Information Disclosure

Maliciously crafted media files containing out-of-bounds memory access in Apple's audio processing can crash affected applications across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. An attacker can trigger a denial of service by triggering the vulnerability through a specially crafted audio stream, though no patch is currently available. This impacts multiple recent OS versions where an out-of-bounds read occurs during media file processing.

A privacy vulnerability in macOS Tahoe allows applications to access sensitive user data that should have been protected through proper data isolation. The vulnerability affects macOS versions prior to 26.4, where sensitive data was not adequately segregated from application access. An attacker or malicious application could exploit this flaw to read protected user information without proper authorization, representing a direct information disclosure risk.

A privacy vulnerability in Apple's operating systems allows third-party applications to enumerate a user's installed applications, resulting in unauthorized information disclosure about device software inventory. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sonoma prior to 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4 across all affected product lines. An attacker can exploit this vulnerability by crafting a malicious application that leverages the enumeration capability to profile a user's installed software, potentially enabling further targeted attacks or privacy inference attacks based on application usage patterns.

This vulnerability is a privacy issue in Apple macOS where improved private data redaction for log entries was not properly implemented, allowing applications to potentially access user-sensitive data that should have been redacted. The vulnerability affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, with no public indicators of active exploitation or proof-of-concept code. While CVSS and EPSS scores are unavailable, the nature of the issue suggests moderate real-world risk due to its reliance on application-level exploitation requiring user interaction or system access.

macOS systems running Sequoia 15.7.4 or earlier, Sonoma 14.8.4 or earlier, and Tahoe 26.3 or earlier contain a use-after-free vulnerability in SMB share handling that could allow an attacker to crash the operating system by mounting a specially crafted network share. The vulnerability requires user interaction to mount the malicious share and results in denial of service rather than code execution or data compromise. No patch is currently available for this vulnerability.

A sandbox escape vulnerability in Apple's WebKit browser engine allows malicious websites to process restricted web content outside the security sandbox, potentially enabling unauthorized access to protected system resources. The vulnerability affects Safari and all Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has addressed this issue through improved memory handling in Safari 26.4 and corresponding OS updates across all affected platforms.

Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, or Tahoe 26.3 and earlier are vulnerable to a race condition in application state handling that allows local attackers to trigger unexpected system termination and cause denial of service. The vulnerability requires specific timing conditions but does not require user interaction or elevated privileges to exploit. Apple has released patches for affected versions, though exploitation likelihood remains low.

A permissions issue across Apple's ecosystem allows applications to fingerprint users by accessing information that should be restricted. The vulnerability affects iOS and iPadOS versions prior to 26.4, tvOS prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4. Attackers can exploit this by deploying a malicious app that leverages inadequate permission restrictions to collect device and user identifiers for tracking and profiling purposes. The issue has been addressed by Apple through additional permission restrictions in the patched versions, indicating this is a known vulnerability with an available fix.

A sandbox escape vulnerability in macOS allows malicious applications to break out of their sandbox restrictions through a permissions issue. This affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An attacker who distributes a malicious app could potentially gain unauthorized access to system resources and user data that should be protected by the sandbox security boundary.

Sandboxed processes on Apple macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can escape sandbox isolation due to a race condition in state handling, allowing local attackers to bypass security restrictions and potentially execute arbitrary operations with elevated privileges. No patch is currently available for affected systems. The vulnerability requires local access and specific timing conditions but carries high impact across confidentiality, integrity, and availability.

A downgrade vulnerability affecting Intel-based Mac computers allows malicious applications to bypass code-signing restrictions and access user-sensitive data. The vulnerability impacts macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), macOS Tahoe (versions before 26.3 and 26.4), and affects all Intel-based Mac systems running vulnerable versions. An attacker can craft an application that exploits insufficient code-signing validation to downgrade security protections and exfiltrate sensitive user information.

An information disclosure vulnerability in macOS allows applications to determine kernel memory layout through improper memory management, enabling potential attacks that rely on kernel address space layout randomization (KASLR) bypass. This issue affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). An unprivileged application can exploit this to leak kernel memory addresses, which is a critical prerequisite for more sophisticated kernel exploitation attacks. No CVSS score, EPSS probability, or evidence of active exploitation in CISA KEV catalog has been published, though the vulnerability was patched by Apple across three major OS versions, suggesting it was discovered through responsible disclosure rather than in-the-wild exploitation.

A logic error in Apple's script message handler implementation allows malicious websites to access script message handlers intended for other origins, resulting in unauthorized cross-origin information disclosure. This vulnerability affects Safari 26.4 and earlier, iOS/iPadOS 18.7.7 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker can craft a malicious website that exploits improper state management in the message handler routing mechanism to intercept sensitive data intended for legitimate web applications, potentially exposing authentication tokens, user data, or other confidential information passed through script messaging interfaces.

This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.

An information disclosure vulnerability in macOS Tahoe allows applications to access sensitive user data through insufficient access controls. The vulnerability affects all versions of macOS prior to version 26.4, where the flaw was remediated through improved permission checking mechanisms. While specific technical details are limited, the vulnerability enables malicious or compromised applications to bypass privacy protections and exfiltrate user information.

An authorization bypass vulnerability in Apple's operating systems allows third-party applications to access sensitive user data through improper state management during authorization checks. The vulnerability affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier across multiple Apple devices and platforms. An attacker can exploit this by crafting a malicious application that circumvents authorization controls to read protected user information without explicit user consent. No CVSS score, EPSS probability, or active exploitation status has been disclosed by Apple, though the vulnerability spans all major Apple operating systems indicating broad platform impact.

An information disclosure vulnerability in Apple's operating systems allows applications to enumerate a user's installed apps without proper authorization. This affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS versions prior to 26.4. An attacker can distribute a malicious app that queries the system to discover what applications a user has installed, potentially enabling targeted attacks or privacy violations. No CVSS score, EPSS data, or known public exploits are currently documented, but the vulnerability has been fixed across all Apple platforms, indicating Apple assessed this as requiring immediate remediation.

Remote attackers can trigger denial-of-service conditions against multiple Apple operating systems (iOS, iPadOS, macOS variants) through network requests that bypass insufficient input validation. The vulnerability affects iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. No patch is currently available for this high-severity vulnerability with a 7.5 CVSS score.

This vulnerability affects Apple's Safari browser and related Apple operating systems (iOS, iPadOS, macOS Tahoe, and visionOS) due to improper memory handling when processing maliciously crafted web content. The flaw can lead to unexpected process crashes, resulting in a denial of service condition affecting all users of the impacted Safari versions and OS versions below 26.4. While no CVSS score or EPSS data is currently published, the vulnerability has been patched by Apple, suggesting it was discovered through internal security review or responsible disclosure rather than active exploitation.

An information leakage vulnerability affecting Apple's operating systems across multiple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) allows third-party applications to access sensitive user data through insufficient validation mechanisms. The vulnerability impacts all versions prior to the 26.4 release across affected platforms, enabling malicious or compromised applications to bypass access controls and exfiltrate private user information. While no CVSS score, EPSS data, or active exploitation in the wild has been publicly disclosed, the breadth of affected platforms and the fundamental nature of information disclosure vulnerabilities suggest moderate to significant real-world risk.

An authorization flaw in macOS allows applications to bypass state management controls and access sensitive user data without proper authorization. The vulnerability affects macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. While no CVSS score, EPSS data, or public exploit code is currently available, Apple has silently patched this issue across three major macOS versions, suggesting it posed a meaningful risk to user privacy and data confidentiality.

Protected system files on macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can be deleted by attackers with root privileges due to improper state management. This integrity-impacting vulnerability affects administrators and privileged users who could leverage elevated access to remove critical system components. No patch is currently available for this medium-severity issue.

A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.

A privacy vulnerability in macOS Tahoe allows documents to be inadvertently written to temporary files during print preview operations, potentially exposing sensitive information to unauthorized access. This affects macOS versions prior to 26.4. An attacker with local file system access could retrieve unencrypted documents from temporary storage, circumventing user expectations of privacy during print operations.

A logic flaw in macOS Tahoe allows local users to elevate their privileges through improved checks that were insufficient in earlier versions. This vulnerability affects macOS versions prior to 26.4 and enables privilege escalation attacks from standard user accounts to higher privilege levels. Apple has patched this issue in macOS Tahoe 26.4, and no active exploitation or public proof-of-concept code has been reported.

An authorization bypass vulnerability in macOS allows applications to access sensitive user data through improper state management. The vulnerability affects macOS Sonoma 14.8.4 and earlier versions, as well as macOS Tahoe 26.3 and earlier, enabling unprivileged apps to circumvent authorization checks and obtain restricted user information. Apple has addressed this issue through patched releases, and no public exploitation activity or proof-of-concept code has been reported at this time.

A permissions enforcement vulnerability in macOS allows applications to bypass file system protections and modify protected system files or directories through inadequate access controls. This affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). Apple has addressed the issue by removing vulnerable code, and no active exploitation or proof-of-concept has been publicly disclosed at this time.

A kernel state information disclosure vulnerability exists across Apple's entire platform ecosystem that allows a malicious application to leak sensitive kernel memory without requiring elevated privileges. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Tahoe 26.4, and tvOS, visionOS, and watchOS 26.4. An attacker can craft a specially designed app that exploits improper authentication mechanisms to access protected kernel state, potentially exposing cryptographic keys, memory addresses, or other sensitive operating system internals that could be chained with other vulnerabilities.

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, and Tahoe 26.3 and earlier contain a race condition in state handling that allows local applications to escalate privileges to root. The vulnerability stems from improper synchronization during critical operations, enabling an attacker with local access to exploit the timing window and gain elevated system privileges. Patches have been released for affected macOS versions.

A privacy vulnerability in Apple's Mail application allows the "Hide IP Address" and "Block All Remote Content" user preferences to fail inconsistently across certain mail content, potentially exposing user IP addresses and loading remote content despite explicit user configuration. This affects iOS, iPadOS, and multiple macOS versions. While no CVSS score or EPSS data is currently available and there is no indication of active exploitation in the wild (KEV status not listed), the vulnerability represents a direct circumvention of privacy controls that users explicitly enable to protect their identity and security posture.

A logic issue in macOS Tahoe allows a malicious application to escape its sandbox and execute code outside of the restricted security boundary. This vulnerability affects macOS versions prior to 26.4 and represents a critical sandbox bypass that could enable arbitrary code execution with elevated privileges. While no CVSS score or active exploitation data is currently available, the sandbox escape capability makes this a high-priority patch for all affected macOS users.

A privacy vulnerability in macOS allows applications to access sensitive user data through improper handling of temporary files. The issue affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.4), and macOS Tahoe (versions prior to 26.3). An unprivileged application could exploit weak temporary file protections to read or manipulate sensitive data, though no active exploitation in the wild or public proof-of-concept has been confirmed at this time.

An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

The Ech0 application exposes an unauthenticated API endpoint GET /api/allusers that returns a complete list of user records including usernames, email addresses, and account metadata without requiring authentication. This allows remote attackers to enumerate all system users and gather profile information for reconnaissance and targeted attacks. A working proof-of-concept exists demonstrating the vulnerability, and a patch is available in version 4.2.0.

NATS.io nats-server versions prior to v2.12.6 and v2.11.15 expose MQTT user passwords through unsecured monitoring endpoints. The vulnerability incorrectly classifies MQTT passwords as non-authenticating identity statements (JWT), causing them to leak via monitoring APIs accessible over the network without authentication. With a CVSS score of 8.6 and network-based attack vector requiring no privileges, this poses significant risk to credential confidentiality in MQTT deployments, though no active exploitation (KEV) or public proof-of-concept is currently documented.

This is an injection vulnerability affecting TIBCO ActiveMatrix BusinessWorks and Enterprise Administrator due to insufficient validation and sanitization of user-supplied input. The vulnerability allows attackers to disclose sensitive information including local files and host system details, and may enable manipulation of application behavior. No CVSS score, EPSS data, or active exploitation reports are currently available, but the vendor has issued a security advisory indicating patches are available.

A credential exposure vulnerability exists in NATS.io nats-server where static authentication credentials passed via command-line arguments are disclosed through the monitoring port's /debug/vars endpoint without redaction. NATS.io nats-server versions prior to 2.12.6 and 2.11.15 are affected. An attacker with network access to the monitoring port can retrieve plaintext credentials and gain unauthorized access to the messaging system, though this requires the uncommon configuration of both using command-line credentials and enabling monitoring.

NVIDIA NeMo Framework contains an insecure deserialization vulnerability (CWE-502) that allows authenticated local attackers to execute arbitrary code. The vulnerability affects NVIDIA NeMo Framework installations and can lead to code execution, privilege escalation, information disclosure, and data tampering. According to CISA's SSVC framework, there is currently no evidence of active exploitation in the wild, and the attack is not automatable, though technical impact is rated as total.

Thunderbird's mail parser fails to validate string length parameters, allowing a compromised mail server to trigger out-of-bounds memory reads through malformed email content. Affected users running versions prior to 149 and 140.9 could experience application crashes or disclosure of sensitive data from process memory. The vulnerability requires network access but no user interaction, though no patch is currently available.

NVIDIA NeMo Framework contains a remote code execution vulnerability in its checkpoint loading mechanism caused by insecure deserialization (CWE-502). Attackers with local access and low privileges can exploit this to achieve code execution, privilege escalation, information disclosure, and data tampering with high impact on confidentiality, integrity, and availability. According to SSVC framework, there is currently no observed exploitation in the wild, though the technical impact is rated as total.

A spoofing vulnerability exists in Mozilla Thunderbird that affects versions below 149 and below 140.9, allowing attackers to spoof email sources or identities. This vulnerability is classified as an information disclosure issue that could compromise email authentication and user trust. While specific CVSS and EPSS metrics are unavailable, the vulnerability warrants prompt patching as Mozilla has issued security advisories indicating active remediation efforts.

NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability.

Tenable OT contains an SSH misconfiguration that permits unauthorized disclosure of socket, port, and service information through the ostunnel user account and improper GatewayPorts settings. This vulnerability affects Tenable Operation Technology across multiple versions and allows attackers to enumerate underlying system architecture and network configuration without requiring high privileges or complex exploitation. While no CVSS score, EPSS data, or confirmed active exploitation is publicly documented, the information disclosure nature of this vulnerability enables reconnaissance for subsequent targeted attacks.

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch versions earlier than 2.6. An attacker with low privileges on an adjacent network can exploit this flaw to achieve code execution, denial of service, privilege escalation, data tampering, and information disclosure with scope change (CVSS 9.0 Critical). No KEV listing or public POC availability has been reported at this time.

NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading mechanism that allows remote code execution when a user loads a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. The attack requires local access and low privileges but no user interaction once the malicious file is loaded.

NVIDIA Megatron-LM contains an insecure deserialization vulnerability (CWE-502) during model inferencing that allows remote code execution when a user loads a maliciously crafted input file. This vulnerability has a CVSS score of 7.8 and requires local access with low privileges but no user interaction, enabling attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability affects NVIDIA's large language model training framework widely used in AI research and production environments.

NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading functionality that allows remote code execution when a user is tricked into loading a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. There is no current indication of active exploitation in CISA's KEV catalog, and EPSS data was not provided in the intelligence sources.

NVIDIA Megatron-LM contains a critical unsafe deserialization vulnerability (CWE-502) in its hybrid conversion script that allows remote code execution when a user loads a maliciously crafted file. The vulnerability affects NVIDIA Megatron-LM installations and enables attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. With a CVSS score of 7.8 and local attack vector requiring low privileges and no user interaction, this represents a significant risk for organizations using this large language model training framework.

NVIDIA Megatron LM contains an insecure deserialization vulnerability (CWE-502) in its quantization configuration loading mechanism that enables remote code execution. Attackers with local access and low privileges can exploit this flaw to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability has a CVSS score of 7.8 and affects all versions of NVIDIA Megatron LM based on available CPE data.

HCL Traveler contains a sensitive information disclosure vulnerability where error messages expose internal system details including file paths, tokens, credentials, and stack traces. This affects all versions of HCL Traveler as indicated by the CPE string, and requires authenticated access (PR:L) to exploit but can be leveraged by low-privilege users to reconnaissance the application architecture for follow-up attacks. With a CVSS score of 4.3 and confidentiality impact rated as LOW, this is a moderate information disclosure issue that lowers the bar for subsequent targeted attacks rather than directly compromising systems.

A SQL injection vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Astro's remotePatterns path enforcement contains a logic flaw where wildcard matching for /* is unanchored, allowing attackers to bypass path restrictions and access unintended resources on allowed hosts. Versions 2.10.10 through 5.18.0 are affected, enabling information disclosure through server-side image optimization endpoints and other remote fetchers. The vulnerability has been patched in version 5.18.1, and while no public exploit code or active exploitation has been reported in KEV databases, the straightforward nature of the bypass makes this a moderate to high priority for affected deployments.

Parse Server versions prior to 8.6.61 and 9.6.0-alpha.55 expose sensitive authentication credentials to authenticated users via the GET /users/me endpoint, including MFA TOTP secrets and recovery codes that should be sanitized. An attacker who obtains a valid user session token can extract these MFA secrets to bypass multi-factor authentication indefinitely and gain unauthorized access to accounts. No CVSS score or EPSS data is currently available, but the vulnerability has confirmed patches available in stable and alpha releases.

An unauthenticated remote code execution vulnerability exists in Zabbix's Frontend 'validate' action that permits blind instantiation of arbitrary PHP classes without authentication. The vulnerability affects Zabbix products across multiple versions as indicated by the CPE wildcard notation, and while the immediate impact appears limited by environment-specific constraints, successful exploitation could lead to information disclosure or arbitrary code execution depending on available PHP classes in the deployment context. No CVSS score, EPSS data, or KEV status is currently published, but the attack vector is unauthenticated and likely has low complexity, suggesting meaningful real-world risk.

Parse Server versions prior to 8.6.60 and 9.6.0-alpha.54 contain a race condition vulnerability that allows attackers to reuse single-use MFA recovery codes an unlimited number of times through concurrent login requests. An attacker with knowledge of a user's password and possession of one valid recovery code can bypass the intended single-use restriction by sending multiple authentication attempts simultaneously within milliseconds, effectively defeating the multi-factor authentication protection mechanism. This vulnerability is tracked as CWE-367 (TOCTOU race condition) and has been patched in the aforementioned versions with fixes available via pull requests 10275 and 10276.

Zabbix Server and Proxy reuse JavaScript (Duktape) execution contexts across script items, JavaScript preprocessing, and webhooks for performance optimization, allowing non-super administrators to leak sensitive data about hosts they lack authorization to access through context variable persistence. The vulnerability enables information disclosure attacks where a regular administrator can access confidential monitoring data from restricted hosts by exploiting shared JavaScript execution environments. A patch has been released that makes built-in Zabbix JavaScript objects read-only, though global variable usage remains unsafe even after remediation.

Wallos, an open-source self-hostable subscription tracker, contains an authentication bypass vulnerability in its password reset mechanism where reset tokens never expire. Versions prior to 4.7.2 are affected, allowing attackers who intercept a password reset link to use it indefinitely days, weeks, or months after generation. An attacker exploiting this vulnerability can gain unauthorized account access and potentially modify subscription data, though the CVSS score of 6.5 reflects moderate real-world risk due to the required interception precondition.

LibVNCServer versions 0.9.15 and earlier contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows malicious VNC servers to disclose sensitive information or crash client applications. The vulnerability affects any application linking against the vulnerable LibVNCServer library, with exploitation requiring a malicious VNC server that manipulates subrectangle header counts to trigger improper bounds checking in the HandleUltraZipBPP() function. A patch is available from the vendor (commit 009008e), and no active exploitation or public proof-of-concept has been reported as of the intelligence sources reviewed.

An authorization bypass vulnerability in Craft CMS allows low-privileged authenticated users to extract private asset editing metadata, including focal point data, from assets they do not have permission to view. The vulnerability affects Craft CMS versions prior to 4.17.8 and 5.9.14, where the actionImageEditor endpoint fails to perform per-asset authorization checks before returning sensitive editor context. While no CVSS score or EPSS metric is currently published, this information disclosure vulnerability enables attackers to gain unauthorized insight into restricted asset configurations.

Froxlor, a web hosting control panel, contains an injection vulnerability in its DNS zone management API that allows authenticated customers with DNS privileges to inject BIND zone file directives (such as $INCLUDE) through unvalidated content fields in LOC, RP, SSHFP, and TLSA DNS record types. Attackers can leverage this to read arbitrary world-readable files on the server, disrupt DNS services, or inject unauthorized DNS records. A proof-of-concept exploit is publicly available demonstrating file inclusion attacks, and patches have been released by the vendor in version 2.3.5.

GoDoxy versions prior to 0.27.5 contain a path traversal vulnerability in the `/api/v1/file/content` API endpoint that allows authenticated attackers to read and write arbitrary files outside the intended `config/` directory. An attacker with valid credentials can exploit this vulnerability to access sensitive files including TLS private keys, OAuth refresh tokens, and system certificates by manipulating the `filename` query parameter with `../` sequences. A proof-of-concept has been published demonstrating successful extraction of private keys, and the vulnerability carries a CVSS 6.5 score with active patch availability.

Vikunja prior to version 2.2.1 exposes webhook BasicAuth credentials in plaintext through the GET /api/v1/projects/:project/webhooks API endpoint to any user with read access to a project. While HMAC secrets are properly masked, the BasicAuth username and password fields added in a later migration lack equivalent protection, allowing read-only collaborators to steal credentials intended for authenticating webhook requests to external systems. This is a confirmed information disclosure vulnerability with a CVSS 6.5 score reflecting moderate real-world risk due to the requirement for authenticated project access.

Vikunja Desktop (Electron wrapper) versions 0.21.0 through 2.1.x contain a critical remote code execution vulnerability caused by enabled Node.js integration combined with missing navigation controls. An attacker who is a legitimate user on a shared Vikunja instance can inject a malicious hyperlink into user-generated content (task descriptions, comments, project descriptions) that, when clicked by a victim using Vikunja Desktop, causes arbitrary code execution with the victim's OS user privileges. A proof-of-concept demonstrating command execution via a simple HTML link has been documented, and the vulnerability affects all Desktop users on affected versions.

The Vikunja Desktop Electron application fails to validate or allowlist URI schemes before passing URLs from window.open() calls to shell.openExternal(), allowing attackers to invoke arbitrary local applications, open files, or trigger custom protocol handlers. Vikunja versions 0.21.0 through 2.1.x are affected, with the vulnerability patched in version 2.2.0. An attacker who can inject links with target="_blank" into user-generated content can exploit this to execute malicious actions on the victim's operating system without user awareness or explicit consent.

NGINX Open Source and NGINX Plus contain a buffer over-read or over-write vulnerability in the ngx_http_mp4_module that can lead to NGINX worker process termination or potentially remote code execution. An attacker with local access and the ability to supply a specially crafted MP4 file for processing can exploit this flaw when the mp4 directive is enabled in the configuration. The vulnerability has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability, though exploitation requires local access (AV:L) and low-level privileges (PR:L).

Integer overflow in NGINX 32-bit builds with the ngx_http_mp4_module allows local attackers to corrupt or overwrite worker process memory via specially crafted MP4 files, leading to denial of service. The vulnerability requires the mp4 directive to be enabled in the configuration and an attacker's ability to trigger MP4 file processing. No patch is currently available for affected deployments.

A boundary condition vulnerability exists in Firefox's Graphics Text component that allows information disclosure through incorrect memory handling during text rendering operations. This affects Firefox versions below 149 and Firefox ESR versions below 140.9, potentially enabling attackers to read sensitive data from adjacent memory regions. No active exploitation in the wild has been confirmed, but the vulnerability warrants prompt patching given its information disclosure impact.

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this through WebRTC signaling interactions to disclose sensitive information, though specific exploitation details remain limited in public disclosures.

Mozilla Firefox versions below 149 and Firefox ESR below 140.9 contain memory safety flaws in the JavaScript Engine that enable remote code execution and denial of service attacks without user interaction or special privileges. An unauthenticated attacker can exploit improper boundary condition handling and uninitialized memory to achieve high-impact confidentiality violations and system availability disruption. No patch is currently available.

An uninitialized memory vulnerability exists in Firefox and Firefox ESR's Graphics Canvas2D component that can lead to information disclosure. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. An attacker can exploit this by crafting malicious Canvas2D operations to read uninitialized memory contents from the graphics rendering pipeline, potentially exposing sensitive data from the browser process.

An incorrect boundary condition vulnerability exists in the Audio/Video component of Mozilla Firefox and Firefox ESR, allowing potential information disclosure through improper memory handling. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker may exploit this vulnerability to leak sensitive information from the browser process memory by triggering specific audio or video processing operations, though active exploitation status is not confirmed at this time.

An incorrect boundary condition vulnerability exists in the Graphics component of Mozilla Firefox and Firefox ESR, allowing information disclosure through improper memory access. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. An attacker can exploit this vulnerability to read sensitive information from memory by triggering the boundary condition in graphics processing operations.

An information disclosure vulnerability exists in the Widget: Cocoa component of Mozilla Firefox and Firefox ESR, allowing attackers to access sensitive information through the affected rendering engine. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are vulnerable. The vulnerability permits unauthorized information leakage, though the specific attack mechanism and data exposure scope require analysis of the referenced Mozilla security advisories.

Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw.

A use-after-free vulnerability in Firefox's Cocoa widget component allows remote code execution without user interaction or special privileges, affecting Firefox versions below 149 and ESR below 140.9. An attacker can exploit this memory corruption flaw over the network to achieve complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available.

A boundary condition vulnerability exists in Firefox's Audio/Video GMP (Gecko Media Plugin) component that enables information disclosure to attackers. This flaw affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in media processing to disclose sensitive information from the affected browser process.

A boundary condition error in Firefox's Graphics component allows information disclosure through improper memory access validation. This vulnerability affects Firefox versions below 149 and Firefox ESR versions below 140.9, enabling attackers to read sensitive memory contents from the graphics processing context. While no CVSS score or EPSS data is currently available, the vulnerability is documented across multiple Mozilla security advisories indicating active awareness by the vendor.

A boundary condition vulnerability exists in Mozilla Firefox's Graphics Canvas2D component that enables information disclosure attacks. The vulnerability affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit incorrect boundary condition handling in Canvas2D operations to read sensitive data from memory, potentially disclosing user information or browser-internal data through a web-based attack vector.

This vulnerability involves incorrect boundary conditions in the Firefox Graphics Canvas2D component that can lead to information disclosure. The vulnerability affects Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to access sensitive memory information through specially crafted Canvas2D operations, potentially exposing user data or system information.

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially enabling information disclosure attacks. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. While specific exploitation mechanics are not fully detailed in available public sources, the vulnerability is classified as an information disclosure issue that could allow attackers to extract sensitive data through malformed WebRTC signaling messages.

An undefined behavior vulnerability exists in the Firefox Audio/Video component that could lead to information disclosure. This affects all Firefox versions prior to 149. While specific exploitation details are limited due to missing CVSS and CWE data, the vulnerability's classification as information disclosure suggests an attacker could potentially access sensitive audio or video processing data or bypass security boundaries within the multimedia subsystem.

Firefox versions prior to 149 contain a use-after-free vulnerability in the JavaScript engine that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. The vulnerability affects all Firefox users and can be exploited over the network to gain complete control over an affected system. No patch is currently available.

A JIT (Just-In-Time) compilation miscompilation vulnerability exists in Firefox's JavaScript Engine that can lead to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this vulnerability through malicious JavaScript code to potentially disclose sensitive information from the browser's memory or process space.

Mozilla Firefox versions below 149 (and ESR versions below 140.9) contain a use-after-free vulnerability in the JavaScript Engine that enables unauthenticated remote attackers to achieve arbitrary code execution without user interaction. The memory corruption flaw allows complete compromise of affected systems through network-based attacks. No patch is currently available for this critical vulnerability.

A boundary condition vulnerability exists in Firefox's Layout: Text and Fonts component that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR versions below 115.34, and Firefox ESR versions below 140.9. An attacker could exploit incorrect boundary handling in text and font rendering to potentially disclose sensitive information from memory, though specific exploitation details and active exploitation status are not publicly documented in the available intelligence.

A JIT miscompilation vulnerability exists in Firefox's JavaScript engine that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw through malicious JavaScript to extract sensitive information from the browser's memory, potentially compromising user data and system security.

A boundary condition vulnerability exists in Firefox and Firefox ESR's Audio/Video Web Codecs component that allows information disclosure. The vulnerability affects Firefox versions prior to 149 and Firefox ESR versions prior to 140.9. An attacker can exploit this flaw to disclose sensitive information, potentially leveraging web-based attack vectors without requiring elevated privileges.

Unauthenticated remote attackers can achieve arbitrary code execution through a use-after-free memory corruption vulnerability in Firefox's text and font rendering engine, affecting Firefox versions below 149, ESR below 115.34, and ESR below 140.9. The vulnerability requires no user interaction or special privileges and allows complete compromise of confidentiality, integrity, and availability. No patch is currently available.

A boundary condition vulnerability exists in Firefox's Audio/Video Web Codecs component that allows information disclosure to attackers. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. An attacker can exploit incorrect boundary condition handling in codec processing to read sensitive memory contents or application state.