds what the 3.3 CVSS base score suggests. A vendor-released patch is available.
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory leak regression in Wasmtime 37.0.0 and 37.0.1 causes permanent host-process memory exhaustion when C/C++ embeddings use `externref` or `anyref` WebAssembly reference types. The refactoring from `ManuallyRooted<T>` to `OwnedRooted<T>` introduced three distinct defects - a no-op typo in `wasmtime_val_unroot`, unreleased return values from host-defined callbacks, and missing C++ destructors - that collectively prevent GC roots from ever being freed, even after the WebAssembly store is destroyed. No public exploit confirmed in CISA KEV; a proof-of-concept is publicly available, but EPSS at 0.18% (7th percentile) and SSVC exploitation status of none indicate minimal active threat.
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.
Information disclosure in Microsoft Active Directory Federation Services (AD FS) lets an authenticated, network-based attacker read memory outside intended bounds and leak sensitive data, per Microsoft's own report of the flaw (tracked in MSRC as CVE-2026-58529). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N, C:H) indicates low-privilege remote exploitation with high confidentiality impact; there is no public exploit identified at time of analysis and it is not on CISA KEV. A vendor patch is available. Note a data discrepancy: the flaw is described as AD FS (a server role) yet the only CPE lists the Windows 11 version 26H1 client - verify affected platforms with Microsoft.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local privilege escalation in the Windows Wireless Networking component affects a broad span of currently supported Windows releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025), letting an already-authenticated local user win a timing race to gain SYSTEM-level control. The flaw is a CWE-362 race condition where improperly synchronized access to a shared resource can be manipulated during a narrow execution window; CVSS 7.8 reflects a high-complexity but high-impact local escalation with a scope change. Microsoft (the reporter) has shipped a patch, and there is no public exploit identified at time of analysis.
Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated attacker to gain SYSTEM-level privileges by triggering a type-confusion (CWE-843) condition. The flaw affects a broad range of supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Reported internally by Microsoft with a vendor patch available; no public exploit identified at time of analysis.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
Elevation of privilege in the Windows SMB implementation allows an authenticated network attacker to win a race condition and gain higher privileges on affected systems, spanning Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw is a concurrency defect (CWE-362) reported by Microsoft with a vendor patch already released; there is no public exploit identified at time of analysis. Note a data conflict: the description and CVSS impacts describe privilege elevation with full confidentiality/integrity/availability impact, while the intelligence tags also label it 'Information Disclosure' — the CVSS vector should be treated as authoritative.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\\.\TdeIo` device interface. IOCTL handlers including `TDE_IOCTL_INDEXIO_READ` and `TDE_IOCTL_INDEXIO_WRITE` permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without authorization checks. A local attacker can abuse this functionality to manipulate hardware registers, tamper with firmware-related interfaces, cause system instability, or establish persistent low-level compromise.
Unauthenticated information disclosure in GPUStack through version 2.2.1 lets remote attackers reach the worker port's unprotected /serveLogs and /debug endpoints to stream live inference logs - including user prompts and model completions - and to alter worker runtime configuration such as log levels and memory profiling output. Because the flaw is missing authentication (CWE-306) on network-exposed endpoints, exploitation requires no credentials and no user interaction; publicly available exploit code exists, though the issue is not listed in CISA KEV. VulnCheck reported it and the vendor fixed it in commit 4e20551.
GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request to smuggle attacker-controlled Docker images into privileged CI/CD pipelines. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted PR code in the preview-docs-build and preview-fastgpt-build workflows are consumed by privileged workflow_run jobs, letting a malicious image be pushed to GHCR and, for documentation previews, deployed to a Kubernetes cluster using the secrets.KUBE_CONFIG_CN credential. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the flaw is trivially reachable by any contributor.
SQL injection in MantisBT 2.28.3 and earlier (fixed in 2.28.4) lets an administrator poison the history_order configuration value, which core/history_api.php concatenates unsanitized into an ORDER BY clause; the injected SQL then fires whenever any authenticated user views a bug that has history entries. This converts an administrator's config-write into database-wide data theft (password hashes, cookie_strings, API tokens, private issues) and, where the MySQL account holds the FILE privilege, remote code execution via INTO OUTFILE dropping a PHP webshell in the web root. No public exploit identified at time of analysis; reported by McCaulay Hudson of watchTowr and tracked as GitHub advisory GHSA-mw6p-33vw-46cc.
Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected collaboration endpoints and room-based video devices through improper handling of exceptional conditions (CWE-703). The issue was internally discovered by Cisco's RoomOS engineering team as part of a hardening release bundling multiple flaws under this identifier, carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), and has no public exploit identified at time of analysis. Note that the CVSS vector reflects availability-only impact even though a source tag labels it 'Information Disclosure,' a discrepancy defenders should verify against the Cisco advisory.
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability through improperly validated input, resulting in a high availability impact (CVSS 7.5). The flaw was internally discovered during a Cisco engineering security review and shipped in a software hardening release bundling multiple CWE-20 input-validation issues. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.
Cross-origin credential leakage in Lightpanda, a headless browser built for AI and automation workloads, occurs because fetch() and XMLHttpRequest attach session cookies to every outbound HTTP request regardless of the caller's requested credentials mode. In versions prior to 0.2.9, the credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials controls are all ignored, so attacker-controlled content running inside a Lightpanda session can silently issue authenticated cross-origin requests against any victim origin whose cookies are present in the session's shared cookie jar. There is no public exploit identified at time of analysis and no CISA KEV listing, but the root-cause code fix is public in PR #2155, and the CVSS base score is 9.3.
Business-logic authentication bypass in Postiz self-hosted AI social media scheduler (gitroomhq/postiz-app) before 2.21.8 lets a low-privileged authenticated user grant any organization a lifetime PRO subscription without paying. The Nowpayments IPN (Instant Payment Notification) callback handler never validated the provider's shared-secret signature and trusted the subscription/organization identifier straight from the request body, so an attacker could forge a payment-confirmation callback. No public exploit identified at time of analysis and the issue is not in CISA KEV; it was privately reported and fixed by removing the crypto-payment code path entirely.
Home-directory hijacking in File Browser before 2.63.17 lets an unauthenticated attacker gain full read/write access to another user's files by registering a username that normalizes to a victim's scope. Because cleanUsername() is a many-to-one transform, distinct usernames such as team/one, team one, and team-one collapse to the same home directory, and the signup path never checked whether the derived scope was already owned. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but the fix commit and a regression test are public, making the root cause well understood.
Fullscreen mode in Zen Browser desktop prior to 1.19.13b exposes users to credential-theft phishing by failing to display a persistent, visible security notification when a webpage enters fullscreen. An attacker-controlled page can completely occlude the real browser chrome - including the address bar and origin indicators - then render a convincing imitation of a trusted site's login interface. When combined with long-domain URL eliding, this allows precise origin spoofing; no public exploit has been identified at time of analysis, and the CVSS 4.0 score of 6.3 reflects high subsequent-system integrity and confidentiality impacts despite the attack requiring user interaction.
Arbitrary file read in Metabase (versions from 1.57.0 up to the fixed releases) allows an attacker who already holds database-configuration privileges to exfiltrate files from the Metabase server's host filesystem by injecting unsafe JDBC parameters into a MySQL or MariaDB connection. The malicious driver options coerce the JDBC client to read local host files and surface their contents through query results or connection-validation error messages. No public exploit identified at time of analysis; the flaw affects self-hosted and embedded deployments of this open-source BI platform.
Limited memory disclosure and worker-process restart in NGINX Plus and NGINX Open Source arise when the optional ngx_http_slice_module is compiled in and configured alongside unnamed regex captures, or when a background cache update occurs, letting remote attackers trigger uninitialized memory access (CWE-908) in the data plane. The CVSS:4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with no user interaction, scored 8.8. There is no public exploit identified at time of analysis and no CISA KEV listing; F5 has released a patch and the issue does not affect the control plane.
Heap buffer over-read in NGINX Plus's MQTT filter module (ngx_stream_mqtt_filter_module) allows unauthenticated remote attackers to crash the NGINX worker process, causing a brief, recoverable service disruption. The vulnerability is data-plane only - no control plane exposure exists - and exploitation depends partly on runtime conditions outside the attacker's control, reflected by the CVSS 4.0 AT:P metric. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; F5 has released a patch documented in advisory K000162101.
Heap buffer over-read in the ngx_http_ssi_module of NGINX Open Source and NGINX Plus lets an unauthenticated man-in-the-middle attacker who can control upstream responses corrupt worker-process memory or crash the worker, but only in the non-default configuration combining Server-Side Includes, proxy_pass, and proxy_buffering off. The impact is confined to the data plane with no control-plane exposure, yielding limited memory modification and worker restarts (denial of service) rather than full code execution. No public exploit identified at time of analysis, though a vendor patch is available and the flaw carries a CVSS 4.0 score of 8.3.
Flameshot's 'Open With' feature prior to version 14.0.0 contains a TOCTOU (time-of-check to time-of-use) symlink-following race condition that allows a local unprivileged attacker on the same machine to overwrite arbitrary files writable by the victim user. By pre-planting a symlink at the predictable temporary file path before Flameshot writes the screenshot PNG, an attacker can redirect the write operation to any file within the victim's permissions - including configuration files, SSH keys, or application data. No public exploit identified at time of analysis, though the attack is straightforward given the deterministic path; the vendor-confirmed fix is available in v14.0.0.
Cross-context cache disclosure in Directus before 12.0.0 lets share-token holders and anonymous clients receive permission-filtered responses that were cached for a differently-scoped principal, because the cache key omits authorization context. When response caching is enabled, the key derived in api/src/utils/get-cache-key.ts covers only version, path, query, and accountability.user; since share tokens and anonymous requests both collapse to user null, requests to the same URL and query share a cache bucket and skip permission re-evaluation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is a straightforward, config-dependent information-disclosure issue fixed in 12.0.0.
Cross-origin data theft in LightRAG server versions prior to 1.5.4 allows any malicious website to make authenticated, credentialed API calls on behalf of a logged-in victim because the server ships with CORS_ORIGINS=* paired with allow_credentials=True. When an authenticated LightRAG user browses to an attacker-controlled page, that page can silently read documents and knowledge-graph data or issue destructive requests such as deleting the entire document store. No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the fix is confirmed released in version 1.5.4.
Information disclosure in ICU Scandinavia Boomerang (versions prior to 2.4.18.029) lets an unauthenticated attacker retrieve plaintext service-account and SMTP credentials by requesting specific XML configuration files served as static content from the webroot. The exposed credentials enable follow-on compromise of connected mail and service accounts. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; the vendor CVSS 4.0 base score is 7.1 (High).
Uncontrolled memory allocation in Huawei's vibration service crashes affected HarmonyOS and EMUI devices, resulting in a denial-of-service condition impacting device availability. The flaw is remotely triggerable with no privileges required but demands user interaction, consistent with delivery via crafted content such as a malicious application, webpage, or message that exercises the vibration API. No public exploit code or active exploitation has been identified at time of analysis, though Huawei has issued a July 2026 security bulletin addressing the issue.
Local information disclosure in Huawei HarmonyOS and EMUI stems from a flawed permission-control check in the file system, letting a local actor read data that should be access-restricted. Exploitation requires local access plus user interaction (CVSS UI:R), and Huawei's own scoring rates it high impact; no public exploit was identified at time of analysis and it is not listed in CISA KEV. Note the vendor CVSS also asserts integrity and availability impact, which the one-line description (confidentiality only) does not substantiate.
Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.
Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Memory leak in ImageMagick's TIFF encoder - affecting the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51 - allows an attacker or application to cause gradual memory exhaustion by repeatedly supplying an invalid tiff:tile-geometry parameter during TIFF encoding operations. The flaw scores 2.0 under CVSS 4.0 with only low availability impact, a local attack vector, high complexity, and prerequisite conditions, placing it firmly in the low-severity tier. No public exploit code has been identified and the vulnerability is absent from the CISA KEV catalog, indicating no confirmed active exploitation at the time of analysis.
ImageMagick's hough lines operation leaks a small amount of memory when a specific internal sub-operation fails, affecting the 7.x branch before 7.1.2-26 and the 6.x legacy branch before 6.9.13-51. This CWE-401 flaw is locally exploitable only under high attack complexity with specific prerequisites, producing a low availability impact with no confidentiality or integrity consequence - reflected in the CVSS 4.0 score of 2.1. No public exploit or active exploitation has been identified at time of analysis; this is a low-priority maintenance patch with no realistic threat-actor motivation.
ImageMagick's log colorspace color transformation leaks a small amount of memory when the operation fails, affecting versions prior to 7.1.2-26 and 6.9.13-51. The flaw (CWE-401) resides in an error-handling code path that fails to release allocated memory, meaning repeated invocations that trigger failures could contribute to incremental memory exhaustion. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified; the CVSS 4.0 score of 2.1 reflects the highly constrained and low-impact nature of this issue.
ImageMagick's TIFF encoder leaks a small quantity of memory when a temporary file cannot be created during encoding operations, affecting versions 7.x before 7.1.2-26 and 6.x before 6.9.13-51. The CVSS 4.0 score of 2.1 and vector (AV:L/AC:H/AT:P) place this firmly in minimal-severity territory: exploitation is local, requires high complexity, and depends on a platform-specific precondition. No public exploit has been identified, the flaw is not listed in CISA KEV, and the described impact is limited to a small, incremental availability reduction with no confidentiality or integrity consequences.
ImageMagick before 7.1.2-26 (7.x branch) and 6.9.13-51 (6.x branch) discloses one byte of process memory beyond a profile boundary when the `identify` command is run with debug output enabled and the embedded profile ends with a non-printable byte. The out-of-bounds read (CWE-125) is highly conditional - requiring local access, explicit debug mode activation, and a specifically crafted profile payload - keeping real-world impact extremely low despite ImageMagick's broad deployment footprint. No public exploit code or active exploitation has been identified at time of analysis.
Insufficient session invalidation in the Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 renders stolen JWT access tokens permanently valid for up to one hour post-compromise. Because tokens are issued without a jti (JWT ID) claim, the server retains no mechanism to selectively revoke them - meaning logout events, password resets, new token issuance, and even account disablement are all ineffective at terminating an active attacker's session. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; however, the CVSS 4.0 vector (AV:N/AC:L/PR:N) reflects that any attacker already in possession of a token can trivially exploit this revocation gap over the network.
PraisonAI's MCP HTTP-stream transport silently skips authentication when no API key is configured at startup, allowing unauthenticated clients to initialize sessions, enumerate tools via tools/list, and invoke arbitrary tools via tools/call. Affected versions are all releases before 4.6.78. Compounding this, the dispatcher passes tool-call arguments directly to handlers without validating them against the advertised inputSchema, meaning a client can supply malformed or out-of-schema arguments to any registered tool. No public exploit code or CISA KEV listing has been identified at the time of analysis.
Security-policy bypass in PraisonAI before 4.6.78 renders the default Subprocess Sandbox backend inert, so administrator-defined blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are silently ignored. Any actor able to feed instructions into a PraisonAI agent can execute arbitrary subprocess commands, read sensitive files, and perform destructive file operations even though an explicit deny policy is configured. Reported by VulnCheck with a CVSS 4.0 base score of 8.7; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Unauthorized external secret disclosure in n8n before 2.28.1 allows authenticated project editors to read plaintext secret values from external secret managers by embedding references in workflow node expressions. The flaw bypasses the intended access control model: users with project editor roles - who are not granted explicit secrets access permissions - can nonetheless resolve and exfiltrate secrets via expression syntax. No public exploit or active exploitation has been identified, but the CVSS 4.0 vector assigns SC:H (high confidentiality impact on subsequent systems), reflecting that secrets stored in downstream vaults or secret managers are fully exposed to insufficiently privileged users.
Credential inference via timing side-channel is possible in Hono before 4.11.10 when the built-in `basicAuth` or `bearerAuth` middlewares are in use, due to JavaScript's short-circuit `===` string equality operator being used inside the `timingSafeEqual` function for hash comparison. Because `===` terminates on the first differing character, response times vary slightly based on how many leading characters of a credential match the stored hash, enabling an attacker to recover credentials one character at a time through statistical timing analysis. No public exploit has been identified and the vendor GHSA advisory explicitly characterizes this as a hardening improvement with low practical exploitability outside highly controlled, low-jitter network environments.
Unauthenticated organization enumeration in Capgo before 12.128.2 lets attackers abuse the Supabase PostgREST SECURITY DEFINER RPC public.rescind_invitation, which returns distinguishable NO_ORG versus NO_RIGHTS errors when invoked with only a publishable (anon) API key. This oracle lets remote unauthenticated attackers confirm which organization IDs exist, building a target list for follow-on phishing and social engineering. Reported by VulnCheck; no public exploit code and no CISA KEV listing at time of analysis.
Local information disclosure in Dell PowerScale OneFS (9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2) arises from sensitive data being written to log files, allowing a low-privileged local user to read secrets they should not access. Dell reported the issue (advisory DSA-2026-261) with no public exploit identified at time of analysis. Exploitation requires existing local, authenticated access to the cluster, limiting reach to insiders or attackers who have already established a foothold.
Remote command execution in certain ASUS router firmware allows a network man-in-the-middle attacker to force the router to download and run arbitrary commands from a spoofed update/download server. The root cause is a failure to validate both the integrity check value (CWE-354) and the TLS server certificate, so an attacker positioned in the network path can impersonate a legitimate ASUS server. No public exploit identified at time of analysis and the flaw is not in CISA KEV; ASUS self-reported it and rates it critical (CVSS 4.0 9.5), though exploitation requires the attacker to first achieve a MITM position (AT:P).
Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.
Credential theft in ASUS GameSDK allows a remote attacker to capture a local user's NTLM hash by luring them to a crafted web page that abuses a permissive cross-domain policy to send a UNC-path request to GameSDK's local service endpoint. The flaw affects systems running the ASUS GameSDK local service (bundled with ASUS gaming utilities) and requires the victim to visit an attacker-controlled page (UI required); no authentication is needed. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the leaked NTLM material can be relayed or cracked to reach other services.
Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.
Use of a hard-coded, device-shared cryptographic private key in TP-Link Kasa EC71 v4 and EC70 v4 camera firmware lets an adjacent-network attacker impersonate the device's web management service and break its transport encryption. Because the same private key is baked into every unit's read-only filesystem, anyone who extracts it from one firmware image can passively decrypt or actively man-in-the-middle traffic to any other device on the local network without authentication. TP-Link (the reporting vendor) has released fixed firmware; there is no public exploit identified at time of analysis and the CVE is not in CISA KEV.
Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via O_TRUNC, and can happen before full input validation completes (“truncation-before-validation”).
The payment withdrawal approval endpoint in xianyu-auto-reply executes state-changing financial approval actions in response to HTTP GET requests, violating the HTTP safe-method contract and enabling unintended approvals through automated link-prefetching clients. Any low-privileged authenticated user possessing a valid review token can approve withdrawal requests by issuing a GET to /api/v1/payment/withdraw/review?action=approve, and more critically, email clients or mail-security gateways that automatically prefetch URLs can trigger approvals silently when an administrator receives a notification email. A proof-of-concept has been publicly disclosed per CVSS 4.0 E:P; no CISA KEV listing or confirmed active exploitation was identified at time of analysis.
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause a following object write to land outside the destination with attacker-chosen contents. This issue is fixed in version 1.74.4.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.
HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service.
Information disclosure in andreimarcu Linx (linx-server) versions 1.0 through 2.3.8 lets remote attackers retrieve sensitive data through the uploadRemote function in upload.go, which fetches attacker-supplied remote URLs on the server's behalf. The flaw carries a CVSS 9.1 rating with a network, unauthenticated, low-complexity vector, so exploitation requires no credentials or user interaction. No public exploit is identified, though a third-party vulnerability report is published for the CVE.
Certificate revocation bypass in forgekeep/nebula-mesh before 0.7.1 lets a blocked, offboarded, or compromised host keep full mesh connectivity because the per-CA blocklist is computed and shipped by the server but never applied by the agent. The agent decodes the updates response's Blocklist field and discards it, and the config generator has no field to emit pki.blocklist, so Nebula's only revocation control never reaches any peer's config.yml. Rated CVSS 8.1; no CISA KEV listing, but a benign proof-of-concept test is published and the fix is available in v0.7.1.
In multi-tenant HTTP mode (`ENABLE_MULTI_TENANT=true`), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope `workflow_versions` backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability. An authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope - for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected. `<= 2.57.3` `2.57.4` Upgrade to n8n-mcp `2.57.4` or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant. - Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it. - Run in stdio mode, which has no multi-tenant HTTP surface. - If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure. Reported by @DavidCarliez.
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this issue, users should upgrade to version 3.4.2.
Cleartext storage of operator session tokens in forgekeep/nebula-mesh (Go) lets anyone with read access to the SQLite operator database hijack every active operator session. The 32-byte hex session token is written verbatim as the PRIMARY KEY of the operator_sessions table and is the exact value carried in the operator's 24-hour session cookie, so a leaked backup, snapshot, file copy, or SQL-level disclosure yields directly-usable credentials with no further authentication. Affects versions <= 0.3.7, fixed in 0.3.8; no public exploit identified at time of analysis and the issue is not in CISA KEV.
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; NVIDIA rates exploitation as high-complexity (AC:H).
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the restricted unpickler that handles model-weight loading, potentially achieving code execution, privilege escalation, data tampering, and information disclosure. The flaw (CWE-502, CVSS 8.4) affects the GPU LLM-inference library and stems from the restricted unpickler failing to fully constrain what can be deserialized from an untrusted model artifact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
The `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target['__proto__']` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. **Scope of real-world risk is limited.** No first-party Feathers package routes input - trusted or untrusted - through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`. Fixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration - the standard remediation used by lodash and others. Avoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates. Reported responsibly by Andrew Ridings (@ridingsa).
Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.0 bearer access tokens provided through a URL query parameter, in addition to the standard Authorization header, which may increase the risk of access token exposure and replay against protected API endpoints. Upgrade auth0/symfony to version 5.9.0 or greater. Okta would like to thank Alex Yeara for their discovery.
Local tampering via symbolic-link following in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the bundled toolchain in Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) allows an authorized local attacker to redirect a privileged file operation to an unintended target, corrupting or replacing files outside their normal permissions. Microsoft (the reporter) has released a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The high CVSS 3.1 base score of 7.0 is tempered by high attack complexity and the requirement for existing low-level local access.
Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker gain higher privileges by abusing a flawed authentication algorithm implementation (CWE-303). Microsoft reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV. The 8.8 CVSS reflects high confidentiality, integrity, and availability impact reachable over the network with only low prior privileges.
Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Devolutions Server 2026.1.22.0 and 2026.2.11.0 exposes Azure Key Vault client secrets in cleartext within Recovery Kit response files, defeating an explicit 'exclude sensitive data' option that administrators rely on. Any party who obtains a copy of the generated response file can trivially read the credential without any decryption or tooling. No public exploit code exists and the vulnerability is not in CISA KEV; however, because successful exploitation yields a reusable cloud credential, the downstream blast radius in Azure environments substantially exceeds what the 3.3 CVSS base score suggests. A vendor-released patch is available.
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory leak regression in Wasmtime 37.0.0 and 37.0.1 causes permanent host-process memory exhaustion when C/C++ embeddings use `externref` or `anyref` WebAssembly reference types. The refactoring from `ManuallyRooted<T>` to `OwnedRooted<T>` introduced three distinct defects - a no-op typo in `wasmtime_val_unroot`, unreleased return values from host-defined callbacks, and missing C++ destructors - that collectively prevent GC roots from ever being freed, even after the WebAssembly store is destroyed. No public exploit confirmed in CISA KEV; a proof-of-concept is publicly available, but EPSS at 0.18% (7th percentile) and SSVC exploitation status of none indicate minimal active threat.
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a stack buffer overflow in the entry handler of the TraceEvent() system call, affecting QNX Software Development Platform, QNX OS for Safety, and QNX OS for Medical. An attacker able to run code on the target can craft malicious TraceEvent() arguments to corrupt kernel stack memory, leaking sensitive kernel data, altering kernel state, or crashing the RTOS. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; exploitation is rated high-complexity (AC:H) despite requiring no prior privileges.
Information disclosure in Microsoft Active Directory Federation Services (AD FS) lets an authenticated, network-based attacker read memory outside intended bounds and leak sensitive data, per Microsoft's own report of the flaw (tracked in MSRC as CVE-2026-58529). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N, C:H) indicates low-privilege remote exploitation with high confidentiality impact; there is no public exploit identified at time of analysis and it is not on CISA KEV. A vendor patch is available. Note a data discrepancy: the flaw is described as AD FS (a server role) yet the only CPE lists the Windows 11 version 26H1 client - verify affected platforms with Microsoft.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Local privilege escalation in the Windows Wireless Networking component affects a broad span of currently supported Windows releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025), letting an already-authenticated local user win a timing race to gain SYSTEM-level control. The flaw is a CWE-362 race condition where improperly synchronized access to a shared resource can be manipulated during a narrow execution window; CVSS 7.8 reflects a high-complexity but high-impact local escalation with a scope change. Microsoft (the reporter) has shipped a patch, and there is no public exploit identified at time of analysis.
Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated attacker to gain SYSTEM-level privileges by triggering a type-confusion (CWE-843) condition. The flaw affects a broad range of supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Reported internally by Microsoft with a vendor patch available; no public exploit identified at time of analysis.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
Elevation of privilege in the Windows SMB implementation allows an authenticated network attacker to win a race condition and gain higher privileges on affected systems, spanning Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw is a concurrency defect (CWE-362) reported by Microsoft with a vendor patch already released; there is no public exploit identified at time of analysis. Note a data conflict: the description and CVSS impacts describe privilege elevation with full confidentiality/integrity/availability impact, while the intelligence tags also label it 'Information Disclosure' — the CVSS vector should be treated as authoritative.
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.