Information Disclosure
Monthly
Out-of-bounds read in Apple's web content processing engine (WebKit) causes a browser process crash when a user visits a maliciously crafted webpage, affecting Safari, iOS/iPadOS, and macOS Tahoe. All versions prior to the 26.5.2 releases across those platforms are affected, making this a broad-surface denial-of-service vulnerability against Apple's default browser ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the low attack complexity and zero-authentication requirement lower the bar for opportunistic abuse once a malicious page is visited.
Sensitive data leakage in Apple Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2 exposes users to cross-site data disclosure when visiting a malicious or compromised website. The root cause is a permissions enforcement deficiency (CWE-1264) that allows a web context to access data beyond its intended permission boundary. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.17% (6th percentile) indicates low observed exploitation probability at time of analysis; however, the unauthenticated, low-complexity network vector makes this a realistic target for drive-by attacks once details become public.
Out-of-bounds read in Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected are Safari prior to 26.5.2, iOS and iPadOS prior to 26.5.2, and macOS Tahoe prior to 26.5.2. An unauthenticated remote attacker (per PR:N/AV:N in the CVSS vector) can trigger a denial-of-service condition by enticing a user to visit a crafted page; no public exploit or CISA KEV listing has been identified at time of analysis.
Sandbox escape in Apple's WebKit browser engine (Safari, iOS/iPadOS, and macOS Tahoe before 26.5.2) lets a malicious website process restricted web content outside the browser sandbox, undermining the isolation that confines untrusted web pages. The flaw stems from improper input validation (CWE-20), was reported by Apple itself, and requires a victim to visit attacker-controlled content (UI:R); CVSS 7.1 reflects limited confidentiality, integrity, and availability impact across a changed scope. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Race condition in Apple iOS, iPadOS, and macOS Tahoe allows a locally-running app with standard privileges to trigger unexpected system termination. Rooted in improper state handling during concurrent operations (CWE-362), exploitation is constrained by high attack complexity due to the timing-dependent nature of race conditions. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.
Kernel state disclosure in Apple iOS, iPadOS, and macOS Tahoe allows a locally installed app to leak sensitive kernel memory through insufficiently sanitized input. All versions prior to iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 are affected. No active exploitation is confirmed (not in CISA KEV), and EPSS sits at 0.19% (9th percentile), indicating minimal current threat actor interest despite the kernel-level information exposure.
Out-of-bounds read in Apple's WebKit rendering engine crashes the browser process when parsing maliciously crafted web content, affecting Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2. The vulnerability requires only that a user visit or be redirected to an attacker-controlled page, making it trivially deliverable via phishing or malicious advertising. Impact is limited to a denial-of-service process crash per vendor disclosure; no public exploit or CISA KEV listing has been identified at time of analysis.
Out-of-bounds read in Apple's web content processing engine crashes the rendering process across iOS, iPadOS, and macOS Tahoe when a user visits or opens maliciously crafted web content. All iOS and iPadOS versions prior to 26.5.2 and macOS Tahoe versions prior to 26.5.2 are affected per EUVD-2026-40185 and Apple's own advisories. No active exploitation is confirmed in CISA KEV and no public exploit code has been identified; however, the zero-privilege, low-complexity attack path makes denial-of-service accessible to any attacker who can deliver a malicious web page to a victim.
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.
Unauthenticated attendee PII exposure in Hi.Events through 1.9.0 lets remote attackers retrieve full attendee lists — including names, emails, and personal information — by hitting the public check-in list endpoints, which treat the check-in list's short_id as the only access control. Beyond reading data, an attacker who knows or guesses a short_id can also create and delete check-in records without authentication. No public exploit identified at time of analysis; the issue was reported by VulnCheck and is tracked via an upstream GitHub fix.
Promo code usage-limit bypass in Hi.Events through version 1.9.0 lets remote attackers redeem restricted/limited promo codes an unlimited number of times by exploiting a time-of-check/time-of-use gap between synchronous reservation validation and the asynchronous UpdateEventStatisticsJob that increments the usage counter. Because validation reads order_usage_count before the background job updates it, an attacker can sequentially reserve and complete many discounted orders - no concurrent/racing requests are even required. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 base score is 8.2, reflecting high integrity impact on the platform's discount/pricing controls.
CORS misconfiguration in Papermark through version 0.22.0 enables unauthenticated remote attackers to silently perform credentialed cross-origin file uploads into authenticated victims' datarooms and read credentialed server responses. The TUS-based viewer upload endpoint reflects arbitrary caller Origins while returning Access-Control-Allow-Credentials: true, violating the fundamental CORS security contract and allowing any attacker-controlled webpage to abuse a victim's active session. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV; exploitation is constrained by the requirement for victim user interaction.
Cleartext credential exposure in Parseable before 2.9.2 lets any authenticated user holding the GetAlert action - including low-privilege reader roles - retrieve webhook tokens, basic-auth credentials, and internal endpoint URLs for every configured notification target by calling GET /api/v1/targets. The exposure stems from secret-masking logic that was commented out, so the API serializes stored secrets verbatim. No public exploit has been identified at time of analysis, but the issue is trivially reproducible against any instance with notification targets configured and is fixed in release v2.9.2.
Improper authorization in DeepMyst Mysti 0.4.0 permits authenticated remote attackers to bypass access controls in the Contact Tracking component by supplying a manipulated `_channelType` argument to the `_isTrackedConversation` function in `src/managers/ChannelBridge.ts`. The CVSS 4.0 score of 1.3 reflects genuine low severity - all CIA impacts are rated Low and no subsequent system scope is affected. Publicly available exploit code exists (CVSS E:P confirmed), but no active exploitation has been confirmed by CISA KEV, and high attack complexity (AC:H) with required authenticated access (PR:L) substantially limits opportunistic abuse.
Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and private key material - to persistent local debug log files due to CWE-532 (Insertion of Sensitive Information into Log File). Any local user account with read access to the affected user's log directory can harvest these credentials without needing application-level privileges. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the confidentiality impact is rated high given that full credential material may be exposed.
Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.
Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.
Sensitive token disclosure affects the Home Assistant iOS companion app prior to 2025.5.0, where the app ignores the configured SSID allowlist meant to gate internal-network access. Because the app falls back to the internal URL whenever no other URL is available, it can transmit the user's authentication token to the internal endpoint while the device is connected to an untrusted or insecure Wi-Fi network, enabling interception. No public exploit has been identified at time of analysis, and the issue is not in CISA KEV; vendor advisory GHSA-cm5v-547m-qh5h confirms the fix in 2025.5.0.
Unauthenticated information disclosure in phpUploader before 2.0.2 lets remote attackers harvest the entire uploaded-files database table simply by loading any page of the application. The index model runs an unbounded SELECT and serializes the full result set into an inline JSON script block, leaking uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints. No public exploit identified at time of analysis, but the data is exposed in plain HTML source on every page, making extraction trivial; CVSS 4.0 base is 8.7 (High).
Price parameter manipulation in SourceCodester Simple Food Ordering System 1.0 allows unauthenticated remote attackers to submit orders at arbitrary prices by modifying the item_price argument in POST requests to /cart.php. The server trusts client-supplied price data without server-side validation, enabling business logic bypass (CWE-840) that could result in financial loss for system operators. A public proof-of-concept exploit is available on GitHub; however, this vulnerability is not currently listed in the CISA KEV catalog.
Log injection in Eclipse CSI PIA's unauthenticated /v1/upload/sbom endpoint allows a remote attacker to plant forged authentication-success log entries that are byte-for-byte indistinguishable from genuine PIA audit events. PIA is an authentication broker whose logs are explicitly designated as the authoritative source for incident response (DESIGN.md §5.4), meaning the forgery directly subverts the audit trail the service exists to produce. No public exploit has been identified at time of analysis, but the attack requires no authentication and minimal technical sophistication.
HCL DevOps Deploy and HCL Launch expose sensitive information in pipeline step output logs, enabling any low-privileged authenticated user with log access to read plaintext sensitive values - such as credentials, API tokens, or configuration secrets - that should be masked or redacted. All versions are potentially affected per the CPE wildcard, and the network-accessible nature (AV:N/PR:L) makes this a meaningful insider threat and lateral movement risk in enterprise CI/CD environments. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Arbitrary file overwrite in GNU gzip's gzexe utility allows a local attacker to corrupt victim-accessible files via a symlink attack exploiting predictable temporary filename construction. When mktemp is absent from the user's PATH, gzexe falls back to PID-based temp file naming without exclusive creation or existence checks, enabling a TOCTOU race where a pre-planted symlink redirects the write to an attacker-chosen target. No public exploit or CISA KEV listing exists at time of analysis; impact is limited to low-integrity file overwrite with a CVSS 4.0 score of 2.0.
Sandbox-escaping information disclosure in Yelp (the GNOME help viewer) lets a malicious Flatpak application read arbitrary user-readable files on the host. By using the OpenURI portal to open crafted help content that embeds an untrusted CSS stylesheet inside a structured SVG document, an attacker abuses an overly permissive Content Security Policy supplied by yelp-xsl to force Yelp to evaluate local XML inclusions and exfiltrate file contents via remote CSS resource requests, defeating Flatpak's intended isolation. The flaw was disclosed publicly (GNOME developer blog by Michael Catanzaro, May 2026) and tracked by Red Hat; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Eclipse tinydtls prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 allows unauthenticated network attackers to crash memory-constrained IoT devices by sending a specially crafted Certificate handshake message during DTLS epoch 0. The vulnerable check_server_certificate() function omits buffer length validation before uint24 reads, memcmp, and memcpy operations, enabling reads beyond valid buffer boundaries on both client and server code paths. No public exploit code or active exploitation has been identified at time of analysis; however, the unauthenticated, network-reachable nature makes this straightforward to trigger against any exposed tinydtls endpoint.
Heap use-after-free read in libblkid (util-linux) enables unauthenticated local attackers to crash udisks or leak root-process heap data by presenting a crafted block device image during nested partition probing. BSD, Minix, Solaris x86, and UnixWare partition table parsers cache raw pointers into a dynamically allocated partition array; when subsequent partition additions trigger array reallocation, those pointers become stale and dereference freed memory. Because udev and udisks invoke libblkid automatically as root on block-device hot-plug events, USB insertion alone is sufficient to trigger the flaw without any user interaction or authentication. No public exploit identified at time of analysis.
Local privilege escalation in OPPO's O+ Connect arises because its inter-process communication (IPC) service accepts client connections without authenticating them, letting any external application on the same device invoke privileged operations through the IPC channel. With CVSS 7.3 (scope-changed, high availability impact) and CWE-266 incorrect privilege assignment, a low-privileged local process can perform sensitive actions it should not be authorized for. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Firmware update signature bypass in Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 allows an authenticated remote attacker to supply unvalidated firmware packages, potentially compromising storage array integrity and availability. The root cause is CWE-347 (Improper Verification of Cryptographic Signature), and the 'Jwt Attack' tag suggests the firmware validation chain relies on a JWT-based signing mechanism that can be circumvented under specific conditions. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the self-disclosure by Hitachi with a coordinated patch release indicates vendor-confirmed severity.
Credential exposure in Hitachi Storage Navigator allows authenticated storage administrators to extract insufficiently protected credentials through the network-accessible management interface, potentially enabling lateral movement to systems outside the storage platform's authorization boundary. Affected platforms span the Hitachi VSP 5000-series and G/F/VX-series enterprise storage arrays running pre-patch firmware versions on both the DKCMAIN and SVP components. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the CVSS Scope:Changed metric indicates that exposed credentials could be leveraged against systems well beyond Storage Navigator itself.
Unauthenticated remote file and directory exposure in agentejo Cockpit CMS 0.12.2 and earlier allows attackers to access files outside the web root via path traversal through the htaccess Handler's YAML configuration loader. The root cause is CWE-552 (Files or Directories Accessible to External Parties), triggered by unsafe processing of /config/config.yaml via the Spyc::YAMLLoad function, which can expose sensitive configuration data including credentials or internal path structures. A public exploit proof-of-concept exists on GitHub; no vendor patch has been issued, as the vendor did not respond to coordinated disclosure.
Unbounded zlib decompression in GPAC up to version 26.02.0 allows a local low-privileged attacker to cause resource exhaustion via a crafted highly-compressed (zip-bomb) payload processed by the ISOBMFF parser and associated filter modules. The affected function `gf_gz_decompress_payload_ex()` in `src/utils/base_encoding.c` applies no ceiling on inflated output size, enabling disproportionate memory or CPU consumption. A public proof-of-concept exists (GitHub issue #3588), but no active exploitation is confirmed in CISA KEV; the CVSS 4.0 score of 4.8 reflects the local-only attack surface and limited availability-only impact.
Out-of-bounds read in Investintech SlimPDFReader through version 2.0.14 exposes users to application crashes when processing maliciously crafted PDF files, exploitable remotely with passive user interaction. The vulnerable function `SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0` within `SlimPDFReader.exe` fails to validate buffer boundaries during PDF parsing, resulting in a low-severity availability impact (application crash/DoS) with no confirmed confidentiality or integrity effect despite the 'Information Disclosure' tag in source metadata. No public exploit identified at time of analysis beyond the CVSS 4.0 E:P maturity indicator, and no patch will ever be released as the product is confirmed end-of-life.
Insufficient data authenticity verification in MyScaleDB's vector index cache key function allows authenticated remote users to obtain stale or inconsistent vector search results following mutation operations on indexed columns. Versions through 1.8.0 are affected. A proof-of-concept exploit is publicly available (CVSS 4.0 E:P), though the very low base score of 1.3, high attack complexity, and required authenticated access substantially constrain real-world exploitation impact. No confirmed active exploitation exists - this is not on the CISA KEV list.
Deployment authentication token weakness in SimStudioAI Sim up to 0.6.92 leaks a truncated SHA-256 derivative of the encrypted deployment password inside base64-encoded auth cookies, enabling offline hash cracking and potential token forgery against password-protected deployments. The vulnerable Password Protection Handler embeds only the first 8 hex characters (32 bits) of an unsalted SHA-256 hash of the encrypted password directly in the unprotected token payload - a CWE-328 use of weak hash - allowing an attacker who obtains the cookie to brute-force the narrow hash space and fingerprint or bypass deployment authentication. No patch has been merged; fix PR #4760 is pending acceptance, and a public proof-of-concept is available at https://github.com/simstudioai/sim/issues/4759.
Insufficient data authenticity verification in volcengine OpenViking's Local VectorDB Primary-key Label Handler (versions up to 0.3.21) allows a remote attacker with low-privilege access to manipulate the ID argument passed to the str_to_uint64 function, potentially enabling limited tampering with vector database primary-key label data. The attack vector is network-accessible but rated highly complex, with CVSS 4.0 score of 2.3 reflecting constrained, low-severity impact across confidentiality, integrity, and availability. No public exploit code exists and no active exploitation has been identified; an upstream fix is pending via an unmerged pull request.
Time-of-check time-of-use (TOCTOU) race condition in antlr4-maven-plugin up to version 4.13.2 allows a local low-privileged attacker to manipulate grammar dependency state between validation and consumption in ObjectInputStream.readObject() within GrammarDependencies.java, yielding limited confidentiality, integrity, and availability impact on build artifacts. No public exploit identified at time of analysis is incorrect here - a publicly available exploit exists via a GitHub issue, though KEV listing is absent, indicating no confirmed widespread active exploitation. The CVSS 4.0 score of 1.1 reflects genuine low real-world risk due to local-only access, high attack complexity, and constrained impact scope.
Workflow checkpoint endpoints in ComfyUI-Copilot up to 2.0.28 expose an insecure direct object reference (IDOR) flaw - the restore_workflow_checkpoint and update_workflow_ui handlers in conversation_api.py accept externally supplied version identifiers without verifying that the referenced checkpoint belongs to the requesting session, enabling an authenticated remote attacker to read workflow data owned by other sessions. The CVSS 4.0 score of 2.3 reflects limited confidentiality-only impact and high attack complexity (AC:H) due to the need to enumerate valid cross-session identifiers. A proof-of-concept is publicly available at GitHub issue #149; the upstream fix (PR #150) is pending acceptance and no patched release version has been confirmed.
Improper response routing in xiaozhi-esp32 firmware up to version 2.2.6 allows any authenticated WebSocket client to receive MCP (Model Context Protocol) responses intended for other connected clients, enabling cross-client information disclosure and low-integrity interference. The flaw resides in the ParseMessage function within main/mcp_server.cc, where the MCP Response Handler broadcasts responses globally to all connected WebSocket clients on port 8080 rather than routing replies back to the originating client. A public proof-of-concept is available via GitHub issue #2020; no active exploitation has been confirmed in CISA KEV, and the CVSS 4.0 score of 2.3 reflects high attack complexity and limited overall impact in this niche IoT context.
Credential storage in DocsGPT up to 0.18.0 uses AES-CBC - an unauthenticated cipher mode - allowing a low-privilege authenticated attacker to tamper with encrypted credential blobs without detection, as the application performs no integrity or authenticity verification before decrypting. The root cause (CWE-345) is the absence of authenticated encryption: CBC provides confidentiality only, with no MAC or HMAC binding, and the legacy implementation also lacked any user_id binding, enabling potential cross-user credential replay. Publicly available exploit code exists (CVSS 4.0 E:P), though no confirmed active exploitation (not in CISA KEV); the upstream fix in PR #2331 migrates to AES-GCM with user_id-bound AAD but has not yet been merged.
Weak hash usage in SkyPilot's User ID Handler (versions up to 0.12.0) allows remote attackers with high-complexity access to manipulate user identity integrity by exploiting the `username.encode` function in `sky/users/server.py`. The vulnerability (CWE-328) results in a low-integrity impact on the vulnerable system, with no confidentiality or availability impact per the CVSS 4.0 vector, though the VulDB-assigned 'Information Disclosure' tag suggests the weak hash may additionally expose derivable username data. A public exploit exists (CVSS 4.0 E:P modifier confirmed), but no confirmed active exploitation or CISA KEV listing has been identified at time of analysis.
HTTP request/response smuggling in nghttpx (the reverse proxy component of nghttp2 through 1.69.0) allows unauthenticated remote attackers to poison shared backend keep-alive connections by crafting an HTTP/1.1 Upgrade request that simultaneously carries a Content-Length header and body. When nghttpx forwards this ambiguous message to a backend and re-adds Connection and Upgrade headers while passing Content-Length verbatim, a backend that resolves the parsing ambiguity in the attacker's favor treats the body as a separate, attacker-controlled HTTP request - enabling cross-client response-queue poisoning. A publicly available proof-of-concept exploit exists; no CISA KEV listing at time of analysis.
Mark-of-the-Web protection is bypassed in 7-Zip for Windows 26.02 and earlier when extracting crafted RAR5 archives, allowing an attacker to strip the Internet-zone marker (ZoneId=0) and spoof the extracted file's data stream content - directly defeating SmartScreen and Windows attachment warnings. The bypass exploits a gap between 7-Zip's exact-string guard ('Zone.Identifier') and the NTFS-canonical equivalent (':Zone.Identifier:$DATA') that a RAR5 STM record can supply; a second STM record ('::$DATA') additionally overwrites the default file data stream for content spoofing. A publicly available proof-of-concept exists; no vendor-released patched version has been confirmed at the time of analysis.
Free of an uninitialized, attacker-influenceable pointer in libssh2 through 1.11.1 allows a malicious SSH server to corrupt memory in any connecting client that uses the publickey subsystem. The publickey list is grown via SSH2_REALLOC without zero-initializing new entries, so a server-induced parse failure that reaches the cleanup path causes libssh2_publickey_list_free to operate on an uninitialized attrs pointer. Publicly available exploit code exists (reported by VulnCheck); no public evidence of active exploitation, and it is not listed in CISA KEV.
Authenticated arbitrary file deletion in the Frontend File Manager Plugin (nmedia-user-file-uploader) for WordPress versions through 23.6 lets Subscriber-level users delete any file on the server, including wp-config.php, which can cascade into full site takeover. The flaw stems from a case-sensitivity gap in input sanitization within the wpfm_file_meta_update AJAX handler that allows attacker-controlled paths to reach unlink() unchecked. Reported by Wordfence with a CVSS of 8.1; no public exploit identified at time of analysis and the issue is not on CISA KEV.
Local privilege escalation in the FreeBSD kernel sound subsystem lets an unprivileged user map kernel memory outside the audio buffer via an integer-overflow flaw in dsp_mmap_single(). Because /dev/dsp device nodes are world-accessible by default, any local user on a system with an audio device can read and write arbitrary kernel memory, enabling full system compromise or a kernel panic (DoS). No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile), and FreeBSD has released errata patches.
Broken access control (Insecure Direct Object Reference) in the Paid Member Subscriptions WordPress plugin before 4.16.17 lets any authenticated low-privileged user (Subscriber or above) cancel arbitrary other users' active subscriptions by manipulating the subscription identifier in a subscription-action request. The plugin fails to verify that the requesting account owns the targeted subscription. No public exploit identified at time of analysis, EPSS is low at 0.14% (3rd percentile), and the issue is not in CISA KEV, but the attack is trivial to perform once any account exists on the site.
Sensitive application data exposure in HCL Traveler for Microsoft Outlook (HTMO) allows a local low-privileged attacker to read sensitive information - likely credentials, tokens, or session data written to application log files (CWE-532) - potentially enabling follow-on attacks against connected systems. The CVSS vector confirms local access with low privileges is sufficient to achieve high confidentiality impact, with no integrity or availability consequences. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
CSV formula injection in Statamic CMS allows an unauthenticated front-end visitor to plant spreadsheet formula payloads via public form submissions that execute when a Control Panel editor exports and opens those submissions in a spreadsheet application. Affected versions span the entire v5 branch below 5.73.24 and v6 branch from 6.0.0 below 6.20.1; vendor-released patches exist for both. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, though the attack structure is well-understood and requires no specialized tooling given the unauthenticated submission vector.
Registry credential leakage in regclient (Go OCI library) versions up to and including 0.11.4 exposes authentication secrets to attacker-controlled external servers via crafted OCI image manifests. When regclient fetches a blob layer and the primary registry request fails, it falls back to external URLs defined in the manifest's layer descriptor `urls` field; if the external server issues an HTTP authentication challenge, regclient forwards the original registry credentials to that host. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack mechanism is fully documented in the vendor advisory and the exploit path is straightforward for any attacker with registry control.
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Notepad++ versions prior to 8.9.6.1 can be crashed by any local process sharing the same interactive Windows session via a malformed WM_COPYDATA message. The COPYDATA_FULL_CMDLINE handler in NppBigSwitch.cpp dereferences COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* without validating against the COPYDATASTRUCT.cbData length field, enabling an out-of-bounds read that results in process termination. No active exploitation has been confirmed (no CISA KEV listing, no public POC), and the fix is available in the vendor-released patch 8.9.6.1.
Local code execution in Notepad++ before 8.9.6.4 stems from a time-of-check/time-of-use race in NppCommands.cpp: the integrity HMAC of shortcuts.xml is verified against the on-disk file when a command fires, but the command payload is read from the _userCommands vector loaded at startup and never re-synced with disk. An attacker with write access to shortcuts.xml can plant a malicious version before launch and restore the legitimate file afterward, so the runtime HMAC check passes on the clean file while the malicious in-memory command executes. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; it is fixed in 8.9.6.4.
Information disclosure in RustFS, a Rust-based distributed object storage system, lets any authenticated user with no effective bucket or admin permissions read remote replication target configuration via the bucket replication admin API. Because the returned BucketTarget objects embed remote credentials, an attacker can harvest replication access keys and secret keys for downstream systems. The flaw affects 1.0.0-alpha.1 through versions prior to 1.0.0-beta.9 and is fixed in 1.0.0-beta.9; no public exploit identified at time of analysis.
Deadlock in the Linux kernel's DSA (Distributed Switch Architecture) subsystem allows a local low-privileged user to hang the kernel network stack by running ethtool against a DSA-configured conduit interface. The DSA subsystem replaces the conduit device's ethtool_ops with aggregating wrappers, but these wrappers redundantly invoke netdev_lock_ops() on a lock already held by the kernel ethtool infrastructure, creating a classic double-lock deadlock. No public exploit exists and EPSS sits at 0.15% (5th percentile), though the issue is trivially reproducible with standard system tooling on affected configurations.
Resource access-after-free in the Linux kernel's vfio/pci subsystem allows a local user with device access to read or corrupt PCI device resources during a race window on device shutdown, because vfio_pci_core_close_device() disabled the function before tearing down DMABUF exports. During the window the function's Memory Space Enable bit is cleared and its BARs (and their backing resources) are freed and reassignable to another driver, while stale DMABUF mappings still reference them. EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis; the upstream fix reorders cleanup to revoke DMABUF access first.
Unbounded NAPI busy-poll loop in the Linux kernel's io_uring subsystem allows a low-privileged local process to spin the kernel indefinitely when no I/O events arrive, triggering soft lockup watchdog complaints and degrading system availability. Affected kernels are those at or after commit 8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5 (introducing NAPI support in io_uring, Linux 6.9) through the patched stable releases 6.18.33, 7.0.10, and 7.1. No public exploit exists and this is not listed in CISA KEV; EPSS sits at 0.15% (5th percentile), reflecting very low exploitation interest.
Denial of service in the Linux kernel's padata parallel data processing subsystem results from a misplaced CPU hotplug callback that returns an error in a section where error returns are not permitted. Specifically, padata_cpu_dead() is registered below CPUHP_TEARDOWN_CPU, a hotplug state phase where callbacks are not allowed to fail; when the callback returns non-zero, the kernel emits a 'DEAD callback error' warning that can destabilize the system. A local attacker with low-privilege access on a multi-CPU system using padata (e.g., for parallel IPsec or crypto processing) can trigger this condition during CPU offline transitions, resulting in high availability impact. No public exploit is identified and EPSS is 0.16%, indicating low exploitation probability; patches are available across multiple stable kernel branches.
Uninitialized memory read in the Linux kernel FUSE filesystem driver causes local denial-of-service conditions. Specifically, `fuse_dentry_revalidate()` in `fs/fuse/dir.c` reads the `->d_time` field of a dentry that was allocated by `__d_alloc()` without initialization, detectable by KMSAN as a use-before-initialize defect. A local authenticated user with access to a FUSE-mounted filesystem can trigger a kernel crash by opening a file through the affected `lookup_open` → `d_revalidate` code path. No public exploit exists and EPSS is 0.15%, indicating minimal real-world exploitation pressure at this time.
Kernel page fault in the Linux kernel's Tegra234 Control Backbone (CBB) driver crashes affected NVIDIA Tegra234-based systems when a cross-fabric error interrupt triggers incorrect register address resolution. The `tegra234_cbb_get_tmo_slv()` function uses the receiving fabric's base address (`cbb->regs`) with register offsets derived from a different fabric's target map, producing an invalid virtual address dereference (`ffff80000954cc00`) and a kernel panic. Exploitation requires local low-privilege access to Tegra234 hardware; no public exploit or POC exists, EPSS sits at the 5th percentile (0.15%), and the vulnerability is not in CISA KEV.
Out-of-bounds read in the Linux kernel's OCFS2 cluster filesystem DLM (Distributed Lock Manager) stems from an off-by-one error in dlm_match_regions(), where the local-vs-remote region comparison loop uses '<=' instead of '<' and reads one entry past the valid range of the qr_regions array. It affects systems running the OCFS2 shared-disk cluster filesystem and is reachable when nodes negotiate heartbeat/region membership; the upstream tag classifies it as Information Disclosure rather than code execution. There is no public exploit identified at time of analysis, EPSS is low (0.17%, 6th percentile), and it is not in CISA KEV - despite an inflated NVD CVSS of 9.8.
Use-after-free and memory leak in the Linux kernel max77705 power supply driver expose systems with Maxim MAX77705 PMIC hardware to local denial-of-service. Two concurrent bugs exist: the workqueue is never destroyed on driver removal (memory leak), and a race condition allows an interrupt handler to schedule work on an already-freed workqueue if the interrupt fires after workqueue destruction but before the devm interface releases the interrupt registration. On vulnerable kernel versions prior to the stable-tree patches (7.0.10 and 7.1 series), a local user on hardware with a MAX77705 PMIC can trigger kernel memory corruption. No public exploit code has been identified at time of analysis, and EPSS sits at 0.14% (4th percentile), reflecting negligible opportunistic exploitation interest.
Off-by-one array overflow in the Linux kernel's hvc_iucv driver (IBM z/VM IUCV HVC terminal subsystem) can trigger an out-of-bounds write to hvc_iucv_table[8] when hvc_iucv_devices is set to the maximum value of 8, crashing the kernel. Exploitation requires local access with low privileges on IBM System z systems running z/VM with hvc_iucv configured. No public exploit identified at time of analysis; EPSS is 0.18% (7th percentile), consistent with a niche mainframe-only driver affecting a very limited deployment population.
Out-of-bounds read (CWE-125) in the Linux kernel F2FS filesystem lets a local user trigger inconsistent access to the mount extension list by racing a sysfs read against a concurrent update. The f2fs_sbi_show() handler reads extension_list, extension_count and hot_ext_count without holding sbi->sb_lock, so a simultaneous f2fs_update_extension_list() store can yield a mismatched count/array pair and drive an out-of-bounds read that leaks stale kernel data or crashes the system. No public exploit identified at time of analysis; EPSS is low (0.17%, 7th percentile) and the issue is not in CISA KEV.
Use-after-free in the Linux kernel's mailbox-test debug driver (mailbox-test.c) allows a local privileged attacker to corrupt kernel memory when the driver's probe routine fails, because previously acquired mailbox channels are not released while the devm-allocated client structure is freed anyway. The flaw carries a CVSS of 7.8 with high confidentiality, integrity, and availability impact, but exploitation is local and requires the mailbox-test module to load and hit a probe error path. No public exploit is identified at time of analysis and EPSS estimates exploitation probability at only 0.18%.
Kernel denial-of-service in the Linux mailbox subsystem triggers an OOPS when a mailbox controller is instantiated without an associated channel array and the code dereferences the missing pointer without a NULL guard. Local low-privileged users on affected systems - particularly embedded or SoC-based Linux deployments that rely on mailbox-based inter-processor communication - can cause a system crash. EPSS is 0.18% (7th percentile), no active exploitation is confirmed, and patches have been backported across all active stable branches from 5.10.x through 7.1.
Local privilege escalation potential in the Linux kernel's mailbox-test driver arises from a double-free when the RX channel is aliased to the TX channel (a valid configuration when they use different MMIO regions); the cleanup path frees the reused channel twice. Affecting the mailbox subsystem's test/debug driver across a wide range of stable branches (5.10 through 7.x), the flaw carries a 7.8 CVSS with an AV:L/PR:L vector and has an upstream fix, but EPSS is only 0.18% and there is no public exploit identified at time of analysis.
Improper locking in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to trigger a kernel deadlock or system crash via the AMDGPU_INFO_READ_MMR_REG ioctl. Three distinct concurrency defects exist: inverted lock ordering between the reset semaphore and mm_lock (permitting copy_to_user() under lock), memory allocation while holding the reset semaphore, and use of down_read_trylock() where a blocking wait is required. No public exploit code has been identified and EPSS is 0.17%, placing this firmly in opportunistic-rather-than-targeted risk territory.
Use-after-free in the Linux kernel's Intel Xe GPU driver (drm/xe EU stall sampling) lets a local low-privileged user with access to the render/DRM device trigger memory corruption during stream close. In xe_eu_stall_stream_close() the driver calls drm_dev_put() before disabling the stream and freeing its resources, so if that call drops the last reference the device structures may be freed while subsequent cleanup still dereferences them. The defect is patched upstream, no public exploit is identified at time of analysis, and EPSS rates exploitation probability very low (0.17%, 6th percentile).
Memory corruption (double free and use-after-free, CWE-415) in the Linux kernel's Intel idpf network driver allows a local low-privileged actor to corrupt kernel heap memory when the auxiliary device probe error path executes. The idpf_plug_vport_aux_dev() and idpf_plug_core_aux_dev() routines free the iadev structure via a release callback during auxiliary_device_uninit(), then fall through and read adev->id from the freed object for ida_free() and kfree() it again. It is not in CISA KEV and no public exploit has been identified; EPSS exploitation probability is low at 0.17% (7th percentile).
Indefinite kernel hang in the Linux kernel's drm/gma500 Oaktrail LVDS display initialization code can be triggered locally on systems with Intel GMA 500/Oaktrail graphics hardware, causing a denial of service requiring a hard reboot. The defect lies in error handling that incorrectly attempts to deregister an I2C adapter obtained via i2c_get_adapter() - which only increments a reference count - rather than restricting cleanup to adapters the driver itself allocated. No public exploit code exists and EPSS is 0.17% (7th percentile), consistent with a niche, largely retired hardware platform.
The meeting agenda items REST API in OpenProject before 17.4.0 leaks private work package data to authenticated users who lack project-level access. When a meeting agenda item is linked to a work package belonging to a private or inaccessible project, the GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id endpoint returns that work package's confidential data in its response, silently bypassing project-level authorization checks. No public exploit is identified at time of analysis and this vulnerability is not listed in CISA KEV; a vendor-released patch is available in version 17.4.0.
Unauthorized information disclosure in OpenProject before 17.4.0 allows any authenticated user to retrieve the subjects (titles) of work packages they have been explicitly denied access to, bypassing project-level visibility controls. The flaw exists in the GET /api/v3/relations REST API endpoint, where supplying arbitrary work package IDs to the involved, fromId, or toId filter parameters circumvents the Relation.visible scope due to a defective performance optimization in RelationQuery. No public exploit has been identified and the vulnerability is not listed in CISA KEV; however, the attack is trivially executable by any platform user with valid credentials, making it a meaningful risk in deployments handling sensitive or confidential project data.
Signature type-binding bypass in @sigstore/core (npm) allows an attacker who controls the `payloadType` field of a DSSE envelope to substitute every ASCII character with a Unicode variant whose low byte matches, producing PAE bytes identical to a legitimate signature and causing verification to pass for a mismatched content type. All versions up to and including 3.2.0 are affected; a working proof-of-concept is included in the GitHub security advisory GHSA-jfc7-64v2-mr8c. The vulnerability is not confirmed in the CISA KEV catalog, but exploit code is publicly available, making exploitation straightforward for any attacker positioned to craft or relay DSSE envelopes.
Information disclosure in OpenProject before 17.3.3 and 17.4.1 lets remote attackers read hidden historical field values through the journal diff endpoint, which fails to enforce object- and field-level visibility checks. The flaw (CWE-200) carries a CVSS 7.5 driven entirely by high confidentiality impact, exposing prior values of work-package fields that should be restricted. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Cleartext credential disclosure in OpenProject's Storages module (versions prior to 17.3.3 and 17.4.1) writes the userless OneDrive/SharePoint OAuth access_token in plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, refreshed by an hourly cron and every userless-OAuth call. Because none of the supported cache backends (file_store, memcache, redis) encrypts at rest, an attacker who can read the cache backend retrieves the Azure-AD application-tier bearer token via an anonymous memcached/Redis get. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Host-side arbitrary file write in Incus (the LXD-fork container and VM manager) before 7.2.0 lets an attacker who can supply a crafted image and call the instance exec endpoint write attacker-controlled content to any path on the host, leading to root-level command execution. A top-level `exec-output` symlink packed into an image survives image unpacking, and when `record-output:true` is passed to `/instances/$name/exec` the daemon follows that symlink to write `exec_UUID.stdout`/`.stderr` outside the instance - for example into `/etc/cron.d`. A working proof-of-concept exists in the GHSA advisory, but there is no public exploit identified as used in active attacks.
Privilege/context escalation in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 lets an authenticated user with write access to a shared workspace plant a custom PowerShell VPN editor entry whose display name collides with an existing VPN script link, causing the attacker's PowerShell to run in another user's context when that link is resolved. The flaw stems from incorrect link resolution by display name (CWE-706) rather than a stable identifier, yielding total compromise of the victim's session (C:H/I:H/A:H). There is no public exploit identified at time of analysis and it is not in CISA KEV; a vendor patch is available.
Cross-origin information disclosure in the Nx monorepo graph server (versions 17.0.4 through 22.7.1) exposes the full project dependency graph and workspace metadata to any website a developer visits while `nx graph` is running locally. The server unconditionally broadcasts `Access-Control-Allow-Origin: *`, bypassing the browser Same-Origin Policy and allowing attacker-controlled JavaScript to silently read internal project structure. In rare cases, the `/help` endpoint - which executes a workspace-configured target command - creates a path to arbitrary command injection on the developer's machine. No public exploit or CISA KEV listing identified at time of analysis.
PROXY Protocol v2 TLV overflow in Envoy Proxy versions 1.34.0 through the pre-fix series allows an operator-level attacker on an adjacent network to smuggle extraneous bytes into upstream requests. Envoy's header generator writes TLV content exceeding the protocol-mandated 65535-byte maximum without adjusting the length field, creating a header where declared length and actual byte count diverge - a textbook CWE-130 length-parameter inconsistency. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; risk is constrained by the high-privilege and adjacent-network prerequisites reflected in the CVSS 4.8 medium score.
Authentication bypass and account takeover in OpenAM Community Edition (OpenIdentity Platform) through 16.0.6 allows unauthenticated attackers to log in as any user who has authenticated via the OAuth2 module. The OAuth2 module silently rewrites a local user's password to the literal value of their own username, after which the default ldapService chain accepts the username as both identifier and password at the standard authenticate endpoint - no IdP interaction needed. No public exploit identified at time of analysis, but the attack requires only knowledge of a target username once the password-rewrite has fired.
Remote denial of service in Envoy proxy allows attackers to crash the process by resolving a DNS name exactly 255 octets long through a configured UDP DNS filter. An off-by-one runtime precondition assumes query names are strictly less than 255 octets, contradicting RFC 1035 which permits names of up to 255 octets, so a maximally-long name that resolves successfully triggers abnormal process termination. There is no public exploit identified at time of analysis, EPSS is low (0.37%), and CISA SSVC rates exploitation as none with only partial technical impact.
Certificate SAN validation in Envoy Proxy is bypassed when an attacker-controlled upstream serves a TLS certificate containing an embedded NUL byte in the dNSName Subject Alternative Name field. Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 are affected, allowing an attacker who controls or can impersonate an upstream TLS endpoint to pass Envoy's configured SAN match check with a fraudulent certificate and intercept proxied traffic. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
The OAuth2 HTTP filter in Envoy Proxy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 implements AES-256-CBC encryption for the PKCE CodeVerifier cookie without any authentication tag, creating a classic padding oracle through differential HTTP responses on the /callback endpoint. An attacker who obtains the victim's encrypted CodeVerifier cookie and a stolen authorization code can recover the plaintext PKCE code_verifier in approximately 6,200 crafted requests (~100 seconds), then complete the OAuth token exchange to hijack the victim's access token. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-confirmed patches are available in all four current release branches.
Remote denial of service in DragonflyDB before 1.39.0 lets an unauthenticated attacker crash the entire server with a single ~24-byte RESTORE command carrying a malformed listpack payload, triggering an out-of-bounds read (SIGSEGV). Because Dragonfly ships with no authentication enabled by default and RESTORE is an ordinary keyspace command, any client that can reach the port can repeatedly kill the process. No CISA KEV listing exists, but the fixing pull request publishes the exact crash payloads as regression tests, so working trigger data is effectively public.
Sensitive information disclosure in Fluentd's Monitor Agent plugin (in_monitor_agent) at versions <= 1.19.2 allows anyone with HTTP access to the metrics API (default TCP port 24220) to read internal instance variables of loaded plugins via /api/plugins.json and related endpoints. Because plugins frequently hold database passwords, API keys, and cloud credentials in instance variables, those secrets can be returned in plain text to unauthenticated callers. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor fixed it in v1.19.3 by changing the default visibility of config, retry, and debug information.
Information disclosure in Podman (1.8.1 through 5.8.3) lets a malicious OCI container image leak host environment variables into the container by embedding an image env entry with a key but no value; an asterisk (*) entry causes Podman to forward ALL host session variables. Because the launching session frequently holds secrets (registry credentials, API tokens, proxy auth), a crafted image run by a victim can harvest them. No public exploit is identified beyond the proof-of-concept test shipped with the fix, and it is not listed in CISA KEV.
Arbitrary file write in Dokku before 0.38.2 lets an attacker with deploy-level access escalate to full shell access on the host. The git:from-archive and certs:add commands extract attacker-supplied tar/zip archives without sanitizing member paths, and because GNU tar creates and then follows symlinks during extraction, a crafted archive can plant files anywhere the dokku user can write - most damagingly ~/.ssh/authorized_keys. There is no public exploit identified at time of analysis and CISA SSVC records exploitation as none, but the technical impact is rated total.
OS command execution on the Dokku host is possible through the openresty-vhosts plugin in versions prior to 0.38.2, where custom OpenResty include filenames from an app's git repository are interpolated unescaped into a single-quoted shell string that is later run through eval. An attacker who can deploy a Dokku app with the openresty proxy enabled can plant a file whose name contains a single quote to break the quoting and inject a command substitution, executing arbitrary commands as the dokku user on the next deploy. There is no public exploit identified at time of analysis and it is not in CISA KEV, though the upstream advisory and a security regression test document the mechanism precisely.
Insufficiently protected credential storage in Dokku prior to 0.38.2 exposes git authentication secrets stored in $DOKKU_ROOT/.netrc to any local user who can traverse the Dokku home directory. The git:auth command pre-creates the .netrc file using bash's touch, which applies the process umask (0644) before the netrc binary runs - defeating the netrc binary's own 0600 enforcement because the file already exists at write time. No public exploit code exists and the vulnerability is not in CISA KEV, but the confidentiality impact is rated High given that plaintext git credentials (hostnames, usernames, passwords) are directly readable without any special tooling.
Out-of-bounds read in Apple's web content processing engine (WebKit) causes a browser process crash when a user visits a maliciously crafted webpage, affecting Safari, iOS/iPadOS, and macOS Tahoe. All versions prior to the 26.5.2 releases across those platforms are affected, making this a broad-surface denial-of-service vulnerability against Apple's default browser ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the low attack complexity and zero-authentication requirement lower the bar for opportunistic abuse once a malicious page is visited.
Sensitive data leakage in Apple Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2 exposes users to cross-site data disclosure when visiting a malicious or compromised website. The root cause is a permissions enforcement deficiency (CWE-1264) that allows a web context to access data beyond its intended permission boundary. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.17% (6th percentile) indicates low observed exploitation probability at time of analysis; however, the unauthenticated, low-complexity network vector makes this a realistic target for drive-by attacks once details become public.
Out-of-bounds read in Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected are Safari prior to 26.5.2, iOS and iPadOS prior to 26.5.2, and macOS Tahoe prior to 26.5.2. An unauthenticated remote attacker (per PR:N/AV:N in the CVSS vector) can trigger a denial-of-service condition by enticing a user to visit a crafted page; no public exploit or CISA KEV listing has been identified at time of analysis.
Sandbox escape in Apple's WebKit browser engine (Safari, iOS/iPadOS, and macOS Tahoe before 26.5.2) lets a malicious website process restricted web content outside the browser sandbox, undermining the isolation that confines untrusted web pages. The flaw stems from improper input validation (CWE-20), was reported by Apple itself, and requires a victim to visit attacker-controlled content (UI:R); CVSS 7.1 reflects limited confidentiality, integrity, and availability impact across a changed scope. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Race condition in Apple iOS, iPadOS, and macOS Tahoe allows a locally-running app with standard privileges to trigger unexpected system termination. Rooted in improper state handling during concurrent operations (CWE-362), exploitation is constrained by high attack complexity due to the timing-dependent nature of race conditions. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.
Kernel state disclosure in Apple iOS, iPadOS, and macOS Tahoe allows a locally installed app to leak sensitive kernel memory through insufficiently sanitized input. All versions prior to iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 are affected. No active exploitation is confirmed (not in CISA KEV), and EPSS sits at 0.19% (9th percentile), indicating minimal current threat actor interest despite the kernel-level information exposure.
Out-of-bounds read in Apple's WebKit rendering engine crashes the browser process when parsing maliciously crafted web content, affecting Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2. The vulnerability requires only that a user visit or be redirected to an attacker-controlled page, making it trivially deliverable via phishing or malicious advertising. Impact is limited to a denial-of-service process crash per vendor disclosure; no public exploit or CISA KEV listing has been identified at time of analysis.
Out-of-bounds read in Apple's web content processing engine crashes the rendering process across iOS, iPadOS, and macOS Tahoe when a user visits or opens maliciously crafted web content. All iOS and iPadOS versions prior to 26.5.2 and macOS Tahoe versions prior to 26.5.2 are affected per EUVD-2026-40185 and Apple's own advisories. No active exploitation is confirmed in CISA KEV and no public exploit code has been identified; however, the zero-privilege, low-complexity attack path makes denial-of-service accessible to any attacker who can deliver a malicious web page to a victim.
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace.
Unauthenticated attendee PII exposure in Hi.Events through 1.9.0 lets remote attackers retrieve full attendee lists — including names, emails, and personal information — by hitting the public check-in list endpoints, which treat the check-in list's short_id as the only access control. Beyond reading data, an attacker who knows or guesses a short_id can also create and delete check-in records without authentication. No public exploit identified at time of analysis; the issue was reported by VulnCheck and is tracked via an upstream GitHub fix.
Promo code usage-limit bypass in Hi.Events through version 1.9.0 lets remote attackers redeem restricted/limited promo codes an unlimited number of times by exploiting a time-of-check/time-of-use gap between synchronous reservation validation and the asynchronous UpdateEventStatisticsJob that increments the usage counter. Because validation reads order_usage_count before the background job updates it, an attacker can sequentially reserve and complete many discounted orders - no concurrent/racing requests are even required. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 base score is 8.2, reflecting high integrity impact on the platform's discount/pricing controls.
CORS misconfiguration in Papermark through version 0.22.0 enables unauthenticated remote attackers to silently perform credentialed cross-origin file uploads into authenticated victims' datarooms and read credentialed server responses. The TUS-based viewer upload endpoint reflects arbitrary caller Origins while returning Access-Control-Allow-Credentials: true, violating the fundamental CORS security contract and allowing any attacker-controlled webpage to abuse a victim's active session. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV; exploitation is constrained by the requirement for victim user interaction.
Cleartext credential exposure in Parseable before 2.9.2 lets any authenticated user holding the GetAlert action - including low-privilege reader roles - retrieve webhook tokens, basic-auth credentials, and internal endpoint URLs for every configured notification target by calling GET /api/v1/targets. The exposure stems from secret-masking logic that was commented out, so the API serializes stored secrets verbatim. No public exploit has been identified at time of analysis, but the issue is trivially reproducible against any instance with notification targets configured and is fixed in release v2.9.2.
Improper authorization in DeepMyst Mysti 0.4.0 permits authenticated remote attackers to bypass access controls in the Contact Tracking component by supplying a manipulated `_channelType` argument to the `_isTrackedConversation` function in `src/managers/ChannelBridge.ts`. The CVSS 4.0 score of 1.3 reflects genuine low severity - all CIA impacts are rated Low and no subsequent system scope is affected. Publicly available exploit code exists (CVSS E:P confirmed), but no active exploitation has been confirmed by CISA KEV, and high attack complexity (AC:H) with required authenticated access (PR:L) substantially limits opportunistic abuse.
Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and private key material - to persistent local debug log files due to CWE-532 (Insertion of Sensitive Information into Log File). Any local user account with read access to the affected user's log directory can harvest these credentials without needing application-level privileges. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the confidentiality impact is rated high given that full credential material may be exposed.
Devolutions PowerShell Universal 2026.2.0 leaks serialized App Tokens in plaintext within AI Agent job API responses, enabling authenticated privilege escalation through token theft and replay. An authenticated user holding only AI Agent read access - a lower-privileged role - can extract reusable App Tokens that may carry significantly higher privileges than their own account, effectively bypassing the intended access control boundary. No public exploit code exists and CISA has not listed this in KEV, but the CVSS C:H rating reflects that successful exploitation yields credentials reusable across the platform.
Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.
Sensitive token disclosure affects the Home Assistant iOS companion app prior to 2025.5.0, where the app ignores the configured SSID allowlist meant to gate internal-network access. Because the app falls back to the internal URL whenever no other URL is available, it can transmit the user's authentication token to the internal endpoint while the device is connected to an untrusted or insecure Wi-Fi network, enabling interception. No public exploit has been identified at time of analysis, and the issue is not in CISA KEV; vendor advisory GHSA-cm5v-547m-qh5h confirms the fix in 2025.5.0.
Unauthenticated information disclosure in phpUploader before 2.0.2 lets remote attackers harvest the entire uploaded-files database table simply by loading any page of the application. The index model runs an unbounded SELECT and serializes the full result set into an inline JSON script block, leaking uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints. No public exploit identified at time of analysis, but the data is exposed in plain HTML source on every page, making extraction trivial; CVSS 4.0 base is 8.7 (High).
Price parameter manipulation in SourceCodester Simple Food Ordering System 1.0 allows unauthenticated remote attackers to submit orders at arbitrary prices by modifying the item_price argument in POST requests to /cart.php. The server trusts client-supplied price data without server-side validation, enabling business logic bypass (CWE-840) that could result in financial loss for system operators. A public proof-of-concept exploit is available on GitHub; however, this vulnerability is not currently listed in the CISA KEV catalog.
Log injection in Eclipse CSI PIA's unauthenticated /v1/upload/sbom endpoint allows a remote attacker to plant forged authentication-success log entries that are byte-for-byte indistinguishable from genuine PIA audit events. PIA is an authentication broker whose logs are explicitly designated as the authoritative source for incident response (DESIGN.md §5.4), meaning the forgery directly subverts the audit trail the service exists to produce. No public exploit has been identified at time of analysis, but the attack requires no authentication and minimal technical sophistication.
HCL DevOps Deploy and HCL Launch expose sensitive information in pipeline step output logs, enabling any low-privileged authenticated user with log access to read plaintext sensitive values - such as credentials, API tokens, or configuration secrets - that should be masked or redacted. All versions are potentially affected per the CPE wildcard, and the network-accessible nature (AV:N/PR:L) makes this a meaningful insider threat and lateral movement risk in enterprise CI/CD environments. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Arbitrary file overwrite in GNU gzip's gzexe utility allows a local attacker to corrupt victim-accessible files via a symlink attack exploiting predictable temporary filename construction. When mktemp is absent from the user's PATH, gzexe falls back to PID-based temp file naming without exclusive creation or existence checks, enabling a TOCTOU race where a pre-planted symlink redirects the write to an attacker-chosen target. No public exploit or CISA KEV listing exists at time of analysis; impact is limited to low-integrity file overwrite with a CVSS 4.0 score of 2.0.
Sandbox-escaping information disclosure in Yelp (the GNOME help viewer) lets a malicious Flatpak application read arbitrary user-readable files on the host. By using the OpenURI portal to open crafted help content that embeds an untrusted CSS stylesheet inside a structured SVG document, an attacker abuses an overly permissive Content Security Policy supplied by yelp-xsl to force Yelp to evaluate local XML inclusions and exfiltrate file contents via remote CSS resource requests, defeating Flatpak's intended isolation. The flaw was disclosed publicly (GNOME developer blog by Michael Catanzaro, May 2026) and tracked by Red Hat; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Out-of-bounds read in Eclipse tinydtls prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 allows unauthenticated network attackers to crash memory-constrained IoT devices by sending a specially crafted Certificate handshake message during DTLS epoch 0. The vulnerable check_server_certificate() function omits buffer length validation before uint24 reads, memcmp, and memcpy operations, enabling reads beyond valid buffer boundaries on both client and server code paths. No public exploit code or active exploitation has been identified at time of analysis; however, the unauthenticated, network-reachable nature makes this straightforward to trigger against any exposed tinydtls endpoint.
Heap use-after-free read in libblkid (util-linux) enables unauthenticated local attackers to crash udisks or leak root-process heap data by presenting a crafted block device image during nested partition probing. BSD, Minix, Solaris x86, and UnixWare partition table parsers cache raw pointers into a dynamically allocated partition array; when subsequent partition additions trigger array reallocation, those pointers become stale and dereference freed memory. Because udev and udisks invoke libblkid automatically as root on block-device hot-plug events, USB insertion alone is sufficient to trigger the flaw without any user interaction or authentication. No public exploit identified at time of analysis.
Local privilege escalation in OPPO's O+ Connect arises because its inter-process communication (IPC) service accepts client connections without authenticating them, letting any external application on the same device invoke privileged operations through the IPC channel. With CVSS 7.3 (scope-changed, high availability impact) and CWE-266 incorrect privilege assignment, a low-privileged local process can perform sensitive actions it should not be authorized for. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Firmware update signature bypass in Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 allows an authenticated remote attacker to supply unvalidated firmware packages, potentially compromising storage array integrity and availability. The root cause is CWE-347 (Improper Verification of Cryptographic Signature), and the 'Jwt Attack' tag suggests the firmware validation chain relies on a JWT-based signing mechanism that can be circumvented under specific conditions. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the self-disclosure by Hitachi with a coordinated patch release indicates vendor-confirmed severity.
Credential exposure in Hitachi Storage Navigator allows authenticated storage administrators to extract insufficiently protected credentials through the network-accessible management interface, potentially enabling lateral movement to systems outside the storage platform's authorization boundary. Affected platforms span the Hitachi VSP 5000-series and G/F/VX-series enterprise storage arrays running pre-patch firmware versions on both the DKCMAIN and SVP components. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the CVSS Scope:Changed metric indicates that exposed credentials could be leveraged against systems well beyond Storage Navigator itself.
Unauthenticated remote file and directory exposure in agentejo Cockpit CMS 0.12.2 and earlier allows attackers to access files outside the web root via path traversal through the htaccess Handler's YAML configuration loader. The root cause is CWE-552 (Files or Directories Accessible to External Parties), triggered by unsafe processing of /config/config.yaml via the Spyc::YAMLLoad function, which can expose sensitive configuration data including credentials or internal path structures. A public exploit proof-of-concept exists on GitHub; no vendor patch has been issued, as the vendor did not respond to coordinated disclosure.
Unbounded zlib decompression in GPAC up to version 26.02.0 allows a local low-privileged attacker to cause resource exhaustion via a crafted highly-compressed (zip-bomb) payload processed by the ISOBMFF parser and associated filter modules. The affected function `gf_gz_decompress_payload_ex()` in `src/utils/base_encoding.c` applies no ceiling on inflated output size, enabling disproportionate memory or CPU consumption. A public proof-of-concept exists (GitHub issue #3588), but no active exploitation is confirmed in CISA KEV; the CVSS 4.0 score of 4.8 reflects the local-only attack surface and limited availability-only impact.
Out-of-bounds read in Investintech SlimPDFReader through version 2.0.14 exposes users to application crashes when processing maliciously crafted PDF files, exploitable remotely with passive user interaction. The vulnerable function `SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0` within `SlimPDFReader.exe` fails to validate buffer boundaries during PDF parsing, resulting in a low-severity availability impact (application crash/DoS) with no confirmed confidentiality or integrity effect despite the 'Information Disclosure' tag in source metadata. No public exploit identified at time of analysis beyond the CVSS 4.0 E:P maturity indicator, and no patch will ever be released as the product is confirmed end-of-life.
Insufficient data authenticity verification in MyScaleDB's vector index cache key function allows authenticated remote users to obtain stale or inconsistent vector search results following mutation operations on indexed columns. Versions through 1.8.0 are affected. A proof-of-concept exploit is publicly available (CVSS 4.0 E:P), though the very low base score of 1.3, high attack complexity, and required authenticated access substantially constrain real-world exploitation impact. No confirmed active exploitation exists - this is not on the CISA KEV list.
Deployment authentication token weakness in SimStudioAI Sim up to 0.6.92 leaks a truncated SHA-256 derivative of the encrypted deployment password inside base64-encoded auth cookies, enabling offline hash cracking and potential token forgery against password-protected deployments. The vulnerable Password Protection Handler embeds only the first 8 hex characters (32 bits) of an unsalted SHA-256 hash of the encrypted password directly in the unprotected token payload - a CWE-328 use of weak hash - allowing an attacker who obtains the cookie to brute-force the narrow hash space and fingerprint or bypass deployment authentication. No patch has been merged; fix PR #4760 is pending acceptance, and a public proof-of-concept is available at https://github.com/simstudioai/sim/issues/4759.
Insufficient data authenticity verification in volcengine OpenViking's Local VectorDB Primary-key Label Handler (versions up to 0.3.21) allows a remote attacker with low-privilege access to manipulate the ID argument passed to the str_to_uint64 function, potentially enabling limited tampering with vector database primary-key label data. The attack vector is network-accessible but rated highly complex, with CVSS 4.0 score of 2.3 reflecting constrained, low-severity impact across confidentiality, integrity, and availability. No public exploit code exists and no active exploitation has been identified; an upstream fix is pending via an unmerged pull request.
Time-of-check time-of-use (TOCTOU) race condition in antlr4-maven-plugin up to version 4.13.2 allows a local low-privileged attacker to manipulate grammar dependency state between validation and consumption in ObjectInputStream.readObject() within GrammarDependencies.java, yielding limited confidentiality, integrity, and availability impact on build artifacts. No public exploit identified at time of analysis is incorrect here - a publicly available exploit exists via a GitHub issue, though KEV listing is absent, indicating no confirmed widespread active exploitation. The CVSS 4.0 score of 1.1 reflects genuine low real-world risk due to local-only access, high attack complexity, and constrained impact scope.
Workflow checkpoint endpoints in ComfyUI-Copilot up to 2.0.28 expose an insecure direct object reference (IDOR) flaw - the restore_workflow_checkpoint and update_workflow_ui handlers in conversation_api.py accept externally supplied version identifiers without verifying that the referenced checkpoint belongs to the requesting session, enabling an authenticated remote attacker to read workflow data owned by other sessions. The CVSS 4.0 score of 2.3 reflects limited confidentiality-only impact and high attack complexity (AC:H) due to the need to enumerate valid cross-session identifiers. A proof-of-concept is publicly available at GitHub issue #149; the upstream fix (PR #150) is pending acceptance and no patched release version has been confirmed.
Improper response routing in xiaozhi-esp32 firmware up to version 2.2.6 allows any authenticated WebSocket client to receive MCP (Model Context Protocol) responses intended for other connected clients, enabling cross-client information disclosure and low-integrity interference. The flaw resides in the ParseMessage function within main/mcp_server.cc, where the MCP Response Handler broadcasts responses globally to all connected WebSocket clients on port 8080 rather than routing replies back to the originating client. A public proof-of-concept is available via GitHub issue #2020; no active exploitation has been confirmed in CISA KEV, and the CVSS 4.0 score of 2.3 reflects high attack complexity and limited overall impact in this niche IoT context.
Credential storage in DocsGPT up to 0.18.0 uses AES-CBC - an unauthenticated cipher mode - allowing a low-privilege authenticated attacker to tamper with encrypted credential blobs without detection, as the application performs no integrity or authenticity verification before decrypting. The root cause (CWE-345) is the absence of authenticated encryption: CBC provides confidentiality only, with no MAC or HMAC binding, and the legacy implementation also lacked any user_id binding, enabling potential cross-user credential replay. Publicly available exploit code exists (CVSS 4.0 E:P), though no confirmed active exploitation (not in CISA KEV); the upstream fix in PR #2331 migrates to AES-GCM with user_id-bound AAD but has not yet been merged.
Weak hash usage in SkyPilot's User ID Handler (versions up to 0.12.0) allows remote attackers with high-complexity access to manipulate user identity integrity by exploiting the `username.encode` function in `sky/users/server.py`. The vulnerability (CWE-328) results in a low-integrity impact on the vulnerable system, with no confidentiality or availability impact per the CVSS 4.0 vector, though the VulDB-assigned 'Information Disclosure' tag suggests the weak hash may additionally expose derivable username data. A public exploit exists (CVSS 4.0 E:P modifier confirmed), but no confirmed active exploitation or CISA KEV listing has been identified at time of analysis.
HTTP request/response smuggling in nghttpx (the reverse proxy component of nghttp2 through 1.69.0) allows unauthenticated remote attackers to poison shared backend keep-alive connections by crafting an HTTP/1.1 Upgrade request that simultaneously carries a Content-Length header and body. When nghttpx forwards this ambiguous message to a backend and re-adds Connection and Upgrade headers while passing Content-Length verbatim, a backend that resolves the parsing ambiguity in the attacker's favor treats the body as a separate, attacker-controlled HTTP request - enabling cross-client response-queue poisoning. A publicly available proof-of-concept exploit exists; no CISA KEV listing at time of analysis.
Mark-of-the-Web protection is bypassed in 7-Zip for Windows 26.02 and earlier when extracting crafted RAR5 archives, allowing an attacker to strip the Internet-zone marker (ZoneId=0) and spoof the extracted file's data stream content - directly defeating SmartScreen and Windows attachment warnings. The bypass exploits a gap between 7-Zip's exact-string guard ('Zone.Identifier') and the NTFS-canonical equivalent (':Zone.Identifier:$DATA') that a RAR5 STM record can supply; a second STM record ('::$DATA') additionally overwrites the default file data stream for content spoofing. A publicly available proof-of-concept exists; no vendor-released patched version has been confirmed at the time of analysis.
Free of an uninitialized, attacker-influenceable pointer in libssh2 through 1.11.1 allows a malicious SSH server to corrupt memory in any connecting client that uses the publickey subsystem. The publickey list is grown via SSH2_REALLOC without zero-initializing new entries, so a server-induced parse failure that reaches the cleanup path causes libssh2_publickey_list_free to operate on an uninitialized attrs pointer. Publicly available exploit code exists (reported by VulnCheck); no public evidence of active exploitation, and it is not listed in CISA KEV.
Authenticated arbitrary file deletion in the Frontend File Manager Plugin (nmedia-user-file-uploader) for WordPress versions through 23.6 lets Subscriber-level users delete any file on the server, including wp-config.php, which can cascade into full site takeover. The flaw stems from a case-sensitivity gap in input sanitization within the wpfm_file_meta_update AJAX handler that allows attacker-controlled paths to reach unlink() unchecked. Reported by Wordfence with a CVSS of 8.1; no public exploit identified at time of analysis and the issue is not on CISA KEV.
Local privilege escalation in the FreeBSD kernel sound subsystem lets an unprivileged user map kernel memory outside the audio buffer via an integer-overflow flaw in dsp_mmap_single(). Because /dev/dsp device nodes are world-accessible by default, any local user on a system with an audio device can read and write arbitrary kernel memory, enabling full system compromise or a kernel panic (DoS). No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile), and FreeBSD has released errata patches.
Broken access control (Insecure Direct Object Reference) in the Paid Member Subscriptions WordPress plugin before 4.16.17 lets any authenticated low-privileged user (Subscriber or above) cancel arbitrary other users' active subscriptions by manipulating the subscription identifier in a subscription-action request. The plugin fails to verify that the requesting account owns the targeted subscription. No public exploit identified at time of analysis, EPSS is low at 0.14% (3rd percentile), and the issue is not in CISA KEV, but the attack is trivial to perform once any account exists on the site.
Sensitive application data exposure in HCL Traveler for Microsoft Outlook (HTMO) allows a local low-privileged attacker to read sensitive information - likely credentials, tokens, or session data written to application log files (CWE-532) - potentially enabling follow-on attacks against connected systems. The CVSS vector confirms local access with low privileges is sufficient to achieve high confidentiality impact, with no integrity or availability consequences. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
CSV formula injection in Statamic CMS allows an unauthenticated front-end visitor to plant spreadsheet formula payloads via public form submissions that execute when a Control Panel editor exports and opens those submissions in a spreadsheet application. Affected versions span the entire v5 branch below 5.73.24 and v6 branch from 6.0.0 below 6.20.1; vendor-released patches exist for both. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, though the attack structure is well-understood and requires no specialized tooling given the unauthenticated submission vector.
Registry credential leakage in regclient (Go OCI library) versions up to and including 0.11.4 exposes authentication secrets to attacker-controlled external servers via crafted OCI image manifests. When regclient fetches a blob layer and the primary registry request fails, it falls back to external URLs defined in the manifest's layer descriptor `urls` field; if the external server issues an HTTP authentication challenge, regclient forwards the original registry credentials to that host. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack mechanism is fully documented in the vendor advisory and the exploit path is straightforward for any attacker with registry control.
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Notepad++ versions prior to 8.9.6.1 can be crashed by any local process sharing the same interactive Windows session via a malformed WM_COPYDATA message. The COPYDATA_FULL_CMDLINE handler in NppBigSwitch.cpp dereferences COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* without validating against the COPYDATASTRUCT.cbData length field, enabling an out-of-bounds read that results in process termination. No active exploitation has been confirmed (no CISA KEV listing, no public POC), and the fix is available in the vendor-released patch 8.9.6.1.
Local code execution in Notepad++ before 8.9.6.4 stems from a time-of-check/time-of-use race in NppCommands.cpp: the integrity HMAC of shortcuts.xml is verified against the on-disk file when a command fires, but the command payload is read from the _userCommands vector loaded at startup and never re-synced with disk. An attacker with write access to shortcuts.xml can plant a malicious version before launch and restore the legitimate file afterward, so the runtime HMAC check passes on the clean file while the malicious in-memory command executes. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; it is fixed in 8.9.6.4.
Information disclosure in RustFS, a Rust-based distributed object storage system, lets any authenticated user with no effective bucket or admin permissions read remote replication target configuration via the bucket replication admin API. Because the returned BucketTarget objects embed remote credentials, an attacker can harvest replication access keys and secret keys for downstream systems. The flaw affects 1.0.0-alpha.1 through versions prior to 1.0.0-beta.9 and is fixed in 1.0.0-beta.9; no public exploit identified at time of analysis.
Deadlock in the Linux kernel's DSA (Distributed Switch Architecture) subsystem allows a local low-privileged user to hang the kernel network stack by running ethtool against a DSA-configured conduit interface. The DSA subsystem replaces the conduit device's ethtool_ops with aggregating wrappers, but these wrappers redundantly invoke netdev_lock_ops() on a lock already held by the kernel ethtool infrastructure, creating a classic double-lock deadlock. No public exploit exists and EPSS sits at 0.15% (5th percentile), though the issue is trivially reproducible with standard system tooling on affected configurations.
Resource access-after-free in the Linux kernel's vfio/pci subsystem allows a local user with device access to read or corrupt PCI device resources during a race window on device shutdown, because vfio_pci_core_close_device() disabled the function before tearing down DMABUF exports. During the window the function's Memory Space Enable bit is cleared and its BARs (and their backing resources) are freed and reassignable to another driver, while stale DMABUF mappings still reference them. EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis; the upstream fix reorders cleanup to revoke DMABUF access first.
Unbounded NAPI busy-poll loop in the Linux kernel's io_uring subsystem allows a low-privileged local process to spin the kernel indefinitely when no I/O events arrive, triggering soft lockup watchdog complaints and degrading system availability. Affected kernels are those at or after commit 8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5 (introducing NAPI support in io_uring, Linux 6.9) through the patched stable releases 6.18.33, 7.0.10, and 7.1. No public exploit exists and this is not listed in CISA KEV; EPSS sits at 0.15% (5th percentile), reflecting very low exploitation interest.
Denial of service in the Linux kernel's padata parallel data processing subsystem results from a misplaced CPU hotplug callback that returns an error in a section where error returns are not permitted. Specifically, padata_cpu_dead() is registered below CPUHP_TEARDOWN_CPU, a hotplug state phase where callbacks are not allowed to fail; when the callback returns non-zero, the kernel emits a 'DEAD callback error' warning that can destabilize the system. A local attacker with low-privilege access on a multi-CPU system using padata (e.g., for parallel IPsec or crypto processing) can trigger this condition during CPU offline transitions, resulting in high availability impact. No public exploit is identified and EPSS is 0.16%, indicating low exploitation probability; patches are available across multiple stable kernel branches.
Uninitialized memory read in the Linux kernel FUSE filesystem driver causes local denial-of-service conditions. Specifically, `fuse_dentry_revalidate()` in `fs/fuse/dir.c` reads the `->d_time` field of a dentry that was allocated by `__d_alloc()` without initialization, detectable by KMSAN as a use-before-initialize defect. A local authenticated user with access to a FUSE-mounted filesystem can trigger a kernel crash by opening a file through the affected `lookup_open` → `d_revalidate` code path. No public exploit exists and EPSS is 0.15%, indicating minimal real-world exploitation pressure at this time.
Kernel page fault in the Linux kernel's Tegra234 Control Backbone (CBB) driver crashes affected NVIDIA Tegra234-based systems when a cross-fabric error interrupt triggers incorrect register address resolution. The `tegra234_cbb_get_tmo_slv()` function uses the receiving fabric's base address (`cbb->regs`) with register offsets derived from a different fabric's target map, producing an invalid virtual address dereference (`ffff80000954cc00`) and a kernel panic. Exploitation requires local low-privilege access to Tegra234 hardware; no public exploit or POC exists, EPSS sits at the 5th percentile (0.15%), and the vulnerability is not in CISA KEV.
Out-of-bounds read in the Linux kernel's OCFS2 cluster filesystem DLM (Distributed Lock Manager) stems from an off-by-one error in dlm_match_regions(), where the local-vs-remote region comparison loop uses '<=' instead of '<' and reads one entry past the valid range of the qr_regions array. It affects systems running the OCFS2 shared-disk cluster filesystem and is reachable when nodes negotiate heartbeat/region membership; the upstream tag classifies it as Information Disclosure rather than code execution. There is no public exploit identified at time of analysis, EPSS is low (0.17%, 6th percentile), and it is not in CISA KEV - despite an inflated NVD CVSS of 9.8.
Use-after-free and memory leak in the Linux kernel max77705 power supply driver expose systems with Maxim MAX77705 PMIC hardware to local denial-of-service. Two concurrent bugs exist: the workqueue is never destroyed on driver removal (memory leak), and a race condition allows an interrupt handler to schedule work on an already-freed workqueue if the interrupt fires after workqueue destruction but before the devm interface releases the interrupt registration. On vulnerable kernel versions prior to the stable-tree patches (7.0.10 and 7.1 series), a local user on hardware with a MAX77705 PMIC can trigger kernel memory corruption. No public exploit code has been identified at time of analysis, and EPSS sits at 0.14% (4th percentile), reflecting negligible opportunistic exploitation interest.
Off-by-one array overflow in the Linux kernel's hvc_iucv driver (IBM z/VM IUCV HVC terminal subsystem) can trigger an out-of-bounds write to hvc_iucv_table[8] when hvc_iucv_devices is set to the maximum value of 8, crashing the kernel. Exploitation requires local access with low privileges on IBM System z systems running z/VM with hvc_iucv configured. No public exploit identified at time of analysis; EPSS is 0.18% (7th percentile), consistent with a niche mainframe-only driver affecting a very limited deployment population.
Out-of-bounds read (CWE-125) in the Linux kernel F2FS filesystem lets a local user trigger inconsistent access to the mount extension list by racing a sysfs read against a concurrent update. The f2fs_sbi_show() handler reads extension_list, extension_count and hot_ext_count without holding sbi->sb_lock, so a simultaneous f2fs_update_extension_list() store can yield a mismatched count/array pair and drive an out-of-bounds read that leaks stale kernel data or crashes the system. No public exploit identified at time of analysis; EPSS is low (0.17%, 7th percentile) and the issue is not in CISA KEV.
Use-after-free in the Linux kernel's mailbox-test debug driver (mailbox-test.c) allows a local privileged attacker to corrupt kernel memory when the driver's probe routine fails, because previously acquired mailbox channels are not released while the devm-allocated client structure is freed anyway. The flaw carries a CVSS of 7.8 with high confidentiality, integrity, and availability impact, but exploitation is local and requires the mailbox-test module to load and hit a probe error path. No public exploit is identified at time of analysis and EPSS estimates exploitation probability at only 0.18%.
Kernel denial-of-service in the Linux mailbox subsystem triggers an OOPS when a mailbox controller is instantiated without an associated channel array and the code dereferences the missing pointer without a NULL guard. Local low-privileged users on affected systems - particularly embedded or SoC-based Linux deployments that rely on mailbox-based inter-processor communication - can cause a system crash. EPSS is 0.18% (7th percentile), no active exploitation is confirmed, and patches have been backported across all active stable branches from 5.10.x through 7.1.
Local privilege escalation potential in the Linux kernel's mailbox-test driver arises from a double-free when the RX channel is aliased to the TX channel (a valid configuration when they use different MMIO regions); the cleanup path frees the reused channel twice. Affecting the mailbox subsystem's test/debug driver across a wide range of stable branches (5.10 through 7.x), the flaw carries a 7.8 CVSS with an AV:L/PR:L vector and has an upstream fix, but EPSS is only 0.18% and there is no public exploit identified at time of analysis.
Improper locking in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to trigger a kernel deadlock or system crash via the AMDGPU_INFO_READ_MMR_REG ioctl. Three distinct concurrency defects exist: inverted lock ordering between the reset semaphore and mm_lock (permitting copy_to_user() under lock), memory allocation while holding the reset semaphore, and use of down_read_trylock() where a blocking wait is required. No public exploit code has been identified and EPSS is 0.17%, placing this firmly in opportunistic-rather-than-targeted risk territory.
Use-after-free in the Linux kernel's Intel Xe GPU driver (drm/xe EU stall sampling) lets a local low-privileged user with access to the render/DRM device trigger memory corruption during stream close. In xe_eu_stall_stream_close() the driver calls drm_dev_put() before disabling the stream and freeing its resources, so if that call drops the last reference the device structures may be freed while subsequent cleanup still dereferences them. The defect is patched upstream, no public exploit is identified at time of analysis, and EPSS rates exploitation probability very low (0.17%, 6th percentile).
Memory corruption (double free and use-after-free, CWE-415) in the Linux kernel's Intel idpf network driver allows a local low-privileged actor to corrupt kernel heap memory when the auxiliary device probe error path executes. The idpf_plug_vport_aux_dev() and idpf_plug_core_aux_dev() routines free the iadev structure via a release callback during auxiliary_device_uninit(), then fall through and read adev->id from the freed object for ida_free() and kfree() it again. It is not in CISA KEV and no public exploit has been identified; EPSS exploitation probability is low at 0.17% (7th percentile).
Indefinite kernel hang in the Linux kernel's drm/gma500 Oaktrail LVDS display initialization code can be triggered locally on systems with Intel GMA 500/Oaktrail graphics hardware, causing a denial of service requiring a hard reboot. The defect lies in error handling that incorrectly attempts to deregister an I2C adapter obtained via i2c_get_adapter() - which only increments a reference count - rather than restricting cleanup to adapters the driver itself allocated. No public exploit code exists and EPSS is 0.17% (7th percentile), consistent with a niche, largely retired hardware platform.
The meeting agenda items REST API in OpenProject before 17.4.0 leaks private work package data to authenticated users who lack project-level access. When a meeting agenda item is linked to a work package belonging to a private or inaccessible project, the GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id endpoint returns that work package's confidential data in its response, silently bypassing project-level authorization checks. No public exploit is identified at time of analysis and this vulnerability is not listed in CISA KEV; a vendor-released patch is available in version 17.4.0.
Unauthorized information disclosure in OpenProject before 17.4.0 allows any authenticated user to retrieve the subjects (titles) of work packages they have been explicitly denied access to, bypassing project-level visibility controls. The flaw exists in the GET /api/v3/relations REST API endpoint, where supplying arbitrary work package IDs to the involved, fromId, or toId filter parameters circumvents the Relation.visible scope due to a defective performance optimization in RelationQuery. No public exploit has been identified and the vulnerability is not listed in CISA KEV; however, the attack is trivially executable by any platform user with valid credentials, making it a meaningful risk in deployments handling sensitive or confidential project data.
Signature type-binding bypass in @sigstore/core (npm) allows an attacker who controls the `payloadType` field of a DSSE envelope to substitute every ASCII character with a Unicode variant whose low byte matches, producing PAE bytes identical to a legitimate signature and causing verification to pass for a mismatched content type. All versions up to and including 3.2.0 are affected; a working proof-of-concept is included in the GitHub security advisory GHSA-jfc7-64v2-mr8c. The vulnerability is not confirmed in the CISA KEV catalog, but exploit code is publicly available, making exploitation straightforward for any attacker positioned to craft or relay DSSE envelopes.
Information disclosure in OpenProject before 17.3.3 and 17.4.1 lets remote attackers read hidden historical field values through the journal diff endpoint, which fails to enforce object- and field-level visibility checks. The flaw (CWE-200) carries a CVSS 7.5 driven entirely by high confidentiality impact, exposing prior values of work-package fields that should be restricted. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Cleartext credential disclosure in OpenProject's Storages module (versions prior to 17.3.3 and 17.4.1) writes the userless OneDrive/SharePoint OAuth access_token in plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, refreshed by an hourly cron and every userless-OAuth call. Because none of the supported cache backends (file_store, memcache, redis) encrypts at rest, an attacker who can read the cache backend retrieves the Azure-AD application-tier bearer token via an anonymous memcached/Redis get. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Host-side arbitrary file write in Incus (the LXD-fork container and VM manager) before 7.2.0 lets an attacker who can supply a crafted image and call the instance exec endpoint write attacker-controlled content to any path on the host, leading to root-level command execution. A top-level `exec-output` symlink packed into an image survives image unpacking, and when `record-output:true` is passed to `/instances/$name/exec` the daemon follows that symlink to write `exec_UUID.stdout`/`.stderr` outside the instance - for example into `/etc/cron.d`. A working proof-of-concept exists in the GHSA advisory, but there is no public exploit identified as used in active attacks.
Privilege/context escalation in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 lets an authenticated user with write access to a shared workspace plant a custom PowerShell VPN editor entry whose display name collides with an existing VPN script link, causing the attacker's PowerShell to run in another user's context when that link is resolved. The flaw stems from incorrect link resolution by display name (CWE-706) rather than a stable identifier, yielding total compromise of the victim's session (C:H/I:H/A:H). There is no public exploit identified at time of analysis and it is not in CISA KEV; a vendor patch is available.
Cross-origin information disclosure in the Nx monorepo graph server (versions 17.0.4 through 22.7.1) exposes the full project dependency graph and workspace metadata to any website a developer visits while `nx graph` is running locally. The server unconditionally broadcasts `Access-Control-Allow-Origin: *`, bypassing the browser Same-Origin Policy and allowing attacker-controlled JavaScript to silently read internal project structure. In rare cases, the `/help` endpoint - which executes a workspace-configured target command - creates a path to arbitrary command injection on the developer's machine. No public exploit or CISA KEV listing identified at time of analysis.
PROXY Protocol v2 TLV overflow in Envoy Proxy versions 1.34.0 through the pre-fix series allows an operator-level attacker on an adjacent network to smuggle extraneous bytes into upstream requests. Envoy's header generator writes TLV content exceeding the protocol-mandated 65535-byte maximum without adjusting the length field, creating a header where declared length and actual byte count diverge - a textbook CWE-130 length-parameter inconsistency. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; risk is constrained by the high-privilege and adjacent-network prerequisites reflected in the CVSS 4.8 medium score.
Authentication bypass and account takeover in OpenAM Community Edition (OpenIdentity Platform) through 16.0.6 allows unauthenticated attackers to log in as any user who has authenticated via the OAuth2 module. The OAuth2 module silently rewrites a local user's password to the literal value of their own username, after which the default ldapService chain accepts the username as both identifier and password at the standard authenticate endpoint - no IdP interaction needed. No public exploit identified at time of analysis, but the attack requires only knowledge of a target username once the password-rewrite has fired.
Remote denial of service in Envoy proxy allows attackers to crash the process by resolving a DNS name exactly 255 octets long through a configured UDP DNS filter. An off-by-one runtime precondition assumes query names are strictly less than 255 octets, contradicting RFC 1035 which permits names of up to 255 octets, so a maximally-long name that resolves successfully triggers abnormal process termination. There is no public exploit identified at time of analysis, EPSS is low (0.37%), and CISA SSVC rates exploitation as none with only partial technical impact.
Certificate SAN validation in Envoy Proxy is bypassed when an attacker-controlled upstream serves a TLS certificate containing an embedded NUL byte in the dNSName Subject Alternative Name field. Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 are affected, allowing an attacker who controls or can impersonate an upstream TLS endpoint to pass Envoy's configured SAN match check with a fraudulent certificate and intercept proxied traffic. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
The OAuth2 HTTP filter in Envoy Proxy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 implements AES-256-CBC encryption for the PKCE CodeVerifier cookie without any authentication tag, creating a classic padding oracle through differential HTTP responses on the /callback endpoint. An attacker who obtains the victim's encrypted CodeVerifier cookie and a stolen authorization code can recover the plaintext PKCE code_verifier in approximately 6,200 crafted requests (~100 seconds), then complete the OAuth token exchange to hijack the victim's access token. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-confirmed patches are available in all four current release branches.
Remote denial of service in DragonflyDB before 1.39.0 lets an unauthenticated attacker crash the entire server with a single ~24-byte RESTORE command carrying a malformed listpack payload, triggering an out-of-bounds read (SIGSEGV). Because Dragonfly ships with no authentication enabled by default and RESTORE is an ordinary keyspace command, any client that can reach the port can repeatedly kill the process. No CISA KEV listing exists, but the fixing pull request publishes the exact crash payloads as regression tests, so working trigger data is effectively public.
Sensitive information disclosure in Fluentd's Monitor Agent plugin (in_monitor_agent) at versions <= 1.19.2 allows anyone with HTTP access to the metrics API (default TCP port 24220) to read internal instance variables of loaded plugins via /api/plugins.json and related endpoints. Because plugins frequently hold database passwords, API keys, and cloud credentials in instance variables, those secrets can be returned in plain text to unauthenticated callers. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor fixed it in v1.19.3 by changing the default visibility of config, retry, and debug information.
Information disclosure in Podman (1.8.1 through 5.8.3) lets a malicious OCI container image leak host environment variables into the container by embedding an image env entry with a key but no value; an asterisk (*) entry causes Podman to forward ALL host session variables. Because the launching session frequently holds secrets (registry credentials, API tokens, proxy auth), a crafted image run by a victim can harvest them. No public exploit is identified beyond the proof-of-concept test shipped with the fix, and it is not listed in CISA KEV.
Arbitrary file write in Dokku before 0.38.2 lets an attacker with deploy-level access escalate to full shell access on the host. The git:from-archive and certs:add commands extract attacker-supplied tar/zip archives without sanitizing member paths, and because GNU tar creates and then follows symlinks during extraction, a crafted archive can plant files anywhere the dokku user can write - most damagingly ~/.ssh/authorized_keys. There is no public exploit identified at time of analysis and CISA SSVC records exploitation as none, but the technical impact is rated total.
OS command execution on the Dokku host is possible through the openresty-vhosts plugin in versions prior to 0.38.2, where custom OpenResty include filenames from an app's git repository are interpolated unescaped into a single-quoted shell string that is later run through eval. An attacker who can deploy a Dokku app with the openresty proxy enabled can plant a file whose name contains a single quote to break the quoting and inject a command substitution, executing arbitrary commands as the dokku user on the next deploy. There is no public exploit identified at time of analysis and it is not in CISA KEV, though the upstream advisory and a security regression test document the mechanism precisely.
Insufficiently protected credential storage in Dokku prior to 0.38.2 exposes git authentication secrets stored in $DOKKU_ROOT/.netrc to any local user who can traverse the Dokku home directory. The git:auth command pre-creates the .netrc file using bash's touch, which applies the process umask (0644) before the netrc binary runs - defeating the netrc binary's own 0600 enforcement because the file already exists at write time. No public exploit code exists and the vulnerability is not in CISA KEV, but the confidentiality impact is rated High given that plaintext git credentials (hostnames, usernames, passwords) are directly readable without any special tooling.