Information Disclosure
Monthly
Arbitrary MongoDB collection disclosure in cve-search allows a remote, unauthenticated attacker to read any application database collection through the POST /fetch_cve_data endpoint by manipulating the collection name, projected fields, and regex filter parameters. Attackers can dump the mgmt_users collection to harvest administrative usernames and password hashes for offline cracking. Publicly available exploit code exists (referenced in the project issue tracker) and a vendor patch is available, though no active exploitation has been reported.
Weak hashing in LangGraph's Task Result Cache exposes low-privilege authenticated users to hash collision attacks that can leak cached task results across isolation boundaries. All LangGraph versions through 1.2.4 are affected via the `_freeze` function in `libs/langgraph/langgraph/_internal/_cache.py`. A public proof-of-concept is disclosed at GitHub issue #8009, though the CVSS 4.0 score of 2.3 and AC:H rating reflect genuinely high exploitation difficulty; this is not listed in CISA KEV and no active exploitation has been reported.
Weak hashing in exo-explore exo up to version 1.0.71 exposes the Vision Feature Cache to hash collision attacks via the `_image_cache_key` function in `src/exo/worker/engines/mlx/vision.py`. A remote, unauthenticated attacker capable of engineering the necessary collision inputs could disclose cached vision feature data, yielding a low confidentiality impact. Publicly available exploit code exists (referenced in GitHub issue #2151), though high attack complexity (AC:H) and the absence of a CISA KEV listing indicate no confirmed widespread active exploitation at time of analysis.
Insufficient session expiration in SourceCodester Online Boat Reservation System 1.0 allows a remote, low-privileged attacker to reuse a previously issued session token after it should have been invalidated, gaining unauthorized access to authenticated application functionality. The CWE-613 root cause indicates the application fails to properly terminate sessions on logout or timeout. A publicly available exploit demonstrates the flaw, as confirmed by a Medium writeup linked in the references.
Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. No active exploitation has been confirmed (not in CISA KEV), though a proof-of-concept is publicly available; the overall risk is low given the local-only, high-complexity attack requirements reflected in the CVSS 4.0 score of 2.0.
Symlink following in zcaceres markdownify-mcp up to version 1.1.0 allows a local low-privilege user to read files outside the intended directory boundary by exploiting insufficient path resolution in the `assertPathAllowed` function of `src/Markdownify.ts`. The function evaluates the user-supplied symbolic path rather than its canonicalized target, enabling an attacker to bypass the path restriction check and disclose arbitrary local files. No public exploit code exists at time of analysis, the vulnerability is not listed in CISA KEV, and a fix is pending as an unmerged pull request.
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
Partial string comparison in BettaFish's InsightEngine deduplication logic (versions up to 1.2.1) allows remote unauthenticated attackers to manipulate search-result deduplication by crafting inputs that exploit the flawed comparison in `_deduplicate_results` within `InsightEngine/agent.py`. The integrity impact is limited - attackers can cause duplicate or otherwise manipulated entries to persist in search output - but the attack requires no authentication and no user interaction, and a public proof-of-concept exploit exists. No active exploitation has been confirmed by CISA KEV; a fix pull request (PR #689) has been submitted but not yet merged.
State corruption in HdrHistogram up to version 2.2.2 allows a local, low-privileged attacker to manipulate the Count argument of the recordValueWithCount function in AbstractHistogram.java, resulting in low-integrity corruption of histogram state. The flaw affects the core metrics-recording logic of this Java library. A proof-of-concept exploit has been publicly disclosed; the project maintainer was notified via a GitHub issue but has not yet responded with a fix, leaving affected deployments without a vendor patch.
Incorrect comparison in HdrHistogram's DoubleHistogram.recordValue() range check allows a local, low-privileged attacker to manipulate histogram integrity by recording out-of-range values that bypass the bounds check. Versions up to and including 2.2.2 are affected. No public exploit identified at time of analysis - publicly available exploit code exists, and the project maintainer has not responded to the responsible disclosure, leaving the vulnerability unpatched.
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in ONNX versions up to 1.21.x exposes limited memory contents to low-privileged remote attackers via the convPoolShapeInference_opset19 shape inference function. The CVSS 4.0 score of 2.1 reflects minimal real-world impact - confidentiality-only, low severity - yet a public proof-of-concept is available via GitHub issue #8036. No active exploitation has been confirmed by CISA KEV, and an upstream patch exists at commit a7bf3a0f1d18bb62575236ef6e4944980c40e045 via PR #8051.
Weak session hash generation in ForceInjection AI-fundermentals 2.0 and 3.0 exposes conversation history belonging to other users in shared deployments. The `get_conversation_history` function in the Memory Recall Handler generates `sessionowner` tokens using a cryptographically weak hash algorithm (CWE-328), allowing a low-privileged authenticated attacker to predict or brute-force another user's session identifier and retrieve their prior conversation records. A publicly available exploit exists per GitHub issue #17 and the CVSS 4.0 E:P modifier, though the high attack complexity (AC:H) and low overall score of 2.3 indicate exploitation is difficult and impact is limited to partial confidentiality loss - no integrity or availability impact is present.
Divide-by-zero in RT-Thread's lightweight process (lwp) syscall handler allows a low-privileged remote attacker to crash the RTOS by sending crafted read, write, or sys_ioctl system calls with malicious parameters to the affected handler in components/lwp/lwp_syscall.c. Affected versions are 5.2.2 and below. A public proof-of-concept exploit has been disclosed via GitHub issue #11429, though this vulnerability has not been added to the CISA KEV catalog, suggesting exploitation remains opportunistic rather than broadly weaponized. The upstream fix exists only as a pull request (PR #11453) awaiting merge acceptance.
In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap (datalen = length + fraggap). When fraggap is non-zero, this is not the first skb and transhdrlen is zero. The fraggap bytes carried over from the previous skb are copied just past the fragment headers in the new skb's linear area. The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount, and the copy writes past skb->end into the trailing skb_shared_info. An unprivileged user can trigger this via a UDPv6 socket using MSG_MORE together with MSG_SPLICE_PAGES. The bad accounting was introduced by commit 773ba4fe9104 ("ipv6: avoid partial copy for zc"). Before commit ce650a166335 ("udp6: Fix __ip6_append_data()'s handling of MSG_SPLICE_PAGES"), the negative copy value caused -EINVAL to be returned. That later commit allowed MSG_SPLICE_PAGES to proceed in this case, making the corruption triggerable. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic. Since a negative copy is no longer expected for a valid MSG_SPLICE_PAGES case, remove the MSG_SPLICE_PAGES exception from the negative copy check.
In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unix_schedule_gc() unix_schedule_gc() `- if (!gc_in_progress) `- if (!gc_in_progress) |- gc_in_progress = true | `- queue_work() | unix_gc() <----------------/ | | |- gc_in_progress = true ... `- queue_work() | | `- gc_in_progress = false | | unix_gc() <---------------------------------------------' | ... /* gc_in_progress == false */ | `- gc_in_progress = false unix_peek_fpl() relies on gc_in_progress not to confuse GC by MSG_PEEK. Let's set gc_in_progress to true in unix_gc().
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change (PSC) requests _rely_ on this behavior, as the guest can't provide a length when making the request, i.e. the size of the guest payload is bounded by the size of the shared buffer. Failure to force usage of the GHCB, and a slew of other flaws, lets a malicious SNP guest corrupt host kernel heap memory, and leak host heap layout information. setup_vmgexit_scratch() allocates a buffer via kvzalloc(exit_info_2), where exit_info_2 is guest-controlled. With exit_info_2=24, this yields a 24-byte allocation in kmalloc-cg-32 (32-byte slab objects). The buffer holds an 8-byte psc_hdr followed by 8-byte psc_entry structs, so only entries[0] and entries[1] are in-bounds. snp_begin_psc() validates end_entry against VMGEXIT_PSC_MAX_COUNT (253) but NOT against the actual buffer size: idx_end = hdr->end_entry; if (idx_end >= VMGEXIT_PSC_MAX_COUNT) { // checks 253, not buffer snp_complete_psc(svm, ...); return 1; } for (idx = idx_start; idx <= idx_end; idx++) { entry_start = entries[idx]; // OOB when idx >= 2 The guest sets end_entry=10+, causing the host to iterate entries[2+] which are OOB into adjacent slab objects. For each OOB entry: - The host reads 8 bytes (OOB READ / info leak oracle) - If the data passes PSC validation, __snp_complete_one_psc() writes cur_page = 1 or 512 into the entry (OOB WRITE, sev.c:3806) - If validation fails, the error response reveals whether adjacent memory is zero vs non-zero (information disclosure to guest) The guest controls allocation size (exit_info_2), entry range (cur_entry/end_entry), and can fire unlimited VMGEXITs to repeatedly hit different slab positions. By exploiting the variety of bugs, a malicious SEV-SNP guest can: - OOB read adjacent kmalloc-cg-32 objects (heap layout disclosure) - OOB write cur_page bits into adjacent objects (heap corruption) - Trigger use-after-free conditions across VMGEXITs E.g. with KASAN enabled, a single insmod of the PoC guest module produces 73 KASAN reports: BUG: KASAN: slab-out-of-bounds in snp_begin_psc+0x126/0x890 Read of size 8 at addr ffff888219ffb5e0 by task qemu-system-x86/2199 BUG: KASAN: slab-out-of-bounds in snp_begin_psc+0x468/0x890 Write of size 8 at addr ffff888351566648 by task qemu-system-x86/2199 The buggy address belongs to the object at ffff888XXXXXXXXX which belongs to the cache kmalloc-cg-32 of size 32 The buggy address is located N bytes to the right of allocated 32-byte region [ffff888XXXXXXXXX, ffff888XXXXXXXXX) Breakdown: 62 slab-out-of-bounds (reads + writes past allocation) 7 slab-use-after-free 4 use-after-free All credit to Stan for the wonderful description and reproducer! [sean: write changelog]
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.
Protection mechanism failure in NousResearch hermes-agent (≤ 0.15.2) allows remote authenticated attackers to bypass shell execution controls via the shell.exec function in tui_gateway/server.py, resulting in low-level confidentiality, integrity, and availability impact. The vulnerability is classified under CWE-693 and carries a CVSS 4.0 score of 5.3 (Medium), with a publicly available proof-of-concept exploit hosted on GitHub. No patch has been issued - the vendor did not respond to the researcher's disclosure - meaning all deployments of hermes-agent up to and including version 0.15.2 remain exposed.
Session data exposure in FederatedAI FATE's OSX Broker gRPC component allows an authenticated federated party to manipulate session routing arguments and access data belonging to a different federated session. Affected versions extend through FATE 2.2.0, specifically in the QueuePushReqStreamObserver.initEggroll method within the Java-based OSX Broker. No public exploit confirmed active exploitation (not in CISA KEV), though exploit code has been publicly disclosed via a GitHub issue, and the CVSS 4.0 score of 2.3 reflects the high attack complexity and limited confidentiality impact.
PHP file inclusion in PHPIPAM allows authenticated API users to include and execute arbitrary PHP files from the web server's filesystem, with primary impact on application confidentiality through exposure of sensitive configuration data. Exploitation is gated behind two non-default conditions: the REST API must be deliberately enabled by an administrator, and the attacker must hold valid API credentials - constraining the realistic attack surface substantially. Publicly available exploit code exists per Project Black's research blog, though the vulnerability carries a CVSS 4.0 score of 2.3 and is absent from CISA KEV, reflecting its narrow exploitation prerequisites rather than widespread threat activity.
Local privilege escalation in Unity Parsec for Windows (all builds through v2026-05-04.0) lets an unprivileged local user coerce an instance of parsecd.exe to run as NT AUTHORITY\SYSTEM while honoring a user-controlled AppData environment variable, allowing the attacker to redirect the privileged process to resources under their control and gain SYSTEM. The flaw is a CWE-648 misuse of privileged APIs; publicly available exploit code exists (a dedicated CVE GitHub repository and a researcher write-up), and it is fixed in Parsec for Windows 150-104a. It is not listed in CISA KEV and no EPSS score was supplied, so there is no evidence of widespread active exploitation.
Case-sensitivity bypass in NousResearch hermes-agent through version 2026.4.30 allows authenticated remote attackers to leak limited reasoning content that should have been scrubbed by the Streaming Reasoning Tag Filter. The vulnerability resides in `GatewayStreamConsumer._filter_and_accumulate` within `gateway/stream_consumer.py`, where tag matching fails to account for case variations, permitting reasoning tokens to escape filtration. A public proof-of-concept exploit has been disclosed; however, the vendor has formally declined to issue a patch, classifying the maintenance cost as disproportionate to the assessed risk.
Information disclosure in DeepMyst Mysti's Per-Project Auto-Memory Handler allows low-privileged remote attackers to expose resources by supplying a manipulated workspacePath argument to the initProjectMemory function in src/managers/MemoryManager.ts. EUVD-2026-41610 confirms versions 0.1 through 0.4.0 are affected. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; the CVSS 4.0 score of 5.3 reflects a limited, confidentiality-only impact with no integrity or availability consequences.
Cross-repository information disclosure and cross-task tampering in Gitea's self-hosted Git server (fixed in v1.26.2) arises from an HMAC signature ambiguity in the Actions Artifacts V4 signed-URL scheme, letting an authenticated low-privilege user reuse a validly signed URL outside its intended repository or task context. An attacker with access to a single Actions task can read private artifacts belonging to other repositories and write upload-state for tasks they do not own, crossing the repository trust boundary (CVSS 9.6, scope-changed). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Information disclosure in Gitea Open Source Git Server (through 1.26.2) allows a user whose repository access has been revoked to continue viewing private issue metadata via the Notification API, because notification records are not purged or re-authorized when permissions change. The CVSS 3.1 base score is 7.5 (C:H) and the vendor (Gitea) fixed it in 1.26.3/1.26.4. No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating limited near-term exploitation likelihood.
Information disclosure in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based attackers to expose sensitive browser data through a use-after-resource condition (CWE-672). Exploitation requires user interaction and high attack complexity, but the changed scope (S:C) indicates the flaw breaches browser isolation boundaries, yielding high confidentiality impact. No public exploit or active exploitation has been identified at time of analysis; vendor patch is available from Microsoft MSRC.
Information disclosure in Microsoft Edge for Android (Chromium-based) allows a network-based attacker to expose a victim's private personal information, but only after luring the user into interacting with attacker-controlled content (UI:R). The flaw carries a CVSS 7.1 rating driven by high confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor patch is available via Microsoft's MSRC update guide.
Information disclosure in Microsoft Edge for Android allows a remote unauthenticated attacker to exfiltrate private personal information over the network when a victim interacts with attacker-controlled content. The flaw carries a CVSS 7.1 with high confidentiality impact and stems from private data being exposed to an unauthorized actor (CWE-359); Microsoft has released a fix. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Information disclosure in Microsoft Edge (Chromium-based) lets a remote attacker read sensitive data by abusing improper symbolic/link resolution (CWE-59) when a victim interacts with attacker-controlled content. Exploitation requires user interaction (UI:R) but no authentication (PR:N), and the scope-changed impact (S:C) indicates data is exposed beyond the browser's own security boundary. Microsoft has released a fix; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 expose sensitive information to unauthorized network actors, enabling spoofing attacks against users who interact with attacker-controlled content. The vulnerability maps to CWE-200, indicating that browser-internal sensitive data (likely origin, URL, or session context) is improperly disclosed across a network boundary, allowing an attacker to impersonate trusted content or identities. No public exploit code or CISA KEV listing exists at time of analysis; however, the CVSS score of 6.5 with a network attack vector and no privilege requirement underscores meaningful real-world risk for any unpatched Edge deployment.
Race condition in Microsoft Edge (Chromium-based) permits a locally authenticated, low-privileged attacker to disclose information beyond the intended security boundary, with the CVSS scope change (S:C) indicating impact can extend outside the directly vulnerable component - potentially across process or sandbox boundaries within the browser. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, placing it in a lower operational priority tier despite the scope change. Microsoft has released a patch via the MSRC advisory.
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.
Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.
Gitea 1.26.2 allows unauthorized users to access labels of private organizations.
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.
TOTP two-factor authentication replay in Gitea 1.5.0 through 1.26.2 lets a captured valid one-time code be accepted multiple times instead of being invalidated after first use, weakening 2FA on both the web login flow and the Basic Auth X-Gitea-OTP header path. An attacker who observes a legitimate TOTP code (via interception, shoulder-surfing, or logging) can replay it within its validity window to authenticate as the victim. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in Gitea 1.26.3.
Session fixation in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to pre-set a known session identifier in a victim's browser, then hijack the authenticated session after the victim logs in. The CVSS 4.0 score of 2.9 reflects limited impact scope (low confidentiality, integrity, and availability) combined with high attack complexity, though a public exploit has been released (E:P). No CISA KEV listing indicates no confirmed widespread active exploitation at time of analysis.
Double-free heap corruption in Open Asset Import Library (Assimp) through version 6.0.4 allows remote low-privileged attackers to corrupt process memory by supplying a maliciously crafted PLY 3D model file to the ExportToBlob function in the PLY Model Handler. A publicly available proof-of-concept exploit was disclosed alongside the report. The CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality, integrity, and availability impact on the vulnerable system, though CWE-415 double-free conditions in C++ libraries carry latent potential for escalated impact depending on memory layout and heap state at runtime.
Unauthorized child group disclosure in Red Hat Build of Keycloak's Fine-Grained Admin Permissions v2 (FGAP v2) exposes group names, paths, and custom attributes to delegated administrators who lack direct authorization over those child groups. When FGAP v2 is enabled and a delegated admin queries child groups through a parent group endpoint, the system omits the required per-permission filter, returning records that should be outside the caller's scope. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, placing it in the category of a low-severity information disclosure risk that is nonetheless significant in multi-tenant IAM environments where group attribute confidentiality matters.
Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse outside intended file paths and read arbitrary files, resulting in information disclosure. Multiple version branches are affected, including the current mainstream 8.7 release, LTS2026 builds through 8.6.1.10, LTS2025 builds through 8.3.1.30, and LTS2024 builds through 7.13.1.70. Dell published advisory DSA-2026-278 addressing this issue; no public exploit code or active exploitation has been identified at time of analysis.
Information exposure in Dell PowerProtect Data Domain across multiple release tracks allows a low-privileged local attacker to read sensitive residual data via an uninitialized memory resource (CWE-908). The flaw spans the mainline 7.7.1.0-8.7 branch and three LTS tracks (LTS2024, LTS2025, LTS2026), confirmed by Dell via advisory DSA-2026-278. No public exploit code exists and no active exploitation has been identified; the CVSS 3.3 score and local-only attack vector place this firmly in the low-severity tier.
Out-of-bounds heap read in the Net::IP::LPM Perl module (all versions through 1.10) is triggered when an application passes an oversized CIDR prefix length (e.g. add("1.2.3.4/255") or a /255 IPv6 prefix) to the trie builder, which walks the packed address buffer by the attacker-supplied bit count without validating it against the 32-bit/128-bit address width. The read runs at most ~32 bytes past a 4- or 16-byte buffer and its contents are never returned through the module's API, so real-world impact is limited to a possible process abort under AddressSanitizer, valgrind, or a hardened allocator. No public exploit identified at time of analysis; EPSS is low (0.23%, 13th percentile) and SSVC lists exploitation status as none.
Dell PowerProtect Data Domain exposes sensitive file content to high-privileged local attackers through a symlink-following flaw (CWE-59), where the application fails to validate link targets before file access. Affected versions span multiple release trains including the current 8.x mainline and LTS branches. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Sensitive information disclosure in Dell PowerProtect Data Domain exposes credentials or configuration data to local low-privileged attackers via insufficiently protected log files. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, with specific LTS branches also impacted. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact (C:H) warrants prompt patching on any appliance accessible to untrusted local users or shared administrative accounts.
Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory contents and crash the service across multiple concurrent release trains. Affected versions span the mainline (7.7.1.0-8.7), LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches, creating broad organizational exposure for enterprises running any supported Data Domain release. No public exploit or confirmed active exploitation has been identified at time of analysis; the mandatory high-privilege prerequisite substantially constrains the realistic attacker pool.
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. With a CVSS base score of 2.7 (Low) and no confirmed active exploitation or public proof-of-concept, real-world impact is constrained by the high privilege requirement and the limited integrity-only scope of the vulnerability.
Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files outside restricted directories, resulting in information disclosure. Affected deployments span multiple release trains - standard releases 7.7.1.0 through 8.6, LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70. No public exploit identified at time of analysis; the low CVSS score of 2.3 correctly reflects the high privilege and local access prerequisites that substantially constrain real-world exploitation scope.
Cross-site WebSocket hijacking in Eclipse Theia's browser backend (versions 1.8.1 and later) lets a foreign-origin web page reach the unauthenticated /services shell-terminal RPC namespace and execute arbitrary OS commands on the victim's host. The flaw stems from fail-open Origin validation in @theia/core combined with a client-controllable fix-origin header, so simply luring a developer running Theia to a malicious site yields remote code execution. There is no public exploit identified at time of analysis, and CVSS is rated 8.8 (High) driven by the user-interaction-only barrier.
Local File Inclusion in the RTMKit (rometheme-for-elementor) plugin for WordPress versions up to and including 2.0.7 allows authenticated attackers with Contributor-level access to include and execute arbitrary PHP code on the server. The render_templates AJAX endpoint passes the unsanitized 'template' parameter directly into a PHP require/include statement, restricted only to files ending in _templates.php. Wordfence reported this vulnerability; no public exploit code or CISA KEV listing is present at time of analysis.
Physical-access authentication bypass in Dell Client Platform BIOS (CWE-305) affects a sweeping range of Dell consumer, gaming, and enterprise platforms - including Inspiron, Alienware, Latitude, OptiPlex, and Precision lines. An unauthenticated attacker with physical access and the ability to meet high-complexity attack conditions can bypass the primary BIOS authentication mechanism, resulting in information disclosure and, per the CVSS integrity metric (I:H), potential high-integrity impact. Notably, the declared impact in the description is limited to 'Information Disclosure' while the supplied CVSS vector assigns I:H, a discrepancy that warrants clarification from Dell's advisory DSA-2026-195. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog.
Cleartext storage of sensitive parameters in Puppet's resource_api module (versions 1.5.0-1.9.1 and 2.0.0) causes passwords and other credential values to persist unmasked in the Puppet agent's local transaction state cache. The sensitive flag - intended to prevent exactly this exposure - is silently dropped during resource_api parameter processing, meaning any resource type built on this API and declaring sensitive parameters leaks those values to the cache filesystem. No public exploit exists and this is not listed in CISA KEV, but the confidentiality impact is high for environments where Puppet manages secrets such as database passwords or API tokens.
Improper export of Android application components in the ASUS Router App enables any co-installed third-party application on the same Android device to send a crafted Intent that forces the ASUS Router App to navigate to an attacker-specified URL. The flaw, classified as CWE-926, allows an attacker-controlled application to abuse the exposed component as an open redirect, potentially rendering phishing content or harvesting router management credentials within the app's trusted interface context. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
CVE-2026-49838 is a vulnerability reported by Ubuntu with no description, CVSS score, CWE classification, or technical detail available at time of analysis. The CVE identifier falls in the 2026 range, suggesting this may be a recently reserved or embargoed entry. No impact, affected component, or exploitation vector can be determined from the provided data.
Unauthenticated public listing of an Azure Blob Storage container exposes device log files across the entire Gardyn smart garden fleet to any internet-accessible actor. The misconfiguration affects all versions of Gardyn Home Firmware, Gardyn Studio Firmware, and the Gardyn Cloud API, meaning no specific patched version bounds the exposure - it is architectural rather than release-specific. Reported via ICS-CERT advisory ICSA-26-183-03, no confirmed active exploitation (CISA KEV) and no public exploit code have been identified at time of analysis, though exploitation requires zero technical prerequisites beyond internet access and knowledge of the container URL.
Denial of service in pdfcpu (the Go PDF processing library and CLI) through v0.11.1 lets a remote attacker crash any application that parses attacker-supplied PDFs by submitting a document with deeply nested objects. The parser follows nested arrays recursively via ParseObjectContext() and parseArray() with no depth cap, so a crafted file exhausts the goroutine stack and aborts the process. No public exploit is identified at time of analysis and EPSS is low (0.17%, 7th percentile), consistent with an availability-only bug rather than a code-execution risk.
HTTP request smuggling in Ruby's WEBrick HTTP server through v1.9.2 allows remote attackers to desynchronize front-end/back-end request parsing by exploiting how WEBrick reparses a Content-Length value supplied in chunked trailers back into the canonical request state. Any deployment fronting WEBrick with a proxy, load balancer, or CDN that disagrees on message length can have requests smuggled past it, enabling request routing manipulation and information disclosure. Publicly available exploit code exists (SSVC exploitation status: poc), though EPSS remains low at 0.16% and it is not on CISA KEV.
Authentication-bypass leading to remote code execution in 9router (npm package 9router) lets attackers reach spawn-capable MCP routes that were meant to be loopback-only. This is an incomplete fix for CVE-2026-46339: the local-only gate in src/dashboardGuard.js decides 'local' from attacker-controllable Host and Origin headers instead of the TCP source address, so any proxied or tunneled (Cloudflare Tunnel / Tailscale) deployment can be tricked into treating remote requests as local. Combined with the deterministic, machine-ID-derived CLI token, a remote attacker can inject JSON-RPC into MCP child processes (node, python, npx, etc.) and execute code on the host; no public exploit identified at time of analysis, though detailed reproduction steps are published in the vendor advisory.
Arbitrary file read in GravitLauncher LaunchServer ≤ 5.7.11 lets an unauthenticated remote attacker retrieve any file readable by the server process via a path-traversal in the default-enabled HTTP file server on port 9274. Because the exposed files include the ECDSA key that signs access JWTs (.keys/ecdsa_id), the refresh-token salt, and database credentials, the flaw escalates from information disclosure to a full authentication bypass allowing forged admin tokens. Publicly available exploit code exists (a raw-socket PoC in the advisory); the issue is not listed in CISA KEV and no active exploitation is confirmed.
Source-code disclosure in the Algernon web/application server (Go, xyproto/algernon, tested at v1.17.8) lets an unauthenticated remote client retrieve the raw source of any public-path server-side script on Windows hosts by appending an NTFS-equivalent suffix (::$DATA, a trailing dot, or a trailing space) to the URL. Because filepath.Ext() does an exact suffix match, these forms are not recognized as .lua/.tl/.po2/.amber/.frm and fall through to the raw-file branch, while NTFS canonicalizes the name back to the real script, exposing embedded database credentials and the SetCookieSecret value used to forge session cookies. Publicly available exploit code exists (full PoC in the GitHub advisory); no public exploit identified as actively exploited and this is not in CISA KEV.
Unbounded memory exhaustion in zebrad's mempool download pipeline allows unauthenticated remote peers to crash Zcash full nodes by sustaining P2P transaction traffic. The root cause is that timed-out verification tasks never remove their entries from the `cancel_handles` map because `tokio::time::error::Elapsed` carries no payload, making the transaction ID unrecoverable at the timeout arm of `Downloads::poll_next()`. All nodes running zebrad up to v4.4.1 with default configuration are affected, and a working end-to-end reproduction exists on a live regtest network. No patch has been released at time of analysis; the only recovery action is a node restart.
Persistent RocksDB state corruption in zebrad up to v4.4.1 arises from an asymmetric cleanup bug in the non-finalized chain fork handler: `pop_tip` omits the Sapling and Orchard note commitment subtree root cleanup that `pop_root` correctly performs, causing stale subtree root entries to survive in memory and be flushed to disk during subsequent chain finalization. The corrupted subtree root history survives node restarts and is served to downstream consumers of `z_getsubtreesbyindex` - primarily `lightwalletd` and light wallets - causing wallet synchronization failures or incorrect wallet state that requires a full database rebuild to recover. No public exploit is identified at time of analysis and this vulnerability is not listed in CISA KEV; the risk is passive silent corruption accumulating on all unpatched nodes during routine chain fork events rather than adversarial exploitation.
Authentication bypass via hard-coded default credentials in AutoBangumi before 3.2.8 lets unauthenticated remote attackers log in as administrator using publicly known credentials that the application seeds at startup via add_default_user() whenever the users table is empty. Successful login grants full control over RSS feed and downloader configuration and every authenticated API endpoint (CVSS 4.0 9.3). No public exploit identified at time of analysis, but the credentials are public and exploitation is trivial against any un-upgraded, freshly-initialized instance.
Remote denial-of-service in Zebra (zebrad ≤ v4.4.1), the Zcash Foundation's Rust node, lets an unauthenticated P2P peer permanently stall a targeted node at a chosen block height. By exploiting ZIP-244 transaction malleability, an attacker crafts a poisoned block body sharing the same header hash as a valid canonical block; Zebra caches the hash before validation and never evicts it on failure, so the legitimate block is later rejected as a duplicate. This is a real availability threat against default configurations, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was independently reproduced end-to-end by two researchers.
Plaintext recovery of webflow conversation state in Apereo CAS (versions 7.3.0 up to but not including 8.0.0-RC6) lets remote unauthenticated attackers decrypt sensitive login-flow data by exploiting AES-GCM nonce reuse. Because the server encrypts client-side webflow execution tokens with a fixed all-zero initialization vector under a single long-lived key, an attacker can harvest multiple tokens from the public login page and apply known-plaintext/keystream-reuse analysis to break confidentiality (and, given GCM's nonce-reuse properties, integrity of the token). Publicly available exploit code exists; the flaw was reported by VulnCheck and carries a CVSS 4.0 base of 9.3, though no CISA KEV listing or EPSS score is provided.
Authentication bypass via OIDC discovery poisoning in Dapr Sentry allows a remote unauthenticated attacker to inject an attacker-controlled issuer and jwks_uri into the /.well-known/openid-configuration document by supplying a crafted X-Forwarded-Host header. Because the endpoint honors that header without validation when no allowed-hosts list is set (the default) and caches the response publicly for one hour, relying parties that perform dynamic, unpinned OIDC discovery will fetch keys from an attacker's server and accept attacker-signed JWTs - effectively forging trusted identities. Reported by VulnCheck (CVSS 4.0 8.2); no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Pathway data-processing framework (versions through 0.31.1) lets a remote unauthenticated attacker exhaust CPU by submitting a short glob pattern packed with many ** tokens to the document store's /v1/retrieve, /v1/inputs and /v2/answer endpoints. The hand-written recursive matcher branches exponentially on each ** without memoization, so a handful of crafted requests can stall the service for tens of seconds each and deny availability. Publicly available exploit code exists and a vendor patch (commit d09722e) is available; the flaw is not listed in CISA KEV.
Process termination via crafted RPC input in zebrad (Zcash Foundation's Zcash node) up to v4.4.1 allows an authenticated network attacker to kill the entire node daemon by submitting a `getblocktemplate` RPC call with a `LongPollId` parameter containing multi-byte UTF-8 characters. The root cause is unsafe byte-index string slicing in Rust, which panics when a byte offset lands mid-character; because the release profile sets `panic = "abort"`, this immediately terminates the zebrad process rather than unwinding only the RPC task. No public exploit or active exploitation is identified at time of analysis, but the attack is trivially repeatable on restart, making it a reliable denial-of-service for mining pools and infrastructure dependent on the getblocktemplate workflow.
Unauthenticated OAuth client secret disclosure in Dragonfly Manager (dragonflyoss/dragonfly <= v2.4.3) exposes GitHub and Google OAuth client_secret values to any host that can reach the Manager REST API port. The GET /api/v1/oauth and GET /api/v1/oauth/:id handlers omit the jwt.MiddlewareFunc() and RBAC middleware enforced on every other admin route group in the same router file - including the write methods (POST, DELETE, PATCH) in the same /oauth group - and the models.Oauth struct serializes ClientSecret without redaction. A detailed proof-of-concept with captured output is included in the advisory; no CISA KEV listing is present and EPSS data is unavailable.
Denial of service in Conform's `parseSubmission` future API allows remote attackers to exhaust server CPU by submitting FormData or URLSearchParams payloads containing many unique field names. Affecting the @conform-to/dom npm package used in React/Remix form-handling stacks, the flaw stems from the parser repeatedly scanning submitted entries during name-based value lookups, producing worst-case super-linear (effectively quadratic) synchronous work per request. There is no public exploit identified at time of analysis and no CISA KEV listing; impact is availability degradation rather than data exposure, despite the input's mislabeled 'Information Disclosure' tag.
Improper cryptographic signature verification in the CubeSpace CW0057 Reaction Wheel firmware (versions prior to 5.0.20) permits an attacker with physical access to flash arbitrary, unsigned firmware onto the device without any authentication. This affects a safety-critical spacecraft attitude control component used in CubeSat and small satellite missions, where unauthorized firmware replacement could cause mission-critical failures including attitude loss or uncontrolled spacecraft behavior. A proof-of-concept exploit exists (indicated by E:P in the CVSS 4.0 supplemental vector); no active exploitation has been confirmed by CISA KEV at time of analysis.
{}` that carries no `CheckRedirect` policy. Because Go's `net/http` strips only the standard `Authorization`, `Cookie`, and `WWW-Authenticate` headers on cross-host redirects - not arbitrary custom headers - any 30x redirect issued by the configured `HubURI` causes both keys to be forwarded verbatim to the redirect destination. A proof-of-concept confirming the leak has been provided by the reporter; no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Incorrect conditional-move output in the RustCrypto `cmov` crate's aarch64 backend causes cryptographic constant-time operations to silently produce wrong results on aarch64 platforms. The inline assembly implementations of `Cmov` and `CmovEq` compare full 32-bit register contents instead of the intended narrowed type widths when evaluating conditions, because Rust's inline assembly specification explicitly leaves upper register bits undefined for inputs smaller than the register size. A proof-of-concept demonstrating the failure is included in the advisory; the vulnerability is not listed in CISA KEV and no active exploitation has been reported.
Stored cross-site scripting in the TP-Link Archer C5 v6.8 router web management interface lets an authenticated administrator inject persistent HTML/JavaScript into a user-controlled field that later executes in another administrator's browser session. The flaw affects ISP-managed firmware variants and can be leveraged for session hijacking and unauthorized modification of router configuration. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation requires existing admin access, sharply limiting real-world impact.
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Path-traversal enumeration in Erlang OTP's ssh_sftpd module allows authenticated SFTP users to determine whether arbitrary filesystem paths exist outside the configured SFTP root directory. The SSH_FXP_REALPATH handler uniquely passes Canonicalize=false to relate_file_name/3, causing dotdot traversal sequences to skip the is_within_root/2 boundary check before entering resolve_symlinks/2, which then issues read_link() syscalls on arbitrary host paths. Affected versions span OTP 17.0 through the fixed releases 29.0.3, 28.5.0.3, and 27.3.4.14; no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Cross-tenant entry takeover in Craft CMS 5.7.0 through 5.9.20 lets a low-privileged author overwrite another user's existing entry by smuggling a numeric id through the newAttributes parameter of the bulk-duplicate element action. Because the duplication routine re-applies attacker-controlled attributes after nulling the primary key, a UPDATE is executed against the victim's row instead of an INSERT, letting the attacker rewrite the victim's title, slug, authorId, postDate, and UID. No public exploit identified at time of analysis and it is not in CISA KEV; the flaw is fixed in version 5.9.21.
Missing authentication in mcp-memory-service's HTTP REST server exposes every route under /api/documents/* without any credential check, even when the operator has enabled MCP_API_KEY or OAuth, so remote attackers can upload, read, and delete stored memories at will. Because the sibling /api/memories router correctly enforces auth (returning 401), the gap is an inconsistent, easily-discovered authentication boundary that grants full confidentiality, integrity, and availability impact. A working PoC and vendor GitHub Security Advisory (GHSA-84hp-mqvj-3p8h) exist, so publicly available exploit code exists, though no CISA KEV listing or EPSS score was provided.
Cross-site session abuse in Ubiquiti UniFi OS lets a remote attacker who lures an authenticated operator to a malicious web page ride that user's active session to perform privileged actions on the device, stemming from a permissive CORS policy that trusts untrusted origins. The flaw affects UniFi OS Server and the console firmware running on Dream Machines, Dream Routers, Dream Wall, Cloud Gateways, Cloud Keys, Enterprise Fortress Gateway, Express 7, and Network/Enterprise Video Recorders. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; success hinges on social-engineering an already-logged-in admin (CVSS 7.5, UI:R, AC:H).
Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) kernel driver GFAC_Sys_x64.sys allows an unprivileged local user to invoke privileged driver functionality because the minifilter communication port exposes its interface without proper access control. Any local account can send crafted requests through the port to reach kernel-level operations, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). A CERT/CC-coordinated advisory (VU#639124) and a public GitHub repository covering CVE-2026-12166/12167/12168 suggest exploit code is likely available, though no active exploitation is confirmed.
Privilege escalation via incorrect authorization in Progress Flowmon lets an authenticated low-privileged user abuse the PDF generation workflow to have operations executed under another user's identity, exposing sensitive data and permitting unauthorized configuration changes. It affects all Flowmon releases before 12.5.9 (12.x branch) and before 13.0.10 (13.x branch). No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 score is 8.7 (High).
Remote username enumeration in GoFiber fiber v3's default BasicAuth middleware exploits a timing side-channel caused by Go's short-circuit `&&` evaluation, producing a ~1,000,000:1 response-time ratio between valid and invalid usernames when bcrypt hashing is in use. Any GoFiber v3 application relying on the default `Authorizer` with hashed credentials is affected; an unauthenticated remote attacker can enumerate valid usernames by measuring HTTP response latency, then focus credential brute-force exclusively on confirmed accounts. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, which must be done under conn->lock. cleanup_listen() runs under the parent sk_lock, so acquiring conn->lock would invert the established conn->lock -> chan->lock -> sk_lock order. Instead of calling l2cap_chan_close() directly, schedule l2cap_chan_timeout with delay 0 to close the channel asynchronously. The timeout handler already acquires conn->lock and chan->lock in the correct order. The timer is only armed when chan->conn is still set: if it is already NULL, l2cap_conn_del() has already processed this channel (l2cap_chan_del + l2cap_sock_teardown_cb + l2cap_sock_close_cb), so there is nothing left to do. If l2cap_conn_del() races in after the timer is armed, __clear_chan_timer() inside l2cap_chan_del() cancels it; if the timer has already fired, the handler returns harmlessly because chan->conn was cleared.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from the parent accept queue and release_sock()s it before returning, so the returned sk has no caller reference and is unlocked. l2cap_sock_cleanup_listen() walks these children on listening-socket close. A concurrent HCI disconnect drives hci_rx_work -> l2cap_conn_del() which runs l2cap_chan_del() + l2cap_sock_kill() and frees the child sk and its l2cap_chan; cleanup_listen() then uses both: BUG: KASAN: slab-use-after-free in l2cap_sock_kill l2cap_sock_kill / l2cap_sock_cleanup_listen / __x64_sys_close Freed by: l2cap_conn_del -> l2cap_sock_close_cb -> l2cap_sock_kill This is distinct from the two fixes already in this area: commit e83f5e24da741 ("Bluetooth: serialize accept_q access") serialises the accept_q list/poll and takes temporary refs inside bt_accept_dequeue(), and CVE-2025-39860 serialises the userspace close()/accept() race by calling cleanup_listen() under lock_sock() in l2cap_sock_release(). Neither covers l2cap_conn_del() running from hci_rx_work, so this UAF still reproduces on current bluetooth/master. Take the reference at the source: bt_accept_dequeue() does sock_hold() while sk is still locked, before release_sock(); callers sock_put(). cleanup_listen() pins the chan with l2cap_chan_hold_unless_zero() under a brief child sk lock (serialising vs l2cap_sock_teardown_cb()), drops it before l2cap_chan_lock(), and skips a duplicate l2cap_sock_kill() on SOCK_DEAD. conn->lock is not taken here: cleanup_listen() runs under the parent sk lock and that would invert conn->lock -> chan->lock -> sk_lock (lockdep). KASAN/SMP: an unprivileged listen/close vs HCI-disconnect race produced 12 use-after-free reports per run before this change; 0, and no lockdep report, over 1600+ raced iterations after it on bluetooth/master.
Unauthenticated sensitive data exposure in the Kit (formerly ConvertKit) for WooCommerce WordPress plugin versions 2.1.5 and below allows remote unauthenticated attackers to access sensitive information without any credentials or user interaction. The vulnerability is classified under CWE-497, indicating the plugin inadvertently surfaces system or application-level sensitive data to an unauthorized control sphere - likely including API keys, subscriber data, or configuration secrets tied to the Kit email marketing integration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Local File Inclusion in the SportsPress Pro WordPress plugin (versions 2.7.29 and earlier) lets an authenticated user holding at least Contributor privileges cause the application to include and disclose arbitrary local files on the server. Because the flaw is rooted in unsafe PHP file inclusion (CWE-98), a successful attacker can read sensitive files such as wp-config.php and, depending on which local files can be included, potentially escalate toward code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the finding is documented by Patchstack.
Local File Inclusion in the Shopify (Shopify Help Center) WordPress plugin through version 1.0.0 allows an authenticated user with at least Contributor privileges to include and read arbitrary local files on the server, potentially escalating to code execution via CWE-98-style file-inclusion abuse. The flaw was reported by Patchstack and carries a CVSS 7.5 rating driven by high confidentiality, integrity, and availability impact but with high attack complexity. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Broken authentication in VillaTheme's ALD - Dropshipping and Fulfillment for AliExpress and WooCommerce (all versions up to and including 2.2.0) permits remote unauthenticated attackers to bypass authentication controls under high-complexity conditions, yielding limited read and write access to protected plugin functionality. Assigned CVSS 3.1 score of 4.8 with AV:N/AC:H/PR:N, the high attack complexity signals that exploitation requires specific preconditions rather than a trivial request. No public exploit code or active exploitation has been identified at time of analysis, and CISA KEV listing is absent.
Sensitive subscriber data exposure in the Hotel Booking Lite WordPress plugin (versions 6.0.3 and earlier) allows authenticated low-privileged users to access confidential booking or guest information they should not be authorized to view. The vulnerability, classified under CWE-201, involves the plugin including sensitive data in API responses or rendered output accessible to subscriber-level WordPress accounts. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact and low barrier to exploitation (only a subscriber account required) make patching a priority for any hospitality operator running this plugin.
Arbitrary MongoDB collection disclosure in cve-search allows a remote, unauthenticated attacker to read any application database collection through the POST /fetch_cve_data endpoint by manipulating the collection name, projected fields, and regex filter parameters. Attackers can dump the mgmt_users collection to harvest administrative usernames and password hashes for offline cracking. Publicly available exploit code exists (referenced in the project issue tracker) and a vendor patch is available, though no active exploitation has been reported.
Weak hashing in LangGraph's Task Result Cache exposes low-privilege authenticated users to hash collision attacks that can leak cached task results across isolation boundaries. All LangGraph versions through 1.2.4 are affected via the `_freeze` function in `libs/langgraph/langgraph/_internal/_cache.py`. A public proof-of-concept is disclosed at GitHub issue #8009, though the CVSS 4.0 score of 2.3 and AC:H rating reflect genuinely high exploitation difficulty; this is not listed in CISA KEV and no active exploitation has been reported.
Weak hashing in exo-explore exo up to version 1.0.71 exposes the Vision Feature Cache to hash collision attacks via the `_image_cache_key` function in `src/exo/worker/engines/mlx/vision.py`. A remote, unauthenticated attacker capable of engineering the necessary collision inputs could disclose cached vision feature data, yielding a low confidentiality impact. Publicly available exploit code exists (referenced in GitHub issue #2151), though high attack complexity (AC:H) and the absence of a CISA KEV listing indicate no confirmed widespread active exploitation at time of analysis.
Insufficient session expiration in SourceCodester Online Boat Reservation System 1.0 allows a remote, low-privileged attacker to reuse a previously issued session token after it should have been invalidated, gaining unauthorized access to authenticated application functionality. The CWE-613 root cause indicates the application fails to properly terminate sessions on logout or timeout. A publicly available exploit demonstrates the flaw, as confirmed by a Medium writeup linked in the references.
Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. No active exploitation has been confirmed (not in CISA KEV), though a proof-of-concept is publicly available; the overall risk is low given the local-only, high-complexity attack requirements reflected in the CVSS 4.0 score of 2.0.
Symlink following in zcaceres markdownify-mcp up to version 1.1.0 allows a local low-privilege user to read files outside the intended directory boundary by exploiting insufficient path resolution in the `assertPathAllowed` function of `src/Markdownify.ts`. The function evaluates the user-supplied symbolic path rather than its canonicalized target, enabling an attacker to bypass the path restriction check and disclose arbitrary local files. No public exploit code exists at time of analysis, the vulnerability is not listed in CISA KEV, and a fix is pending as an unmerged pull request.
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
Partial string comparison in BettaFish's InsightEngine deduplication logic (versions up to 1.2.1) allows remote unauthenticated attackers to manipulate search-result deduplication by crafting inputs that exploit the flawed comparison in `_deduplicate_results` within `InsightEngine/agent.py`. The integrity impact is limited - attackers can cause duplicate or otherwise manipulated entries to persist in search output - but the attack requires no authentication and no user interaction, and a public proof-of-concept exploit exists. No active exploitation has been confirmed by CISA KEV; a fix pull request (PR #689) has been submitted but not yet merged.
State corruption in HdrHistogram up to version 2.2.2 allows a local, low-privileged attacker to manipulate the Count argument of the recordValueWithCount function in AbstractHistogram.java, resulting in low-integrity corruption of histogram state. The flaw affects the core metrics-recording logic of this Java library. A proof-of-concept exploit has been publicly disclosed; the project maintainer was notified via a GitHub issue but has not yet responded with a fix, leaving affected deployments without a vendor patch.
Incorrect comparison in HdrHistogram's DoubleHistogram.recordValue() range check allows a local, low-privileged attacker to manipulate histogram integrity by recording out-of-range values that bypass the bounds check. Versions up to and including 2.2.2 are affected. No public exploit identified at time of analysis - publicly available exploit code exists, and the project maintainer has not responded to the responsible disclosure, leaving the vulnerability unpatched.
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in ONNX versions up to 1.21.x exposes limited memory contents to low-privileged remote attackers via the convPoolShapeInference_opset19 shape inference function. The CVSS 4.0 score of 2.1 reflects minimal real-world impact - confidentiality-only, low severity - yet a public proof-of-concept is available via GitHub issue #8036. No active exploitation has been confirmed by CISA KEV, and an upstream patch exists at commit a7bf3a0f1d18bb62575236ef6e4944980c40e045 via PR #8051.
Weak session hash generation in ForceInjection AI-fundermentals 2.0 and 3.0 exposes conversation history belonging to other users in shared deployments. The `get_conversation_history` function in the Memory Recall Handler generates `sessionowner` tokens using a cryptographically weak hash algorithm (CWE-328), allowing a low-privileged authenticated attacker to predict or brute-force another user's session identifier and retrieve their prior conversation records. A publicly available exploit exists per GitHub issue #17 and the CVSS 4.0 E:P modifier, though the high attack complexity (AC:H) and low overall score of 2.3 indicate exploitation is difficult and impact is limited to partial confidentiality loss - no integrity or availability impact is present.
Divide-by-zero in RT-Thread's lightweight process (lwp) syscall handler allows a low-privileged remote attacker to crash the RTOS by sending crafted read, write, or sys_ioctl system calls with malicious parameters to the affected handler in components/lwp/lwp_syscall.c. Affected versions are 5.2.2 and below. A public proof-of-concept exploit has been disclosed via GitHub issue #11429, though this vulnerability has not been added to the CISA KEV catalog, suggesting exploitation remains opportunistic rather than broadly weaponized. The upstream fix exists only as a pull request (PR #11453) awaiting merge acceptance.
In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap (datalen = length + fraggap). When fraggap is non-zero, this is not the first skb and transhdrlen is zero. The fraggap bytes carried over from the previous skb are copied just past the fragment headers in the new skb's linear area. The linear area is therefore undersized by fraggap bytes while pagedlen is overstated by the same amount, and the copy writes past skb->end into the trailing skb_shared_info. An unprivileged user can trigger this via a UDPv6 socket using MSG_MORE together with MSG_SPLICE_PAGES. The bad accounting was introduced by commit 773ba4fe9104 ("ipv6: avoid partial copy for zc"). Before commit ce650a166335 ("udp6: Fix __ip6_append_data()'s handling of MSG_SPLICE_PAGES"), the negative copy value caused -EINVAL to be returned. That later commit allowed MSG_SPLICE_PAGES to proceed in this case, making the corruption triggerable. The non-paged branch sets alloclen to fraglen, which already accounts for fraggap because datalen does. Bring the paged branch in line by adding fraggap to alloclen and subtracting it from pagedlen. After this adjustment, copy no longer collapses to -fraggap on the paged path, so remove the stale comment describing that old arithmetic. Since a negative copy is no longer expected for a valid MSG_SPLICE_PAGES case, remove the MSG_SPLICE_PAGES exception from the negative copy check.
In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unix_schedule_gc() unix_schedule_gc() `- if (!gc_in_progress) `- if (!gc_in_progress) |- gc_in_progress = true | `- queue_work() | unix_gc() <----------------/ | | |- gc_in_progress = true ... `- queue_work() | | `- gc_in_progress = false | | unix_gc() <---------------------------------------------' | ... /* gc_in_progress == false */ | `- gc_in_progress = false unix_peek_fpl() relies on gc_in_progress not to confuse GC by MSG_PEEK. Let's set gc_in_progress to true in unix_gc().
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change (PSC) requests _rely_ on this behavior, as the guest can't provide a length when making the request, i.e. the size of the guest payload is bounded by the size of the shared buffer. Failure to force usage of the GHCB, and a slew of other flaws, lets a malicious SNP guest corrupt host kernel heap memory, and leak host heap layout information. setup_vmgexit_scratch() allocates a buffer via kvzalloc(exit_info_2), where exit_info_2 is guest-controlled. With exit_info_2=24, this yields a 24-byte allocation in kmalloc-cg-32 (32-byte slab objects). The buffer holds an 8-byte psc_hdr followed by 8-byte psc_entry structs, so only entries[0] and entries[1] are in-bounds. snp_begin_psc() validates end_entry against VMGEXIT_PSC_MAX_COUNT (253) but NOT against the actual buffer size: idx_end = hdr->end_entry; if (idx_end >= VMGEXIT_PSC_MAX_COUNT) { // checks 253, not buffer snp_complete_psc(svm, ...); return 1; } for (idx = idx_start; idx <= idx_end; idx++) { entry_start = entries[idx]; // OOB when idx >= 2 The guest sets end_entry=10+, causing the host to iterate entries[2+] which are OOB into adjacent slab objects. For each OOB entry: - The host reads 8 bytes (OOB READ / info leak oracle) - If the data passes PSC validation, __snp_complete_one_psc() writes cur_page = 1 or 512 into the entry (OOB WRITE, sev.c:3806) - If validation fails, the error response reveals whether adjacent memory is zero vs non-zero (information disclosure to guest) The guest controls allocation size (exit_info_2), entry range (cur_entry/end_entry), and can fire unlimited VMGEXITs to repeatedly hit different slab positions. By exploiting the variety of bugs, a malicious SEV-SNP guest can: - OOB read adjacent kmalloc-cg-32 objects (heap layout disclosure) - OOB write cur_page bits into adjacent objects (heap corruption) - Trigger use-after-free conditions across VMGEXITs E.g. with KASAN enabled, a single insmod of the PoC guest module produces 73 KASAN reports: BUG: KASAN: slab-out-of-bounds in snp_begin_psc+0x126/0x890 Read of size 8 at addr ffff888219ffb5e0 by task qemu-system-x86/2199 BUG: KASAN: slab-out-of-bounds in snp_begin_psc+0x468/0x890 Write of size 8 at addr ffff888351566648 by task qemu-system-x86/2199 The buggy address belongs to the object at ffff888XXXXXXXXX which belongs to the cache kmalloc-cg-32 of size 32 The buggy address is located N bytes to the right of allocated 32-byte region [ffff888XXXXXXXXX, ffff888XXXXXXXXX) Breakdown: 62 slab-out-of-bounds (reads + writes past allocation) 7 slab-use-after-free 4 use-after-free All credit to Stan for the wonderful description and reproducer! [sean: write changelog]
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.
Protection mechanism failure in NousResearch hermes-agent (≤ 0.15.2) allows remote authenticated attackers to bypass shell execution controls via the shell.exec function in tui_gateway/server.py, resulting in low-level confidentiality, integrity, and availability impact. The vulnerability is classified under CWE-693 and carries a CVSS 4.0 score of 5.3 (Medium), with a publicly available proof-of-concept exploit hosted on GitHub. No patch has been issued - the vendor did not respond to the researcher's disclosure - meaning all deployments of hermes-agent up to and including version 0.15.2 remain exposed.
Session data exposure in FederatedAI FATE's OSX Broker gRPC component allows an authenticated federated party to manipulate session routing arguments and access data belonging to a different federated session. Affected versions extend through FATE 2.2.0, specifically in the QueuePushReqStreamObserver.initEggroll method within the Java-based OSX Broker. No public exploit confirmed active exploitation (not in CISA KEV), though exploit code has been publicly disclosed via a GitHub issue, and the CVSS 4.0 score of 2.3 reflects the high attack complexity and limited confidentiality impact.
PHP file inclusion in PHPIPAM allows authenticated API users to include and execute arbitrary PHP files from the web server's filesystem, with primary impact on application confidentiality through exposure of sensitive configuration data. Exploitation is gated behind two non-default conditions: the REST API must be deliberately enabled by an administrator, and the attacker must hold valid API credentials - constraining the realistic attack surface substantially. Publicly available exploit code exists per Project Black's research blog, though the vulnerability carries a CVSS 4.0 score of 2.3 and is absent from CISA KEV, reflecting its narrow exploitation prerequisites rather than widespread threat activity.
Local privilege escalation in Unity Parsec for Windows (all builds through v2026-05-04.0) lets an unprivileged local user coerce an instance of parsecd.exe to run as NT AUTHORITY\SYSTEM while honoring a user-controlled AppData environment variable, allowing the attacker to redirect the privileged process to resources under their control and gain SYSTEM. The flaw is a CWE-648 misuse of privileged APIs; publicly available exploit code exists (a dedicated CVE GitHub repository and a researcher write-up), and it is fixed in Parsec for Windows 150-104a. It is not listed in CISA KEV and no EPSS score was supplied, so there is no evidence of widespread active exploitation.
Case-sensitivity bypass in NousResearch hermes-agent through version 2026.4.30 allows authenticated remote attackers to leak limited reasoning content that should have been scrubbed by the Streaming Reasoning Tag Filter. The vulnerability resides in `GatewayStreamConsumer._filter_and_accumulate` within `gateway/stream_consumer.py`, where tag matching fails to account for case variations, permitting reasoning tokens to escape filtration. A public proof-of-concept exploit has been disclosed; however, the vendor has formally declined to issue a patch, classifying the maintenance cost as disproportionate to the assessed risk.
Information disclosure in DeepMyst Mysti's Per-Project Auto-Memory Handler allows low-privileged remote attackers to expose resources by supplying a manipulated workspacePath argument to the initProjectMemory function in src/managers/MemoryManager.ts. EUVD-2026-41610 confirms versions 0.1 through 0.4.0 are affected. No active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; the CVSS 4.0 score of 5.3 reflects a limited, confidentiality-only impact with no integrity or availability consequences.
Cross-repository information disclosure and cross-task tampering in Gitea's self-hosted Git server (fixed in v1.26.2) arises from an HMAC signature ambiguity in the Actions Artifacts V4 signed-URL scheme, letting an authenticated low-privilege user reuse a validly signed URL outside its intended repository or task context. An attacker with access to a single Actions task can read private artifacts belonging to other repositories and write upload-state for tasks they do not own, crossing the repository trust boundary (CVSS 9.6, scope-changed). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Information disclosure in Gitea Open Source Git Server (through 1.26.2) allows a user whose repository access has been revoked to continue viewing private issue metadata via the Notification API, because notification records are not purged or re-authorized when permissions change. The CVSS 3.1 base score is 7.5 (C:H) and the vendor (Gitea) fixed it in 1.26.3/1.26.4. No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating limited near-term exploitation likelihood.
Information disclosure in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based attackers to expose sensitive browser data through a use-after-resource condition (CWE-672). Exploitation requires user interaction and high attack complexity, but the changed scope (S:C) indicates the flaw breaches browser isolation boundaries, yielding high confidentiality impact. No public exploit or active exploitation has been identified at time of analysis; vendor patch is available from Microsoft MSRC.
Information disclosure in Microsoft Edge for Android (Chromium-based) allows a network-based attacker to expose a victim's private personal information, but only after luring the user into interacting with attacker-controlled content (UI:R). The flaw carries a CVSS 7.1 rating driven by high confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor patch is available via Microsoft's MSRC update guide.
Information disclosure in Microsoft Edge for Android allows a remote unauthenticated attacker to exfiltrate private personal information over the network when a victim interacts with attacker-controlled content. The flaw carries a CVSS 7.1 with high confidentiality impact and stems from private data being exposed to an unauthorized actor (CWE-359); Microsoft has released a fix. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Information disclosure in Microsoft Edge (Chromium-based) lets a remote attacker read sensitive data by abusing improper symbolic/link resolution (CWE-59) when a victim interacts with attacker-controlled content. Exploitation requires user interaction (UI:R) but no authentication (PR:N), and the scope-changed impact (S:C) indicates data is exposed beyond the browser's own security boundary. Microsoft has released a fix; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 expose sensitive information to unauthorized network actors, enabling spoofing attacks against users who interact with attacker-controlled content. The vulnerability maps to CWE-200, indicating that browser-internal sensitive data (likely origin, URL, or session context) is improperly disclosed across a network boundary, allowing an attacker to impersonate trusted content or identities. No public exploit code or CISA KEV listing exists at time of analysis; however, the CVSS score of 6.5 with a network attack vector and no privilege requirement underscores meaningful real-world risk for any unpatched Edge deployment.
Race condition in Microsoft Edge (Chromium-based) permits a locally authenticated, low-privileged attacker to disclose information beyond the intended security boundary, with the CVSS scope change (S:C) indicating impact can extend outside the directly vulnerable component - potentially across process or sandbox boundaries within the browser. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, placing it in a lower operational priority tier despite the scope change. Microsoft has released a patch via the MSRC advisory.
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.
Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.
Gitea 1.26.2 allows unauthorized users to access labels of private organizations.
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.
TOTP two-factor authentication replay in Gitea 1.5.0 through 1.26.2 lets a captured valid one-time code be accepted multiple times instead of being invalidated after first use, weakening 2FA on both the web login flow and the Basic Auth X-Gitea-OTP header path. An attacker who observes a legitimate TOTP code (via interception, shoulder-surfing, or logging) can replay it within its validity window to authenticate as the victim. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in Gitea 1.26.3.
Session fixation in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to pre-set a known session identifier in a victim's browser, then hijack the authenticated session after the victim logs in. The CVSS 4.0 score of 2.9 reflects limited impact scope (low confidentiality, integrity, and availability) combined with high attack complexity, though a public exploit has been released (E:P). No CISA KEV listing indicates no confirmed widespread active exploitation at time of analysis.
Double-free heap corruption in Open Asset Import Library (Assimp) through version 6.0.4 allows remote low-privileged attackers to corrupt process memory by supplying a maliciously crafted PLY 3D model file to the ExportToBlob function in the PLY Model Handler. A publicly available proof-of-concept exploit was disclosed alongside the report. The CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality, integrity, and availability impact on the vulnerable system, though CWE-415 double-free conditions in C++ libraries carry latent potential for escalated impact depending on memory layout and heap state at runtime.
Unauthorized child group disclosure in Red Hat Build of Keycloak's Fine-Grained Admin Permissions v2 (FGAP v2) exposes group names, paths, and custom attributes to delegated administrators who lack direct authorization over those child groups. When FGAP v2 is enabled and a delegated admin queries child groups through a parent group endpoint, the system omits the required per-permission filter, returning records that should be outside the caller's scope. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, placing it in the category of a low-severity information disclosure risk that is nonetheless significant in multi-tenant IAM environments where group attribute confidentiality matters.
Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse outside intended file paths and read arbitrary files, resulting in information disclosure. Multiple version branches are affected, including the current mainstream 8.7 release, LTS2026 builds through 8.6.1.10, LTS2025 builds through 8.3.1.30, and LTS2024 builds through 7.13.1.70. Dell published advisory DSA-2026-278 addressing this issue; no public exploit code or active exploitation has been identified at time of analysis.
Information exposure in Dell PowerProtect Data Domain across multiple release tracks allows a low-privileged local attacker to read sensitive residual data via an uninitialized memory resource (CWE-908). The flaw spans the mainline 7.7.1.0-8.7 branch and three LTS tracks (LTS2024, LTS2025, LTS2026), confirmed by Dell via advisory DSA-2026-278. No public exploit code exists and no active exploitation has been identified; the CVSS 3.3 score and local-only attack vector place this firmly in the low-severity tier.
Out-of-bounds heap read in the Net::IP::LPM Perl module (all versions through 1.10) is triggered when an application passes an oversized CIDR prefix length (e.g. add("1.2.3.4/255") or a /255 IPv6 prefix) to the trie builder, which walks the packed address buffer by the attacker-supplied bit count without validating it against the 32-bit/128-bit address width. The read runs at most ~32 bytes past a 4- or 16-byte buffer and its contents are never returned through the module's API, so real-world impact is limited to a possible process abort under AddressSanitizer, valgrind, or a hardened allocator. No public exploit identified at time of analysis; EPSS is low (0.23%, 13th percentile) and SSVC lists exploitation status as none.
Dell PowerProtect Data Domain exposes sensitive file content to high-privileged local attackers through a symlink-following flaw (CWE-59), where the application fails to validate link targets before file access. Affected versions span multiple release trains including the current 8.x mainline and LTS branches. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Sensitive information disclosure in Dell PowerProtect Data Domain exposes credentials or configuration data to local low-privileged attackers via insufficiently protected log files. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, with specific LTS branches also impacted. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact (C:H) warrants prompt patching on any appliance accessible to untrusted local users or shared administrative accounts.
Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory contents and crash the service across multiple concurrent release trains. Affected versions span the mainline (7.7.1.0-8.7), LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches, creating broad organizational exposure for enterprises running any supported Data Domain release. No public exploit or confirmed active exploitation has been identified at time of analysis; the mandatory high-privilege prerequisite substantially constrains the realistic attacker pool.
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. With a CVSS base score of 2.7 (Low) and no confirmed active exploitation or public proof-of-concept, real-world impact is constrained by the high privilege requirement and the limited integrity-only scope of the vulnerability.
Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files outside restricted directories, resulting in information disclosure. Affected deployments span multiple release trains - standard releases 7.7.1.0 through 8.6, LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70. No public exploit identified at time of analysis; the low CVSS score of 2.3 correctly reflects the high privilege and local access prerequisites that substantially constrain real-world exploitation scope.
Cross-site WebSocket hijacking in Eclipse Theia's browser backend (versions 1.8.1 and later) lets a foreign-origin web page reach the unauthenticated /services shell-terminal RPC namespace and execute arbitrary OS commands on the victim's host. The flaw stems from fail-open Origin validation in @theia/core combined with a client-controllable fix-origin header, so simply luring a developer running Theia to a malicious site yields remote code execution. There is no public exploit identified at time of analysis, and CVSS is rated 8.8 (High) driven by the user-interaction-only barrier.
Local File Inclusion in the RTMKit (rometheme-for-elementor) plugin for WordPress versions up to and including 2.0.7 allows authenticated attackers with Contributor-level access to include and execute arbitrary PHP code on the server. The render_templates AJAX endpoint passes the unsanitized 'template' parameter directly into a PHP require/include statement, restricted only to files ending in _templates.php. Wordfence reported this vulnerability; no public exploit code or CISA KEV listing is present at time of analysis.
Physical-access authentication bypass in Dell Client Platform BIOS (CWE-305) affects a sweeping range of Dell consumer, gaming, and enterprise platforms - including Inspiron, Alienware, Latitude, OptiPlex, and Precision lines. An unauthenticated attacker with physical access and the ability to meet high-complexity attack conditions can bypass the primary BIOS authentication mechanism, resulting in information disclosure and, per the CVSS integrity metric (I:H), potential high-integrity impact. Notably, the declared impact in the description is limited to 'Information Disclosure' while the supplied CVSS vector assigns I:H, a discrepancy that warrants clarification from Dell's advisory DSA-2026-195. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog.
Cleartext storage of sensitive parameters in Puppet's resource_api module (versions 1.5.0-1.9.1 and 2.0.0) causes passwords and other credential values to persist unmasked in the Puppet agent's local transaction state cache. The sensitive flag - intended to prevent exactly this exposure - is silently dropped during resource_api parameter processing, meaning any resource type built on this API and declaring sensitive parameters leaks those values to the cache filesystem. No public exploit exists and this is not listed in CISA KEV, but the confidentiality impact is high for environments where Puppet manages secrets such as database passwords or API tokens.
Improper export of Android application components in the ASUS Router App enables any co-installed third-party application on the same Android device to send a crafted Intent that forces the ASUS Router App to navigate to an attacker-specified URL. The flaw, classified as CWE-926, allows an attacker-controlled application to abuse the exposed component as an open redirect, potentially rendering phishing content or harvesting router management credentials within the app's trusted interface context. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
CVE-2026-49838 is a vulnerability reported by Ubuntu with no description, CVSS score, CWE classification, or technical detail available at time of analysis. The CVE identifier falls in the 2026 range, suggesting this may be a recently reserved or embargoed entry. No impact, affected component, or exploitation vector can be determined from the provided data.
Unauthenticated public listing of an Azure Blob Storage container exposes device log files across the entire Gardyn smart garden fleet to any internet-accessible actor. The misconfiguration affects all versions of Gardyn Home Firmware, Gardyn Studio Firmware, and the Gardyn Cloud API, meaning no specific patched version bounds the exposure - it is architectural rather than release-specific. Reported via ICS-CERT advisory ICSA-26-183-03, no confirmed active exploitation (CISA KEV) and no public exploit code have been identified at time of analysis, though exploitation requires zero technical prerequisites beyond internet access and knowledge of the container URL.
Denial of service in pdfcpu (the Go PDF processing library and CLI) through v0.11.1 lets a remote attacker crash any application that parses attacker-supplied PDFs by submitting a document with deeply nested objects. The parser follows nested arrays recursively via ParseObjectContext() and parseArray() with no depth cap, so a crafted file exhausts the goroutine stack and aborts the process. No public exploit is identified at time of analysis and EPSS is low (0.17%, 7th percentile), consistent with an availability-only bug rather than a code-execution risk.
HTTP request smuggling in Ruby's WEBrick HTTP server through v1.9.2 allows remote attackers to desynchronize front-end/back-end request parsing by exploiting how WEBrick reparses a Content-Length value supplied in chunked trailers back into the canonical request state. Any deployment fronting WEBrick with a proxy, load balancer, or CDN that disagrees on message length can have requests smuggled past it, enabling request routing manipulation and information disclosure. Publicly available exploit code exists (SSVC exploitation status: poc), though EPSS remains low at 0.16% and it is not on CISA KEV.
Authentication-bypass leading to remote code execution in 9router (npm package 9router) lets attackers reach spawn-capable MCP routes that were meant to be loopback-only. This is an incomplete fix for CVE-2026-46339: the local-only gate in src/dashboardGuard.js decides 'local' from attacker-controllable Host and Origin headers instead of the TCP source address, so any proxied or tunneled (Cloudflare Tunnel / Tailscale) deployment can be tricked into treating remote requests as local. Combined with the deterministic, machine-ID-derived CLI token, a remote attacker can inject JSON-RPC into MCP child processes (node, python, npx, etc.) and execute code on the host; no public exploit identified at time of analysis, though detailed reproduction steps are published in the vendor advisory.
Arbitrary file read in GravitLauncher LaunchServer ≤ 5.7.11 lets an unauthenticated remote attacker retrieve any file readable by the server process via a path-traversal in the default-enabled HTTP file server on port 9274. Because the exposed files include the ECDSA key that signs access JWTs (.keys/ecdsa_id), the refresh-token salt, and database credentials, the flaw escalates from information disclosure to a full authentication bypass allowing forged admin tokens. Publicly available exploit code exists (a raw-socket PoC in the advisory); the issue is not listed in CISA KEV and no active exploitation is confirmed.
Source-code disclosure in the Algernon web/application server (Go, xyproto/algernon, tested at v1.17.8) lets an unauthenticated remote client retrieve the raw source of any public-path server-side script on Windows hosts by appending an NTFS-equivalent suffix (::$DATA, a trailing dot, or a trailing space) to the URL. Because filepath.Ext() does an exact suffix match, these forms are not recognized as .lua/.tl/.po2/.amber/.frm and fall through to the raw-file branch, while NTFS canonicalizes the name back to the real script, exposing embedded database credentials and the SetCookieSecret value used to forge session cookies. Publicly available exploit code exists (full PoC in the GitHub advisory); no public exploit identified as actively exploited and this is not in CISA KEV.
Unbounded memory exhaustion in zebrad's mempool download pipeline allows unauthenticated remote peers to crash Zcash full nodes by sustaining P2P transaction traffic. The root cause is that timed-out verification tasks never remove their entries from the `cancel_handles` map because `tokio::time::error::Elapsed` carries no payload, making the transaction ID unrecoverable at the timeout arm of `Downloads::poll_next()`. All nodes running zebrad up to v4.4.1 with default configuration are affected, and a working end-to-end reproduction exists on a live regtest network. No patch has been released at time of analysis; the only recovery action is a node restart.
Persistent RocksDB state corruption in zebrad up to v4.4.1 arises from an asymmetric cleanup bug in the non-finalized chain fork handler: `pop_tip` omits the Sapling and Orchard note commitment subtree root cleanup that `pop_root` correctly performs, causing stale subtree root entries to survive in memory and be flushed to disk during subsequent chain finalization. The corrupted subtree root history survives node restarts and is served to downstream consumers of `z_getsubtreesbyindex` - primarily `lightwalletd` and light wallets - causing wallet synchronization failures or incorrect wallet state that requires a full database rebuild to recover. No public exploit is identified at time of analysis and this vulnerability is not listed in CISA KEV; the risk is passive silent corruption accumulating on all unpatched nodes during routine chain fork events rather than adversarial exploitation.
Authentication bypass via hard-coded default credentials in AutoBangumi before 3.2.8 lets unauthenticated remote attackers log in as administrator using publicly known credentials that the application seeds at startup via add_default_user() whenever the users table is empty. Successful login grants full control over RSS feed and downloader configuration and every authenticated API endpoint (CVSS 4.0 9.3). No public exploit identified at time of analysis, but the credentials are public and exploitation is trivial against any un-upgraded, freshly-initialized instance.
Remote denial-of-service in Zebra (zebrad ≤ v4.4.1), the Zcash Foundation's Rust node, lets an unauthenticated P2P peer permanently stall a targeted node at a chosen block height. By exploiting ZIP-244 transaction malleability, an attacker crafts a poisoned block body sharing the same header hash as a valid canonical block; Zebra caches the hash before validation and never evicts it on failure, so the legitimate block is later rejected as a duplicate. This is a real availability threat against default configurations, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was independently reproduced end-to-end by two researchers.
Plaintext recovery of webflow conversation state in Apereo CAS (versions 7.3.0 up to but not including 8.0.0-RC6) lets remote unauthenticated attackers decrypt sensitive login-flow data by exploiting AES-GCM nonce reuse. Because the server encrypts client-side webflow execution tokens with a fixed all-zero initialization vector under a single long-lived key, an attacker can harvest multiple tokens from the public login page and apply known-plaintext/keystream-reuse analysis to break confidentiality (and, given GCM's nonce-reuse properties, integrity of the token). Publicly available exploit code exists; the flaw was reported by VulnCheck and carries a CVSS 4.0 base of 9.3, though no CISA KEV listing or EPSS score is provided.
Authentication bypass via OIDC discovery poisoning in Dapr Sentry allows a remote unauthenticated attacker to inject an attacker-controlled issuer and jwks_uri into the /.well-known/openid-configuration document by supplying a crafted X-Forwarded-Host header. Because the endpoint honors that header without validation when no allowed-hosts list is set (the default) and caches the response publicly for one hour, relying parties that perform dynamic, unpinned OIDC discovery will fetch keys from an attacker's server and accept attacker-signed JWTs - effectively forging trusted identities. Reported by VulnCheck (CVSS 4.0 8.2); no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Pathway data-processing framework (versions through 0.31.1) lets a remote unauthenticated attacker exhaust CPU by submitting a short glob pattern packed with many ** tokens to the document store's /v1/retrieve, /v1/inputs and /v2/answer endpoints. The hand-written recursive matcher branches exponentially on each ** without memoization, so a handful of crafted requests can stall the service for tens of seconds each and deny availability. Publicly available exploit code exists and a vendor patch (commit d09722e) is available; the flaw is not listed in CISA KEV.
Process termination via crafted RPC input in zebrad (Zcash Foundation's Zcash node) up to v4.4.1 allows an authenticated network attacker to kill the entire node daemon by submitting a `getblocktemplate` RPC call with a `LongPollId` parameter containing multi-byte UTF-8 characters. The root cause is unsafe byte-index string slicing in Rust, which panics when a byte offset lands mid-character; because the release profile sets `panic = "abort"`, this immediately terminates the zebrad process rather than unwinding only the RPC task. No public exploit or active exploitation is identified at time of analysis, but the attack is trivially repeatable on restart, making it a reliable denial-of-service for mining pools and infrastructure dependent on the getblocktemplate workflow.
Unauthenticated OAuth client secret disclosure in Dragonfly Manager (dragonflyoss/dragonfly <= v2.4.3) exposes GitHub and Google OAuth client_secret values to any host that can reach the Manager REST API port. The GET /api/v1/oauth and GET /api/v1/oauth/:id handlers omit the jwt.MiddlewareFunc() and RBAC middleware enforced on every other admin route group in the same router file - including the write methods (POST, DELETE, PATCH) in the same /oauth group - and the models.Oauth struct serializes ClientSecret without redaction. A detailed proof-of-concept with captured output is included in the advisory; no CISA KEV listing is present and EPSS data is unavailable.
Denial of service in Conform's `parseSubmission` future API allows remote attackers to exhaust server CPU by submitting FormData or URLSearchParams payloads containing many unique field names. Affecting the @conform-to/dom npm package used in React/Remix form-handling stacks, the flaw stems from the parser repeatedly scanning submitted entries during name-based value lookups, producing worst-case super-linear (effectively quadratic) synchronous work per request. There is no public exploit identified at time of analysis and no CISA KEV listing; impact is availability degradation rather than data exposure, despite the input's mislabeled 'Information Disclosure' tag.
Improper cryptographic signature verification in the CubeSpace CW0057 Reaction Wheel firmware (versions prior to 5.0.20) permits an attacker with physical access to flash arbitrary, unsigned firmware onto the device without any authentication. This affects a safety-critical spacecraft attitude control component used in CubeSat and small satellite missions, where unauthorized firmware replacement could cause mission-critical failures including attitude loss or uncontrolled spacecraft behavior. A proof-of-concept exploit exists (indicated by E:P in the CVSS 4.0 supplemental vector); no active exploitation has been confirmed by CISA KEV at time of analysis.
{}` that carries no `CheckRedirect` policy. Because Go's `net/http` strips only the standard `Authorization`, `Cookie`, and `WWW-Authenticate` headers on cross-host redirects - not arbitrary custom headers - any 30x redirect issued by the configured `HubURI` causes both keys to be forwarded verbatim to the redirect destination. A proof-of-concept confirming the leak has been provided by the reporter; no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Incorrect conditional-move output in the RustCrypto `cmov` crate's aarch64 backend causes cryptographic constant-time operations to silently produce wrong results on aarch64 platforms. The inline assembly implementations of `Cmov` and `CmovEq` compare full 32-bit register contents instead of the intended narrowed type widths when evaluating conditions, because Rust's inline assembly specification explicitly leaves upper register bits undefined for inputs smaller than the register size. A proof-of-concept demonstrating the failure is included in the advisory; the vulnerability is not listed in CISA KEV and no active exploitation has been reported.
Stored cross-site scripting in the TP-Link Archer C5 v6.8 router web management interface lets an authenticated administrator inject persistent HTML/JavaScript into a user-controlled field that later executes in another administrator's browser session. The flaw affects ISP-managed firmware variants and can be leveraged for session hijacking and unauthorized modification of router configuration. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation requires existing admin access, sharply limiting real-world impact.
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Path-traversal enumeration in Erlang OTP's ssh_sftpd module allows authenticated SFTP users to determine whether arbitrary filesystem paths exist outside the configured SFTP root directory. The SSH_FXP_REALPATH handler uniquely passes Canonicalize=false to relate_file_name/3, causing dotdot traversal sequences to skip the is_within_root/2 boundary check before entering resolve_symlinks/2, which then issues read_link() syscalls on arbitrary host paths. Affected versions span OTP 17.0 through the fixed releases 29.0.3, 28.5.0.3, and 27.3.4.14; no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
Cross-tenant entry takeover in Craft CMS 5.7.0 through 5.9.20 lets a low-privileged author overwrite another user's existing entry by smuggling a numeric id through the newAttributes parameter of the bulk-duplicate element action. Because the duplication routine re-applies attacker-controlled attributes after nulling the primary key, a UPDATE is executed against the victim's row instead of an INSERT, letting the attacker rewrite the victim's title, slug, authorId, postDate, and UID. No public exploit identified at time of analysis and it is not in CISA KEV; the flaw is fixed in version 5.9.21.
Missing authentication in mcp-memory-service's HTTP REST server exposes every route under /api/documents/* without any credential check, even when the operator has enabled MCP_API_KEY or OAuth, so remote attackers can upload, read, and delete stored memories at will. Because the sibling /api/memories router correctly enforces auth (returning 401), the gap is an inconsistent, easily-discovered authentication boundary that grants full confidentiality, integrity, and availability impact. A working PoC and vendor GitHub Security Advisory (GHSA-84hp-mqvj-3p8h) exist, so publicly available exploit code exists, though no CISA KEV listing or EPSS score was provided.
Cross-site session abuse in Ubiquiti UniFi OS lets a remote attacker who lures an authenticated operator to a malicious web page ride that user's active session to perform privileged actions on the device, stemming from a permissive CORS policy that trusts untrusted origins. The flaw affects UniFi OS Server and the console firmware running on Dream Machines, Dream Routers, Dream Wall, Cloud Gateways, Cloud Keys, Enterprise Fortress Gateway, Express 7, and Network/Enterprise Video Recorders. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; success hinges on social-engineering an already-logged-in admin (CVSS 7.5, UI:R, AC:H).
Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) kernel driver GFAC_Sys_x64.sys allows an unprivileged local user to invoke privileged driver functionality because the minifilter communication port exposes its interface without proper access control. Any local account can send crafted requests through the port to reach kernel-level operations, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). A CERT/CC-coordinated advisory (VU#639124) and a public GitHub repository covering CVE-2026-12166/12167/12168 suggest exploit code is likely available, though no active exploitation is confirmed.
Privilege escalation via incorrect authorization in Progress Flowmon lets an authenticated low-privileged user abuse the PDF generation workflow to have operations executed under another user's identity, exposing sensitive data and permitting unauthorized configuration changes. It affects all Flowmon releases before 12.5.9 (12.x branch) and before 13.0.10 (13.x branch). No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 score is 8.7 (High).
Remote username enumeration in GoFiber fiber v3's default BasicAuth middleware exploits a timing side-channel caused by Go's short-circuit `&&` evaluation, producing a ~1,000,000:1 response-time ratio between valid and invalid usernames when bcrypt hashing is in use. Any GoFiber v3 application relying on the default `Authorizer` with hashed credentials is affected; an unauthenticated remote attacker can enumerate valid usernames by measuring HTTP response latency, then focus credential brute-force exclusively on confirmed accounts. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, which must be done under conn->lock. cleanup_listen() runs under the parent sk_lock, so acquiring conn->lock would invert the established conn->lock -> chan->lock -> sk_lock order. Instead of calling l2cap_chan_close() directly, schedule l2cap_chan_timeout with delay 0 to close the channel asynchronously. The timeout handler already acquires conn->lock and chan->lock in the correct order. The timer is only armed when chan->conn is still set: if it is already NULL, l2cap_conn_del() has already processed this channel (l2cap_chan_del + l2cap_sock_teardown_cb + l2cap_sock_close_cb), so there is nothing left to do. If l2cap_conn_del() races in after the timer is armed, __clear_chan_timer() inside l2cap_chan_del() cancels it; if the timer has already fired, the handler returns harmlessly because chan->conn was cleared.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from the parent accept queue and release_sock()s it before returning, so the returned sk has no caller reference and is unlocked. l2cap_sock_cleanup_listen() walks these children on listening-socket close. A concurrent HCI disconnect drives hci_rx_work -> l2cap_conn_del() which runs l2cap_chan_del() + l2cap_sock_kill() and frees the child sk and its l2cap_chan; cleanup_listen() then uses both: BUG: KASAN: slab-use-after-free in l2cap_sock_kill l2cap_sock_kill / l2cap_sock_cleanup_listen / __x64_sys_close Freed by: l2cap_conn_del -> l2cap_sock_close_cb -> l2cap_sock_kill This is distinct from the two fixes already in this area: commit e83f5e24da741 ("Bluetooth: serialize accept_q access") serialises the accept_q list/poll and takes temporary refs inside bt_accept_dequeue(), and CVE-2025-39860 serialises the userspace close()/accept() race by calling cleanup_listen() under lock_sock() in l2cap_sock_release(). Neither covers l2cap_conn_del() running from hci_rx_work, so this UAF still reproduces on current bluetooth/master. Take the reference at the source: bt_accept_dequeue() does sock_hold() while sk is still locked, before release_sock(); callers sock_put(). cleanup_listen() pins the chan with l2cap_chan_hold_unless_zero() under a brief child sk lock (serialising vs l2cap_sock_teardown_cb()), drops it before l2cap_chan_lock(), and skips a duplicate l2cap_sock_kill() on SOCK_DEAD. conn->lock is not taken here: cleanup_listen() runs under the parent sk lock and that would invert conn->lock -> chan->lock -> sk_lock (lockdep). KASAN/SMP: an unprivileged listen/close vs HCI-disconnect race produced 12 use-after-free reports per run before this change; 0, and no lockdep report, over 1600+ raced iterations after it on bluetooth/master.
Unauthenticated sensitive data exposure in the Kit (formerly ConvertKit) for WooCommerce WordPress plugin versions 2.1.5 and below allows remote unauthenticated attackers to access sensitive information without any credentials or user interaction. The vulnerability is classified under CWE-497, indicating the plugin inadvertently surfaces system or application-level sensitive data to an unauthorized control sphere - likely including API keys, subscriber data, or configuration secrets tied to the Kit email marketing integration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Local File Inclusion in the SportsPress Pro WordPress plugin (versions 2.7.29 and earlier) lets an authenticated user holding at least Contributor privileges cause the application to include and disclose arbitrary local files on the server. Because the flaw is rooted in unsafe PHP file inclusion (CWE-98), a successful attacker can read sensitive files such as wp-config.php and, depending on which local files can be included, potentially escalate toward code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the finding is documented by Patchstack.
Local File Inclusion in the Shopify (Shopify Help Center) WordPress plugin through version 1.0.0 allows an authenticated user with at least Contributor privileges to include and read arbitrary local files on the server, potentially escalating to code execution via CWE-98-style file-inclusion abuse. The flaw was reported by Patchstack and carries a CVSS 7.5 rating driven by high confidentiality, integrity, and availability impact but with high attack complexity. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Broken authentication in VillaTheme's ALD - Dropshipping and Fulfillment for AliExpress and WooCommerce (all versions up to and including 2.2.0) permits remote unauthenticated attackers to bypass authentication controls under high-complexity conditions, yielding limited read and write access to protected plugin functionality. Assigned CVSS 3.1 score of 4.8 with AV:N/AC:H/PR:N, the high attack complexity signals that exploitation requires specific preconditions rather than a trivial request. No public exploit code or active exploitation has been identified at time of analysis, and CISA KEV listing is absent.
Sensitive subscriber data exposure in the Hotel Booking Lite WordPress plugin (versions 6.0.3 and earlier) allows authenticated low-privileged users to access confidential booking or guest information they should not be authorized to view. The vulnerability, classified under CWE-201, involves the plugin including sensitive data in API responses or rendered output accessible to subscriber-level WordPress accounts. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact and low barrier to exploitation (only a subscriber account required) make patching a priority for any hospitality operator running this plugin.