Information Disclosure
Monthly
Unauthenticated information disclosure in HKUDS AI-Trader exposes the Research Export endpoint (`/api/research/agents.csv`) to any remote attacker without credentials, leaking proprietary research output in CSV format. The vendor explicitly confirmed the pre-patch state lacked access control: 'Research export endpoints now require an authenticated agent with the research_exports capability.' A public proof-of-concept exploit exists (CVSS 4.0: 6.9, E:P), and the upstream fix is available via commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65; no active exploitation is confirmed in CISA KEV at this time.
Permission misconfiguration in IObit Malware Fighter's DLL Handler component (versions up to 13.2.0) allows a local low-privileged attacker to exploit insecure resource permissions, resulting in low-severity confidentiality, integrity, and availability impacts. The vulnerability stems from CWE-275 (Improper Permission Assignment for a Resource), and a public proof-of-concept exploit is available via GitHub and a researcher blog post. The vendor was notified prior to disclosure but did not respond, meaning no official patch or mitigation guidance has been issued.
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
Server impersonation in OCaml-TLS before 2.1.0 allows a malicious TLS server to present a certificate not intended for server authentication and still be accepted by client code, enabling man-in-the-middle and impersonation attacks against any application linking the library as a TLS client. The client fails to validate KeyUsage and ExtendedKeyUsage extensions properly, breaking a core PKIX trust assumption. No public exploit identified at time of analysis and EPSS sits at 0.15% (4th percentile), but the CVSS 9.1 reflects the broad confidentiality and integrity impact on encrypted sessions.
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
Arbitrary file write in remotion-dev Remotion v4.0.409 allows remote attackers to write attacker-controlled content to arbitrary filesystem locations without authentication, per the CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) and CWE-123 (Write-what-where) classification. Remotion is a React-based programmatic video rendering framework, and the flaw can lead to integrity and availability compromise of the host running the rendering engine. No public exploit identified at time of analysis, and the EPSS score of 0.15% (4th percentile) indicates low predicted exploitation likelihood despite the high CVSS score.
Authentication bypass in OCaml-TLS server implementations before version 2.1.0 allows remote attackers to impersonate legitimate clients during mutual TLS authentication by presenting certificates whose KeyUsage and ExtendedKeyUsage extensions do not authorize client authentication. The server fails to enforce these X.509 certificate purpose constraints, so any valid certificate chain trusted by the server may be accepted regardless of intended use. EPSS probability is low (0.12%, 2nd percentile) and no public exploit identified at time of analysis, but the CVSS 9.1 reflects the high impact on confidentiality and integrity of mTLS-protected services.
Improper authorization in the custom URL scheme handler of Genspark AI Workspace App 2.8.4 on Android allows a local low-privileged attacker to invoke restricted application functionality via the ai.mainfunc.genspark component without proper access control. The flaw is classified under CWE-939, affecting inter-app communication on Android where the URL scheme handler fails to verify the caller's authorization. No patch is available as the vendor did not respond to responsible disclosure; no public exploit or CISA KEV confirmation exists at time of analysis.
Improper authorization in Moovit Bus & Public Transit App 1.18 on Android exposes the com.tranzmate custom URL scheme handler to invocation by any locally installed application without proper authorization checks, enabling information disclosure and limited unauthorized manipulation of app functionality. The vulnerability is classified as CWE-939 and is restricted to local attack vectors, meaning a co-resident malicious application on the same Android device is required to trigger it. A proof-of-concept exploit has been publicly released via GitHub and Google Drive, and the vendor did not respond to responsible disclosure - no patch is confirmed available at time of analysis.
Heap-based out-of-bounds read and integer underflow in LiamBindle MQTT-C (all versions through 1.1.6) allows a remote attacker who controls an MQTT broker - or who can inject packets into an unencrypted MQTT session - to crash any subscribed MQTT-C client and potentially disclose adjacent heap memory by sending a single specially crafted PUBLISH packet. The flaw resides in mqtt_unpack_publish_response() in src/mqtt.c, where the broker-supplied 16-bit topic_name_size field is used to advance a parse pointer without validating it fits within the packet's remaining_length, and the subsequent unsigned subtraction to derive application_message_size wraps to near 2^32 and is passed directly to memmove(). No patched release has been identified at time of analysis; a proof-of-concept is indicated by the CVSS 4.0 E:P supplemental metric, and this vulnerability is not listed in the CISA KEV catalog.
Timing side-channel in Linux-PAM's pam_userdb module through version 1.7.2 allows plaintext password recovery by any attacker capable of repeatedly submitting authentication attempts to a service backed by the vulnerable configuration. The module's use of length-prefixed strncmp() (or strncasecmp() with PAM_ICASE_ARG) on plaintext credentials leaks both password length and individual prefix bytes via measurable response-time differences, enabling iterative character-by-character reconstruction of the stored password. Proof-of-concept exploit methodology exists per CVSS 4.0 supplemental metadata (E:P); while no CISA KEV listing was found, the high confidentiality impact (VC:H) and credential-disclosure nature make this a meaningful risk for any deployment relying on pam_userdb in plaintext mode.
Off-by-one buffer overflow in nanoMODBUS through v1.23.0 lets remote unauthenticated attackers write one attacker-controlled byte past a 260-byte receive buffer in the Modbus/TCP server's recv_msg_header() function. The corruption of the adjacent buffer-index field can cause denial of service on all targets and, on bare-metal/RTOS deployments without memory protection, leak one byte of memory and trigger unintended writes through the Write Multiple Registers (FC16) handler. No public exploit identified at time of analysis, but the bug is trivially reachable by sending a crafted MBAP frame with Length=255.
Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.
Symlink mishandling in LiteSpeed cPanel Plugin before 2.4.8 (and the bundling LiteSpeed WHM PlugIn before 5.3.2.0) lets a low-privileged tenant on a shared CloudLinux/CageFS host escape their per-user filesystem jail by planting symlinks the plugin follows with elevated privileges. The CVE record states the flaw was exploited against shared hosting providers in May 2026, and CVSS 8.5 with Scope:Changed reflects cross-tenant compromise of other customers' files on the same server. No separate KEV listing or public POC is present in the provided intelligence.
Divide-by-zero in GPAC's MP4Box AVI demuxer crashes the process when handling crafted media files with zero-declared frame counts. Specifically, avidmx_process() in filters/dmx_avi.c:639 fails to validate the frame count before using it as a divisor during Dasher bitrate computation, triggering an uncaught floating-point exception (FPE) when DASH segmentation is invoked. A public proof-of-concept file exists; exploitation requires no authentication or special privileges beyond delivering a malformed AVI-like input to an affected MP4Box instance. EPSS data is not yet available, and the vulnerability is not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Host filesystem integrity violations in runc are triggered when the container runtime processes a malicious OCI image where /dev is configured as a symbolic link rather than a directory. An attacker who can deliver such a crafted image - via a public registry, a supply-chain-compromised base image, or a shared CI/CD pipeline - can cause runc to follow the symlink during container device-node initialization, resulting in limited, unintended write operations on the host filesystem outside the container boundary. The vendor-credited reporter (Aleksa Sarai, a known runc maintainer) describes the impact as 'limited host filesystem integrity violations,' falling short of a full container escape. No public exploit has been identified at time of analysis.
Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt memory and likely achieve information disclosure or code execution by manipulating the data argument passed to snprintf within the /web/cgi-bin/greece/rhea HTTP handler. Publicly available exploit code exists per VulDB submission, though this CVE is not on the CISA KEV list. The CVSS 4.0 score of 7.4 reflects high impact on confidentiality, integrity, and availability with low-privilege authentication required.
Missing Origin/Host header validation in Google's MCP Toolbox for Databases (Model Context Protocol server) prior to v0.25.0 allows remote attackers to reach the locally-bound HTTP server via DNS rebinding from a victim's browser, abusing the bridge to issue arbitrary tool/database commands. The fix introduces a new --allowed-hosts startup flag (companion to the existing --allowed-origins) that validates inbound Host headers, though both flags retain an insecure-by-default '*' value with only a startup warning. No public exploit identified at time of analysis; the issue was reported internally by Google.
Local privilege escalation via arbitrary root-owned file overwrite affects libreport's ABRT post-create event handler scripts on Red Hat Enterprise Linux 6, 7, and 8. The event scripts write output using shell redirections that lack the O_NOFOLLOW flag, so a local low-privileged user who plants a symlink in a writable crash-dump path can cause the root shell to follow it and clobber any file on the system, which can be leveraged for full system compromise. SSVC rates technical impact as total, but there is no public exploit identified at time of analysis and EPSS is negligible (0.02%, 5th percentile).
Local privilege escalation in the abrt-dbus D-Bus service on Red Hat Enterprise Linux 6, 7, and 8 allows a low-privileged local user to race the ChownProblemDir method against still-running post-create event handlers. By invoking ChownProblemDir while privileged event scripts hold a write lock on the dump directory, the attacker gains filesystem ownership of files being written by root-context handlers, enabling tampering with privileged output and potential privilege escalation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Directory traversal in Allegra's exportReport method exposes arbitrary server-side files to authenticated remote attackers, operating in the context of the underlying service account. The flaw affects all tracked versions per the CPE wildcard (cpe:2.3:a:allegra:allegra:*), with Alltena's 9.0.0 release notes referencing the fix. No public exploit code or CISA KEV listing has been identified at time of analysis, and no EPSS data was provided, but the CVSS 6.5 rating reflects a meaningful confidentiality risk for any internet-facing Allegra deployment where user accounts may be broadly provisioned.
Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.
Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when the scanner processes a malformed PDF file, leading to a heap out-of-bounds read that can corrupt the antivirus engine process. CVSS 7.8 reflects the high impact on confidentiality, integrity, and availability, but exploitation requires the victim to expose the engine to the attacker's file. No public exploit identified at time of analysis.
Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.
Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.
Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.
Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux) is triggered when the engine parses a malformed Windows PE file and performs a heap out-of-bounds read. Mitigation ships via the VPS 25021310 virus definition update rather than a product installer, so any consumer of the Gen Digital definition stream at or above that build is no longer exposed. No public exploit identified at time of analysis, but the bug sits inside a high-privilege scanner that auto-processes attacker-controlled files.
Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.
Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a malformed Windows PE file. Five Gen Digital products share a common virus definition update stream - Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux - making all simultaneously vulnerable until the shared definition stream reaches build VPS 25022500. No public exploit has been identified at time of analysis; the impact is limited to a Denial-of-Service of the antivirus process with no confidentiality or integrity loss, and the CVSS score of 5.5 reflects the local, user-interaction-dependent nature of the attack.
Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a specially crafted malformed Windows PE file, causing a Denial-of-Service across five Gen Digital products - Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus - on Windows, macOS, and Linux. The vulnerability resides in the virus definition update stream rather than the product binary itself, meaning all five products sharing the same Gen Digital VPS stream are simultaneously exposed until updated to definition build VPS 25031700 or later. No public exploit code has been identified at time of analysis, and CVSS scores this at medium severity (5.5) reflecting local access and required user interaction as meaningful limiting factors.
Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing local code execution or denial-of-service of the antivirus process on Windows, macOS, and Linux engine builds prior to 8.3.70.56. The CVSS 7.8 (High) rating reflects local attack vector with required user interaction (the engine must scan the attacker-supplied file), and no public exploit identified at time of analysis. Because the AV engine typically runs with elevated privileges, successful code execution would inherit those privileges.
Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.
Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to issue crafted GPU system calls that perform read/write operations on arbitrary freed physical memory pages, enabling kernel memory corruption. The flaw stems from missing deferred-free handling, meaning the GPU can still access pages after the kernel module has released them. No public exploit identified at time of analysis and EPSS is very low (0.02%), but CVSS 7.8 reflects high local impact on confidentiality, integrity, and availability.
OpenClaw's retry endpoint authentication check performs hostname prefix matching instead of exact hostname comparison, enabling an authenticated attacker to redirect sensitive authentication material to an attacker-controlled endpoint. All versions before 2026.5.7 are affected per CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*. The CVSS 4.0 vector scores this at 6.0 with high confidentiality impact (VC:H) and a specific attack prerequisite (AT:P); no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Information disclosure in OpenClaw before 2026.5.18 lets authenticated operators abuse shell metacharacter expansion within the system.run safe-bin allowlist to read unintended node-local files on POSIX nodes and exfiltrate sensitive configuration data. The flaw bypasses command-policy enforcement because the allowlist validates a literal command string while the underlying shell re-interprets it at execution time. No public exploit identified at time of analysis.
Information disclosure in OpenClaw before 2026.4.26 leaks the real host workspace path through sandboxed session spawning, exposing filesystem location and potentially related memory context to child AI model prompts. Authenticated users with low-privilege access can trigger this by spawning child sessions from sandboxed parent sessions, undermining the isolation guarantees of the sandbox environment. With a CVSS 4.0 score of 2.3, no public exploit code, and no CISA KEV listing, this is a low-severity but architecturally meaningful sandbox escape of information relevant to AI agent deployments.
Unauthenticated information disclosure in File Browser (filebrowser/filebrowser) versions <= 2.63.5 allows public share recipients to bypass owner-defined deny rules and read or list files explicitly blocked beneath a shared directory. The flaw stems from the public share handler rebasing the filesystem root but evaluating access rules against the rebased relative path rather than the owner's original scope. No public exploit identified at time of analysis, but a detailed PoC accompanies the GHSA advisory and EPSS sits at 0.04% (13th percentile).
Insufficient compartmentalization in the Imagination Technologies Graphics DDK kernel module enables a local, low-privileged attacker to abuse shared secure GPU memory allocations to either covertly pass data between otherwise isolated secure GPU processes or disrupt a peer process, causing image corruption and GPU hardware recovery events. Multiple DDK release trains spanning versions 1.18 RTM through 26.1 RTM are confirmed affected per EUVD-2026-36606. No public exploit exists and SSVC confirms no observed exploitation, but the 'Information Disclosure' tag in the advisory signals a confidentiality dimension that the official CVSS C:N metric does not fully capture.
Improper access control in File Browser (filebrowser/filebrowser, Go) versions <= 2.63.6 lets a user with share/download permissions create a public share for a path that does not yet exist; because the share record stores only a path string and is never bound to a concrete object, the link silently begins exposing whatever file later appears at that path via GET /api/public/dl/<hash>. The flaw mirrors the Android MediaProvider issue CVE-2026-0035 — the create handler omits an existence check before persisting the share. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but a step-by-step PoC is included in the GitHub Security Advisory.
Cross-site scripting in Fabric.js (npm: fabric) versions prior to 7.4.0 is triggered when applications export canvas content via `canvas.toSVG()` and render the result into the DOM using `innerHTML`. The `color` field within `colorStops` of a `fabric.Gradient` object is inserted into SVG `<stop>` elements without escaping `"`, `<`, or `>`, allowing crafted input to break attribute context and inject arbitrary HTML. A working proof-of-concept is publicly confirmed against v7.2.0; no active exploitation appears in CISA KEV, and the EPSS score of 0.04% reflects low observed exploitation breadth consistent with the chained conditions required.
User email enumeration in MISP's AuthKey edit endpoint allows any authenticated user holding AuthKey-edit permission to discover the email addresses of arbitrary platform users by manipulating a single POST parameter. The flaw exists in the validation-error rendering path of AuthKeysController.php, where the user dropdown was populated from attacker-controlled request body data rather than the persisted AuthKey owner, enabling systematic iteration over numeric user IDs. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but the attack is trivially reproducible from the description and patch diff alone.
Sensitive system information exposure in the Hash Elements WordPress plugin (all versions through 1.5.4) enables authenticated low-privilege users to retrieve embedded sensitive data from the plugin's output or internal responses. Classified under CWE-497, the plugin surfaces system-level information - potentially including API keys, server paths, or configuration values - to parties who should not have access to it. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the low authentication barrier (subscriber-level or equivalent WordPress account) broadens the pool of potential abusers on multi-user WordPress installations.
Tag group name disclosure in Discourse exposes restricted organizational metadata to anonymous and unprivileged users via a serializer that omits visibility filtering. Affected release lines are 2026.1.x (before 2026.1.4), 2026.3.x (before 2026.3.1), and 2026.4.x (before 2026.4.1), with the root cause being that DetailedTagSerializer#tag_group_names returned all group memberships without consulting the requesting user's permissions. An unauthenticated attacker can enumerate the names of tag groups restricted to specific user groups or non-visible categories, potentially leaking the internal structure of private forum spaces; no public exploit code has been identified at time of analysis and EPSS is 0.04% (11th percentile), indicating negligible observed exploitation activity.
Unauthorized access to webhook event data in Discourse exposes internal webhook payloads to any authenticated user - or unauthenticated users on instances with login_required disabled - across versions 2026.1.0 through several branch heads. The flaw resides in the MessageBus channel /web_hook_events/<id>, which the Jobs::RedeliverWebHookEvents job publishes to without enforcing group_id restrictions, allowing unrestricted channel subscription. Compounded by trivially enumerable sequential integer webhook IDs, any low-privilege or anonymous actor can iterate over webhook event history without authorization. No public exploit code exists and EPSS is 0.03% (9th percentile), indicating no observed widespread exploitation at time of analysis.
Discourse's AI 'explain' helper exposes raw content of hidden posts to any authenticated user with access to the feature, due to an incomplete authorization check on parent posts. Affected instances span three release tracks - 2026.1.x, 2026.3.x, and 2026.4.x - and any user who can invoke the AI helper and find a visible reply to a hidden post can silently read the hidden post's raw text. No public exploit code has been identified and EPSS places exploitation probability at 0.03% (9th percentile), indicating this is a low-urgency but genuine confidentiality bypass for deployments where hidden post content is sensitive.
Discourse group owners can retrieve plaintext SMTP credentials - including passwords, usernames, server, port, and SSL mode - from the group history log endpoint (/groups/:name/logs.json), affecting versions 2026.1.0-latest through pre-2026.1.4, 2026.3.0-latest through pre-2026.3.1, and 2026.4.0-latest through pre-2026.4.1. An authenticated group owner who holds no admin or moderator privileges can harvest the exposed SMTP password and use it to send mail impersonating the group's email identity from any external mail client, entirely bypassing Discourse's own sending controls. No public exploit code exists and this vulnerability is not listed in CISA KEV; the EPSS score of 0.03% at the 11th percentile reflects the narrow, configuration-dependent attack surface.
Discourse's GroupPostSerializer leaks user real names to authenticated users even when site administrators have explicitly disabled name display via the enable_names site setting. Affected versions span the 2026.1.x, 2026.3.x, and 2026.4.x release lines. An authenticated user querying group post endpoints receives real name data that the platform operator intended to suppress, undermining privacy configurations on Discourse instances that host pseudonymous or anonymous communities. No public exploit code exists and no active exploitation has been identified; the EPSS score of 0.03% (9th percentile) reflects low exploitation probability.
Discourse's ReviewableQueuedPostSerializer unconditionally exposes full inbound email source - including SMTP headers, sender trace, mail user agent, and body - to category moderation group members accessing the review queue, bypassing the view_raw_email_allowed_groups trust boundary that restricts the dedicated raw-email endpoint. Affected versions span the 2026.1.x, 2026.3.x, and 2026.4.x series on deployments using Discourse's incoming email feature. No public exploit has been identified and EPSS stands at 0.03% (9th percentile), indicating low automated exploitation probability, though the exposed data - including sender IP addresses and routing headers - presents meaningful privacy and de-anonymization risk to users who submitted posts via email.
Discourse platform versions across three active release tracks expose whisper translation audit logs through bot debug endpoints to any authenticated low-privilege user. The vulnerability (CWE-200) exists across release lines 2026.1.x, 2026.3.x, and 2026.4.x, and has been patched by the vendor across all affected tracks. No public exploit exists and EPSS sits at the 9th percentile (0.03%), indicating this is a low-probability exploitation target; however, the exposure of internal moderation audit logs may pose compliance and confidentiality risks on community platforms handling sensitive staff communications.
Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat message payloads from public category channels without proper permission scoping, even when chat is not enabled for that user. The flaw affects versions 2026.1.0 through 2026.1.3, 2026.3.0 through 2026.3.0, and 2026.4.0 through 2026.4.0, and is fixed in 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. No public exploit identified at time of analysis, but the unauthenticated network attack vector makes this a meaningful confidentiality concern for forums leveraging chat.
Parse Server 9.8.0-9.9.0 exposes raw MFA TOTP secrets and recovery codes through the /verifyPassword and /login endpoints when the _User class-level permission (CLP) is configured to deny get operations. An attacker with knowledge of a victim's username and password can call /verifyPassword without a session token or MFA token and receive the victim's plaintext TOTP secret and recovery codes in the response, completely defeating the second authentication factor. No public exploit has been identified at time of analysis; a patch exists in version 9.9.1-alpha.5, and the EPSS score of 0.04% (13th percentile) reflects limited opportunistic exploitation so far.
WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. Reported via CISA ICS-CERT advisory ICSA-26-162-02; no public exploit code identified, though the attack requires only commodity serial hardware and minimal technical knowledge.
Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform, V720, and IX Cam - allows unauthenticated remote attackers to build a complete inventory of active devices deployed in the field. The identifier scheme combines fixed manufacturing prefixes with sequential counters (CWE-340), and the platform compounds this by exposing an endpoint that reveals the current identifier high-water mark, effectively handing attackers a starting point for a full sweep. Reported by ICS-CERT under ICSA-26-162-02, this is a platform-wide architectural flaw; no public exploit or KEV listing is confirmed at time of analysis, but the low complexity and zero-authentication barrier make opportunistic enumeration trivially achievable.
Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.
Unauthenticated denial-of-service in Typesense search engine versions prior to 29.1 and 30.2 allows remote attackers to terminate the server process by sending a crafted request to the /multi_search endpoint. The flaw triggers an unhandled exception during request processing, causing complete service unavailability for the duration of restart and dataset reload. No public exploit identified at time of analysis, and the low EPSS score (0.10%) suggests limited current exploitation interest despite the high CVSS 4.0 score of 8.7.
Cache isolation failure in Typesense's search engine exposes restricted search results across Scoped Search API Key authorization boundaries. When server-side caching and Scoped API Keys are both active, a specific sequence of requests can cause the cache to serve results to a scoped requester that were originally populated by a less-restricted context, effectively bypassing the embedded filter constraints of that key. Versions prior to 29.1 and 30.2 are affected; vendor-released patches exist in both release lines, with no public exploit identified and an EPSS of 0.05% (15th percentile) confirming low current exploitation probability.
Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser allows unauthenticated remote attackers to read up to approximately 4 GiB of heap memory or crash the application by delivering a crafted archive to a Windows user who opens it. Affected versions span 3.0.1000.0 through all releases before 6.0.1698.0, with the vulnerability rooted in an inherited integer overflow flaw in 7-Zip's upstream AvbHandler. No public exploit code or active exploitation has been identified; an EPSS score of 0.05% (15th percentile) confirms negligible current threat activity, and this CVE does not appear in the CISA KEV catalog.
Heap out-of-bounds read in NanaZip's inherited 7-Zip LvmHandler component allows an unauthenticated remote attacker to crash the application or potentially expose heap memory by tricking a user into opening a maliciously crafted LVM2 disk image. All NanaZip installations from version 3.0.1000.0 up to (but not including) 6.0.1698.0 on Windows are vulnerable. No public exploit code or active exploitation has been identified; an EPSS score of 0.04% at the 11th percentile reflects very low real-world exploitation probability.
Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may leak heap memory contents when a victim opens a crafted .avb or .img file. Affected versions span 3.0.1000.0 through any release before 6.0.1698.0, covering a wide install base of Windows users. No public exploit code exists and EPSS sits at 0.05% (15th percentile), indicating low current exploitation interest, though the deterministic crash behavior lowers the bar for denial-of-service abuse.
Private message interception in Mattermost affects versions 11.6.x through 11.6.1, 11.5.x through 11.5.4, and 10.11.x through 10.11.16, allowing a low-privileged attacker to receive plugin-generated direct messages intended for bot accounts. The flaw stems from the bot registration flow failing to verify that a claimed username actually belongs to a bot account, enabling an attacker who pre-registers a human account using a predictable plugin bot username to silently hijack those message channels. No public exploit code exists at time of analysis, and exploitation requires both an existing user account and advance knowledge of the target bot's username.
Remote cluster authentication token disclosure in Mattermost's Secure Connections feature allows authenticated users holding the manage_secure_connections permission to retrieve plaintext inter-cluster credentials via a crafted PATCH request. Affected deployments span versions 10.11.x through 10.11.15, 11.5.x through 11.5.4, and 11.6.x through 11.6.1, with a CVSS-rated High confidentiality impact (6.5). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but successful exploitation could undermine the trust model of federated multi-cluster deployments.
Mattermost's WebSocket layer improperly broadcasts `role_updated` events to all authenticated connections regardless of team or channel membership, enabling guest-level authenticated users to observe permission scheme change notifications for private teams they do not belong to. Affected versions span the 10.11.x, 11.5.x, and 11.6.x release lines. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, but the low attack complexity and broad version impact make patching a straightforward priority for any Mattermost deployment with guest accounts enabled.
Hard-coded cryptographic keys in the Aqara Home Android app (com.lumiunited.aqarahome) 6.0.0 and white-label clients embedding the same liblumidevsdk.so let attackers who extract the static keys from the shipped binary decrypt protected data and forge or tamper with device/cloud communications. Because every install ships the identical embedded keys, a single extraction compromises confidentiality and integrity across the entire installed base. Reported by runZero (CVE-2026-50091 / EUVD-2026-36481); publicly available exploit code exists (GitHub PoC 'theres-no-place-like-home'), but it is not on CISA KEV and EPSS is very low at 0.03%.
Cross-origin information disclosure in the Aqara Developer Portal (developer.aqara.com) and its shared test environments (developer-test.aqara.com, aiot-test.aqara.com) allows a malicious website to read authenticated responses from any victim developer who visits it, exposing portal data tied to IoT/smart-home developer accounts. The flaw is a permissive CORS policy (CWE-942) that trusts untrusted origins; runZero disclosed it and no public exploit identified at time of analysis, though the technique is well-known and trivially scriptable.
Cross-origin information disclosure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) allows attacker-controlled web origins to read authenticated user data by exploiting a permissive CORS policy that trusts arbitrary domains. The flaw, scored CVSS 8.2 with scope change due to credential exposure crossing the browser/identity-provider trust boundary, affects all users of Aqara's centralized smart-home identity service and can be triggered when a logged-in victim visits an attacker-hosted page. A public GitHub repository (xn0tsa/theres-no-place-like-home) is linked from the advisory, so publicly available exploit code exists, though no CISA KEV listing or EPSS signal is provided.
Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the pseudorandom function and only 1,000 iterations - leaving derived keys and stored passwords highly vulnerable to offline brute-force attacks. Applications that do not explicitly override these defaults expose any compromised credential store to cracking at rates orders of magnitude faster than OWASP-recommended configurations (220,000-1,400,000 iterations depending on algorithm). No public exploit is identified at time of analysis and the CVE is not listed in CISA KEV, but the structural nature of CWE-916 means all previously generated hashes using the weak defaults remain exploitable even after upgrading the library unless proactively rehashed.
HTTP request smuggling in Netty's HttpObjectDecoder (netty-codec-http) allows unauthenticated remote attackers to manipulate request-boundary parsing in pipelined or multiplexed deployments by injecting non-CRLF ISO control characters (NUL, SOH, STX, etc.) before the HTTP request-line. Affected are all Netty releases prior to 4.1.135.Final and 4.2.15.Final; both branches have vendor-confirmed patches. No public exploit code has been identified and EPSS is 0.04% (12th percentile), indicating low current exploitation likelihood, though the attack surface expands significantly in architectures fronted by proxies or load balancers that strip or interpret those control bytes differently than Netty does.
Memory exhaustion in opentelemetry-cpp OTLP HTTP exporters (traces, metrics, logs) prior to 1.27.0 allows an attacker who controls the configured collector endpoint - or occupies a MITM position on the network path - to crash the instrumented process by returning an arbitrarily large HTTP response body. The curl-based HTTP client read response data into an unbounded in-memory buffer via io-equivalent copy with no size limit, making peak heap allocation entirely attacker-controlled. No public exploit has been identified at time of analysis, and EPSS at 0.02% (6th percentile) indicates low opportunistic exploitation probability, though the targeted threat model (supply-chain-adjacent collector compromise) is realistic in telemetry-heavy environments.
TLS hostname verification is silently disabled in Netty's netty-handler module for any client built with SslContextBuilder.forClient().trustManager(somePlainX509TrustManager), allowing network attackers in a man-in-the-middle position to present a valid certificate for any host and intercept supposedly encrypted traffic. Affects all Netty versions prior to 4.1.135.Final and 4.2.15.Final; no public exploit identified at time of analysis and EPSS is very low (0.04%), but the defect bypasses a core TLS protection that Netty 4.2 explicitly advertises as enabled by default.
Stateless reset token leakage in Netty's QUIC codec (io.netty:netty-codec-classes-quic prior to 4.2.15.Final) enables an on-path attacker to derive the reset token for active connections and terminate them via spoofed Stateless Reset packets. The default HMAC-based generators expose a deterministic relationship between the source connection ID visible in QUIC headers and the server's stateless reset token - after a source-CID rotation, an observer can compute the token from the new connection-ID bytes. No public exploit identified at time of analysis; the CVSS 4.8 Medium rating reflects the on-path attacker prerequisite (AC:H), which meaningfully limits opportunistic exploitation.
Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.
DB schema enumeration in Frappe (versions prior to 15.107.2 and 16.17.4) exposes internal database structure to unauthenticated remote attackers via a vulnerable endpoint. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or special conditions are required, making this accessible to any internet-facing instance. While limited to low confidentiality impact (VC:L) with no integrity or availability consequences, schema information can inform targeted follow-on attacks against the application's data layer. No public exploit has been identified at time of analysis, and EPSS of 0.02% (7th percentile) indicates low current exploitation probability.
Remote code execution in jmespath.php versions prior to 2.9.1 allows attackers controlling JMESPath expressions to inject arbitrary PHP into compiler-generated cache files, which are then loaded and executed by JmesPath\CompilerRuntime. The flaw stems from insufficient escaping of parsed function names when the compiler emits PHP source, enabling code execution whenever an application evaluates untrusted expressions through the compiler runtime. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects unauthenticated network-reachable RCE in any web app that pipes user input into the compiler.
Credential exposure in Redmine allows any local attacker with access to a previously-used browser session to recover plaintext login credentials stored by the application after form submission. The flaw (CWE-257) affects all tracked Redmine versions per NVD CPE data and represents a classic insecure credential storage issue. No public exploit has been identified at time of analysis, and exploitation is constrained to local attack vectors requiring prior user interaction.
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Weak password recovery in PbootCMS up to 3.2.12 allows remote unauthenticated attackers to take over user accounts by manipulating the `checkcode`, `username`, `password`, and `email` parameters in the `retrieve` function of `apps/home/controller/MemberController.php`. The recovery mechanism fails to adequately validate or protect the verification token, enabling bypass of the intended authentication challenge during the password reset flow. A public proof-of-concept exploit explicitly titled 'Account-Takeover' is available on GitHub, elevating the realistic risk beyond the conservative base score of 6.9.
Source code exfiltration in Nuxt's @nuxt/webpack-builder and @nuxt/rspack-builder (versions 3.15.4-3.21.6 and 4.0.0-alpha.1-4.4.6) enables a LAN-adjacent attacker to read a developer's full application source from the webpack dev server when it is bound to a non-loopback address via `nuxt dev --host`. This is a second incomplete fix in a chain stemming from GHSA-4gf7-ff8x-hq99: the previous patch (GHSA-6m52-m754-pw2g) relied on Sec-Fetch-* metadata headers that browsers silently omit for non-trustworthy (plain HTTP) origins, leaving a bypass when an attacker page strips all three identifying headers (Sec-Fetch-Site, Origin, Referer) simultaneously. A proof-of-concept JavaScript payload is documented in the GHSA advisory; EPSS is very low at 0.02% (7th percentile) and no CISA KEV entry exists, reflecting the narrow exploitation conditions required.
Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.
Squid caching proxy is affected by CVE-2026-50012, disclosed via the oss-security mailing list on 2026-06-12 as a pre-NVD advisory. No technical details - description, affected versions, vulnerability class, or impact - have been made available in the current intelligence snapshot. The advisory was bundled with a sibling disclosure (CVE-2026-47729) from the same Squid maintainer post, suggesting a coordinated release, but no further differentiation between the two CVEs is derivable from available data. No exploitation, no KEV listing, and no EPSS score are present at time of analysis.
Improper authorization in the WebView URL Handler of the Groww Stock, Mutual Fund, Gold App for Android (all versions up to build 20260805) allows a low-privileged attacker with physical device access to invoke custom URL scheme handlers without proper authorization, enabling unauthorized in-app navigation or bypass of client-side access controls. The CVSS 4.0 score of 0.3 reflects severe exploitation constraints: physical access is mandatory, attack complexity is high, and impact is limited to low integrity compromise with no confirmed confidentiality exposure. A public proof-of-concept is available on GitHub and Google Drive; the vulnerability is not listed in CISA KEV and no vendor patch has been confirmed at time of analysis.
Mention injection in Quest Bot prior to version 1.1.6 allows Discord server moderators to embed @everyone or @here mass-ping triggers inside warning reasons, which are later replayed unsanitized when the /warns command outputs stored records. While the bot correctly suppresses Discord mentions during warning creation and several other moderation actions (unbanning, unwarning, kicking, muting, unmuting), the /warns display path lacks equivalent output encoding, creating an inconsistent trust boundary. The issue is patched in version 1.1.6 with no public exploit code identified at time of analysis.
Improper input validation in Quest Bot (an open-source Discord bot) prior to version 1.1.6 lets a guild moderator weaponize the automod feature to delete every non-bot message in a server. By submitting whitespace-only input to the automod add command, the trimmed empty string is stored as a rule and the message listener's content.includes("") check evaluates true for all messages. No public exploit identified at time of analysis, though the trigger is trivial to reproduce by anyone with permission to configure automod rules.
Disk encryption bypass in Moxa UC-1200A series industrial computers allows an attacker with invasive physical access to recover the LUKS disk encryption key by sniffing the SPI bus between the CPU and TPM2 chip. The flaw is an incomplete fix for CVE-2026-0714 - Moxa added TPM2 parameter encryption but misconfigured the authorization session so the encryption provides no real protection. No public exploit identified at time of analysis, and the CVSS 4.0 vector (AV:P) reflects that exploitation is bounded to attackers who can physically open the device.
Vulnerability Title
PingDirectory's virtual attribute processing exposes an authenticated denial-of-service path capable of exhausting the Java heap, with cascading availability, confidentiality, and integrity impacts on all downstream identity-dependent systems. Authorized users with elevated directory privileges can trigger progressive, unreclaimed heap allocation by copying virtual attributes referencing `ds-privilege-name` values while recent login history is active. The vendor-assigned CVSS 4.0 score of 6.3 (Amber urgency) masks notably high subsequent-system impact ratings (SC:H/SI:H/SA:H), reflecting that the real organizational risk lies not in PingDirectory itself but in the authentication and authorization disruption cascading to every application integrated with the directory; no public exploit code or CISA KEV listing has been identified at time of analysis.
Improper TLS certificate validation in CyberArk (Palo Alto Networks) Privilege Cloud Connector (PAM SH Connector, branded 'Idira') versions prior to 1.1.100504 allows adjacent-network attackers to intercept or tamper with privileged-access traffic under specific configuration scenarios. The flaw is rated CVSS 4.0 7.5 with no public exploit identified at time of analysis, but the Connector's role as a broker for secrets and privileged sessions makes successful exploitation highly impactful. Reported by Palo Alto with disclosure tracked under CyberArk Security Bulletin CA26-17.
SQL wildcard character injection in ClipBucket v5's subtitle editing endpoint allows authenticated users to overwrite all subtitle titles across every video they own in a single HTTP request. Affected versions are all releases prior to 5.5.3 - #141 of the open-source video sharing platform maintained by MacWarrior. No public exploit exists and the vulnerability is not listed in CISA KEV, but the trivial exploitation mechanism (a single % character) means any authenticated account could cause bulk subtitle data corruption against their own content.
Unauthenticated blind SQL injection in ClipBucket v5 prior to version 5.5.3 - #129 allows remote attackers to exfiltrate arbitrary database contents via the ids parameter of the actions/progress_video.php endpoint. The flaw carries a critical CVSS 9.8 score and no public exploit identified at time of analysis, but the trivial network-reachable attack surface on a public-facing video sharing platform makes opportunistic scanning likely. Vendor patch is available in 5.5.3 - #129 per the GHSA advisory.
Authenticated SQL injection in ClipBucket v5 prior to release 5.5.3 - #132 allows any user with video-upload privileges to exfiltrate database contents via the POST /actions/subtitle_edit.php endpoint. The vulnerable 'number' parameter handling enables boolean-based blind SQLi, and no public exploit is identified at time of analysis though the GitHub Security Advisory (GHSA-q233-m544-6jqr) documents the issue in detail.
Local privilege/integrity compromise in CyberArk Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allows an authenticated local attacker to interfere with the agent daemon's initialization sequence, potentially undermining the endpoint privilege controls the product is meant to enforce. The CVSS 4.0 score of 8.5 reflects high impact on confidentiality, integrity, and availability of the vulnerable system, though exploitation requires existing local access with low privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthenticated information disclosure in HKUDS AI-Trader exposes the Research Export endpoint (`/api/research/agents.csv`) to any remote attacker without credentials, leaking proprietary research output in CSV format. The vendor explicitly confirmed the pre-patch state lacked access control: 'Research export endpoints now require an authenticated agent with the research_exports capability.' A public proof-of-concept exploit exists (CVSS 4.0: 6.9, E:P), and the upstream fix is available via commit 91a31aac1b0f4dbc6b8bef9f6eff0b7912e0bc65; no active exploitation is confirmed in CISA KEV at this time.
Permission misconfiguration in IObit Malware Fighter's DLL Handler component (versions up to 13.2.0) allows a local low-privileged attacker to exploit insecure resource permissions, resulting in low-severity confidentiality, integrity, and availability impacts. The vulnerability stems from CWE-275 (Improper Permission Assignment for a Resource), and a public proof-of-concept exploit is available via GitHub and a researcher blog post. The vendor was notified prior to disclosure but did not respond, meaning no official patch or mitigation guidance has been issued.
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
Server impersonation in OCaml-TLS before 2.1.0 allows a malicious TLS server to present a certificate not intended for server authentication and still be accepted by client code, enabling man-in-the-middle and impersonation attacks against any application linking the library as a TLS client. The client fails to validate KeyUsage and ExtendedKeyUsage extensions properly, breaking a core PKIX trust assumption. No public exploit identified at time of analysis and EPSS sits at 0.15% (4th percentile), but the CVSS 9.1 reflects the broad confidentiality and integrity impact on encrypted sessions.
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
Arbitrary file write in remotion-dev Remotion v4.0.409 allows remote attackers to write attacker-controlled content to arbitrary filesystem locations without authentication, per the CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) and CWE-123 (Write-what-where) classification. Remotion is a React-based programmatic video rendering framework, and the flaw can lead to integrity and availability compromise of the host running the rendering engine. No public exploit identified at time of analysis, and the EPSS score of 0.15% (4th percentile) indicates low predicted exploitation likelihood despite the high CVSS score.
Authentication bypass in OCaml-TLS server implementations before version 2.1.0 allows remote attackers to impersonate legitimate clients during mutual TLS authentication by presenting certificates whose KeyUsage and ExtendedKeyUsage extensions do not authorize client authentication. The server fails to enforce these X.509 certificate purpose constraints, so any valid certificate chain trusted by the server may be accepted regardless of intended use. EPSS probability is low (0.12%, 2nd percentile) and no public exploit identified at time of analysis, but the CVSS 9.1 reflects the high impact on confidentiality and integrity of mTLS-protected services.
Improper authorization in the custom URL scheme handler of Genspark AI Workspace App 2.8.4 on Android allows a local low-privileged attacker to invoke restricted application functionality via the ai.mainfunc.genspark component without proper access control. The flaw is classified under CWE-939, affecting inter-app communication on Android where the URL scheme handler fails to verify the caller's authorization. No patch is available as the vendor did not respond to responsible disclosure; no public exploit or CISA KEV confirmation exists at time of analysis.
Improper authorization in Moovit Bus & Public Transit App 1.18 on Android exposes the com.tranzmate custom URL scheme handler to invocation by any locally installed application without proper authorization checks, enabling information disclosure and limited unauthorized manipulation of app functionality. The vulnerability is classified as CWE-939 and is restricted to local attack vectors, meaning a co-resident malicious application on the same Android device is required to trigger it. A proof-of-concept exploit has been publicly released via GitHub and Google Drive, and the vendor did not respond to responsible disclosure - no patch is confirmed available at time of analysis.
Heap-based out-of-bounds read and integer underflow in LiamBindle MQTT-C (all versions through 1.1.6) allows a remote attacker who controls an MQTT broker - or who can inject packets into an unencrypted MQTT session - to crash any subscribed MQTT-C client and potentially disclose adjacent heap memory by sending a single specially crafted PUBLISH packet. The flaw resides in mqtt_unpack_publish_response() in src/mqtt.c, where the broker-supplied 16-bit topic_name_size field is used to advance a parse pointer without validating it fits within the packet's remaining_length, and the subsequent unsigned subtraction to derive application_message_size wraps to near 2^32 and is passed directly to memmove(). No patched release has been identified at time of analysis; a proof-of-concept is indicated by the CVSS 4.0 E:P supplemental metric, and this vulnerability is not listed in the CISA KEV catalog.
Timing side-channel in Linux-PAM's pam_userdb module through version 1.7.2 allows plaintext password recovery by any attacker capable of repeatedly submitting authentication attempts to a service backed by the vulnerable configuration. The module's use of length-prefixed strncmp() (or strncasecmp() with PAM_ICASE_ARG) on plaintext credentials leaks both password length and individual prefix bytes via measurable response-time differences, enabling iterative character-by-character reconstruction of the stored password. Proof-of-concept exploit methodology exists per CVSS 4.0 supplemental metadata (E:P); while no CISA KEV listing was found, the high confidentiality impact (VC:H) and credential-disclosure nature make this a meaningful risk for any deployment relying on pam_userdb in plaintext mode.
Off-by-one buffer overflow in nanoMODBUS through v1.23.0 lets remote unauthenticated attackers write one attacker-controlled byte past a 260-byte receive buffer in the Modbus/TCP server's recv_msg_header() function. The corruption of the adjacent buffer-index field can cause denial of service on all targets and, on bare-metal/RTOS deployments without memory protection, leak one byte of memory and trigger unintended writes through the Write Multiple Registers (FC16) handler. No public exploit identified at time of analysis, but the bug is trivially reachable by sending a crafted MBAP frame with Length=255.
Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.
Symlink mishandling in LiteSpeed cPanel Plugin before 2.4.8 (and the bundling LiteSpeed WHM PlugIn before 5.3.2.0) lets a low-privileged tenant on a shared CloudLinux/CageFS host escape their per-user filesystem jail by planting symlinks the plugin follows with elevated privileges. The CVE record states the flaw was exploited against shared hosting providers in May 2026, and CVSS 8.5 with Scope:Changed reflects cross-tenant compromise of other customers' files on the same server. No separate KEV listing or public POC is present in the provided intelligence.
Divide-by-zero in GPAC's MP4Box AVI demuxer crashes the process when handling crafted media files with zero-declared frame counts. Specifically, avidmx_process() in filters/dmx_avi.c:639 fails to validate the frame count before using it as a divisor during Dasher bitrate computation, triggering an uncaught floating-point exception (FPE) when DASH segmentation is invoked. A public proof-of-concept file exists; exploitation requires no authentication or special privileges beyond delivering a malformed AVI-like input to an affected MP4Box instance. EPSS data is not yet available, and the vulnerability is not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Host filesystem integrity violations in runc are triggered when the container runtime processes a malicious OCI image where /dev is configured as a symbolic link rather than a directory. An attacker who can deliver such a crafted image - via a public registry, a supply-chain-compromised base image, or a shared CI/CD pipeline - can cause runc to follow the symlink during container device-node initialization, resulting in limited, unintended write operations on the host filesystem outside the container boundary. The vendor-credited reporter (Aleksa Sarai, a known runc maintainer) describes the impact as 'limited host filesystem integrity violations,' falling short of a full container escape. No public exploit has been identified at time of analysis.
Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt memory and likely achieve information disclosure or code execution by manipulating the data argument passed to snprintf within the /web/cgi-bin/greece/rhea HTTP handler. Publicly available exploit code exists per VulDB submission, though this CVE is not on the CISA KEV list. The CVSS 4.0 score of 7.4 reflects high impact on confidentiality, integrity, and availability with low-privilege authentication required.
Missing Origin/Host header validation in Google's MCP Toolbox for Databases (Model Context Protocol server) prior to v0.25.0 allows remote attackers to reach the locally-bound HTTP server via DNS rebinding from a victim's browser, abusing the bridge to issue arbitrary tool/database commands. The fix introduces a new --allowed-hosts startup flag (companion to the existing --allowed-origins) that validates inbound Host headers, though both flags retain an insecure-by-default '*' value with only a startup warning. No public exploit identified at time of analysis; the issue was reported internally by Google.
Local privilege escalation via arbitrary root-owned file overwrite affects libreport's ABRT post-create event handler scripts on Red Hat Enterprise Linux 6, 7, and 8. The event scripts write output using shell redirections that lack the O_NOFOLLOW flag, so a local low-privileged user who plants a symlink in a writable crash-dump path can cause the root shell to follow it and clobber any file on the system, which can be leveraged for full system compromise. SSVC rates technical impact as total, but there is no public exploit identified at time of analysis and EPSS is negligible (0.02%, 5th percentile).
Local privilege escalation in the abrt-dbus D-Bus service on Red Hat Enterprise Linux 6, 7, and 8 allows a low-privileged local user to race the ChownProblemDir method against still-running post-create event handlers. By invoking ChownProblemDir while privileged event scripts hold a write lock on the dump directory, the attacker gains filesystem ownership of files being written by root-context handlers, enabling tampering with privileged output and potential privilege escalation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Directory traversal in Allegra's exportReport method exposes arbitrary server-side files to authenticated remote attackers, operating in the context of the underlying service account. The flaw affects all tracked versions per the CPE wildcard (cpe:2.3:a:allegra:allegra:*), with Alltena's 9.0.0 release notes referencing the fix. No public exploit code or CISA KEV listing has been identified at time of analysis, and no EPSS data was provided, but the CVSS 6.5 rating reflects a meaningful confidentiality risk for any internet-facing Allegra deployment where user accounts may be broadly provisioned.
Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.
Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when the scanner processes a malformed PDF file, leading to a heap out-of-bounds read that can corrupt the antivirus engine process. CVSS 7.8 reflects the high impact on confidentiality, integrity, and availability, but exploitation requires the victim to expose the engine to the attacker's file. No public exploit identified at time of analysis.
Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.
Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.
Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.
Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux) is triggered when the engine parses a malformed Windows PE file and performs a heap out-of-bounds read. Mitigation ships via the VPS 25021310 virus definition update rather than a product installer, so any consumer of the Gen Digital definition stream at or above that build is no longer exposed. No public exploit identified at time of analysis, but the bug sits inside a high-privilege scanner that auto-processes attacker-controlled files.
Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.
Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a malformed Windows PE file. Five Gen Digital products share a common virus definition update stream - Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux - making all simultaneously vulnerable until the shared definition stream reaches build VPS 25022500. No public exploit has been identified at time of analysis; the impact is limited to a Denial-of-Service of the antivirus process with no confidentiality or integrity loss, and the CVSS score of 5.5 reflects the local, user-interaction-dependent nature of the attack.
Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a specially crafted malformed Windows PE file, causing a Denial-of-Service across five Gen Digital products - Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus - on Windows, macOS, and Linux. The vulnerability resides in the virus definition update stream rather than the product binary itself, meaning all five products sharing the same Gen Digital VPS stream are simultaneously exposed until updated to definition build VPS 25031700 or later. No public exploit code has been identified at time of analysis, and CVSS scores this at medium severity (5.5) reflecting local access and required user interaction as meaningful limiting factors.
Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing local code execution or denial-of-service of the antivirus process on Windows, macOS, and Linux engine builds prior to 8.3.70.56. The CVSS 7.8 (High) rating reflects local attack vector with required user interaction (the engine must scan the attacker-supplied file), and no public exploit identified at time of analysis. Because the AV engine typically runs with elevated privileges, successful code execution would inherit those privileges.
Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.
Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to issue crafted GPU system calls that perform read/write operations on arbitrary freed physical memory pages, enabling kernel memory corruption. The flaw stems from missing deferred-free handling, meaning the GPU can still access pages after the kernel module has released them. No public exploit identified at time of analysis and EPSS is very low (0.02%), but CVSS 7.8 reflects high local impact on confidentiality, integrity, and availability.
OpenClaw's retry endpoint authentication check performs hostname prefix matching instead of exact hostname comparison, enabling an authenticated attacker to redirect sensitive authentication material to an attacker-controlled endpoint. All versions before 2026.5.7 are affected per CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*. The CVSS 4.0 vector scores this at 6.0 with high confidentiality impact (VC:H) and a specific attack prerequisite (AT:P); no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Information disclosure in OpenClaw before 2026.5.18 lets authenticated operators abuse shell metacharacter expansion within the system.run safe-bin allowlist to read unintended node-local files on POSIX nodes and exfiltrate sensitive configuration data. The flaw bypasses command-policy enforcement because the allowlist validates a literal command string while the underlying shell re-interprets it at execution time. No public exploit identified at time of analysis.
Information disclosure in OpenClaw before 2026.4.26 leaks the real host workspace path through sandboxed session spawning, exposing filesystem location and potentially related memory context to child AI model prompts. Authenticated users with low-privilege access can trigger this by spawning child sessions from sandboxed parent sessions, undermining the isolation guarantees of the sandbox environment. With a CVSS 4.0 score of 2.3, no public exploit code, and no CISA KEV listing, this is a low-severity but architecturally meaningful sandbox escape of information relevant to AI agent deployments.
Unauthenticated information disclosure in File Browser (filebrowser/filebrowser) versions <= 2.63.5 allows public share recipients to bypass owner-defined deny rules and read or list files explicitly blocked beneath a shared directory. The flaw stems from the public share handler rebasing the filesystem root but evaluating access rules against the rebased relative path rather than the owner's original scope. No public exploit identified at time of analysis, but a detailed PoC accompanies the GHSA advisory and EPSS sits at 0.04% (13th percentile).
Insufficient compartmentalization in the Imagination Technologies Graphics DDK kernel module enables a local, low-privileged attacker to abuse shared secure GPU memory allocations to either covertly pass data between otherwise isolated secure GPU processes or disrupt a peer process, causing image corruption and GPU hardware recovery events. Multiple DDK release trains spanning versions 1.18 RTM through 26.1 RTM are confirmed affected per EUVD-2026-36606. No public exploit exists and SSVC confirms no observed exploitation, but the 'Information Disclosure' tag in the advisory signals a confidentiality dimension that the official CVSS C:N metric does not fully capture.
Improper access control in File Browser (filebrowser/filebrowser, Go) versions <= 2.63.6 lets a user with share/download permissions create a public share for a path that does not yet exist; because the share record stores only a path string and is never bound to a concrete object, the link silently begins exposing whatever file later appears at that path via GET /api/public/dl/<hash>. The flaw mirrors the Android MediaProvider issue CVE-2026-0035 — the create handler omits an existence check before persisting the share. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but a step-by-step PoC is included in the GitHub Security Advisory.
Cross-site scripting in Fabric.js (npm: fabric) versions prior to 7.4.0 is triggered when applications export canvas content via `canvas.toSVG()` and render the result into the DOM using `innerHTML`. The `color` field within `colorStops` of a `fabric.Gradient` object is inserted into SVG `<stop>` elements without escaping `"`, `<`, or `>`, allowing crafted input to break attribute context and inject arbitrary HTML. A working proof-of-concept is publicly confirmed against v7.2.0; no active exploitation appears in CISA KEV, and the EPSS score of 0.04% reflects low observed exploitation breadth consistent with the chained conditions required.
User email enumeration in MISP's AuthKey edit endpoint allows any authenticated user holding AuthKey-edit permission to discover the email addresses of arbitrary platform users by manipulating a single POST parameter. The flaw exists in the validation-error rendering path of AuthKeysController.php, where the user dropdown was populated from attacker-controlled request body data rather than the persisted AuthKey owner, enabling systematic iteration over numeric user IDs. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but the attack is trivially reproducible from the description and patch diff alone.
Sensitive system information exposure in the Hash Elements WordPress plugin (all versions through 1.5.4) enables authenticated low-privilege users to retrieve embedded sensitive data from the plugin's output or internal responses. Classified under CWE-497, the plugin surfaces system-level information - potentially including API keys, server paths, or configuration values - to parties who should not have access to it. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the low authentication barrier (subscriber-level or equivalent WordPress account) broadens the pool of potential abusers on multi-user WordPress installations.
Tag group name disclosure in Discourse exposes restricted organizational metadata to anonymous and unprivileged users via a serializer that omits visibility filtering. Affected release lines are 2026.1.x (before 2026.1.4), 2026.3.x (before 2026.3.1), and 2026.4.x (before 2026.4.1), with the root cause being that DetailedTagSerializer#tag_group_names returned all group memberships without consulting the requesting user's permissions. An unauthenticated attacker can enumerate the names of tag groups restricted to specific user groups or non-visible categories, potentially leaking the internal structure of private forum spaces; no public exploit code has been identified at time of analysis and EPSS is 0.04% (11th percentile), indicating negligible observed exploitation activity.
Unauthorized access to webhook event data in Discourse exposes internal webhook payloads to any authenticated user - or unauthenticated users on instances with login_required disabled - across versions 2026.1.0 through several branch heads. The flaw resides in the MessageBus channel /web_hook_events/<id>, which the Jobs::RedeliverWebHookEvents job publishes to without enforcing group_id restrictions, allowing unrestricted channel subscription. Compounded by trivially enumerable sequential integer webhook IDs, any low-privilege or anonymous actor can iterate over webhook event history without authorization. No public exploit code exists and EPSS is 0.03% (9th percentile), indicating no observed widespread exploitation at time of analysis.
Discourse's AI 'explain' helper exposes raw content of hidden posts to any authenticated user with access to the feature, due to an incomplete authorization check on parent posts. Affected instances span three release tracks - 2026.1.x, 2026.3.x, and 2026.4.x - and any user who can invoke the AI helper and find a visible reply to a hidden post can silently read the hidden post's raw text. No public exploit code has been identified and EPSS places exploitation probability at 0.03% (9th percentile), indicating this is a low-urgency but genuine confidentiality bypass for deployments where hidden post content is sensitive.
Discourse group owners can retrieve plaintext SMTP credentials - including passwords, usernames, server, port, and SSL mode - from the group history log endpoint (/groups/:name/logs.json), affecting versions 2026.1.0-latest through pre-2026.1.4, 2026.3.0-latest through pre-2026.3.1, and 2026.4.0-latest through pre-2026.4.1. An authenticated group owner who holds no admin or moderator privileges can harvest the exposed SMTP password and use it to send mail impersonating the group's email identity from any external mail client, entirely bypassing Discourse's own sending controls. No public exploit code exists and this vulnerability is not listed in CISA KEV; the EPSS score of 0.03% at the 11th percentile reflects the narrow, configuration-dependent attack surface.
Discourse's GroupPostSerializer leaks user real names to authenticated users even when site administrators have explicitly disabled name display via the enable_names site setting. Affected versions span the 2026.1.x, 2026.3.x, and 2026.4.x release lines. An authenticated user querying group post endpoints receives real name data that the platform operator intended to suppress, undermining privacy configurations on Discourse instances that host pseudonymous or anonymous communities. No public exploit code exists and no active exploitation has been identified; the EPSS score of 0.03% (9th percentile) reflects low exploitation probability.
Discourse's ReviewableQueuedPostSerializer unconditionally exposes full inbound email source - including SMTP headers, sender trace, mail user agent, and body - to category moderation group members accessing the review queue, bypassing the view_raw_email_allowed_groups trust boundary that restricts the dedicated raw-email endpoint. Affected versions span the 2026.1.x, 2026.3.x, and 2026.4.x series on deployments using Discourse's incoming email feature. No public exploit has been identified and EPSS stands at 0.03% (9th percentile), indicating low automated exploitation probability, though the exposed data - including sender IP addresses and routing headers - presents meaningful privacy and de-anonymization risk to users who submitted posts via email.
Discourse platform versions across three active release tracks expose whisper translation audit logs through bot debug endpoints to any authenticated low-privilege user. The vulnerability (CWE-200) exists across release lines 2026.1.x, 2026.3.x, and 2026.4.x, and has been patched by the vendor across all affected tracks. No public exploit exists and EPSS sits at the 9th percentile (0.03%), indicating this is a low-probability exploitation target; however, the exposure of internal moderation audit logs may pose compliance and confidentiality risks on community platforms handling sensitive staff communications.
Information disclosure in Discourse discussion platform allows any MessageBus subscriber to receive real-time chat message payloads from public category channels without proper permission scoping, even when chat is not enabled for that user. The flaw affects versions 2026.1.0 through 2026.1.3, 2026.3.0 through 2026.3.0, and 2026.4.0 through 2026.4.0, and is fixed in 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. No public exploit identified at time of analysis, but the unauthenticated network attack vector makes this a meaningful confidentiality concern for forums leveraging chat.
Parse Server 9.8.0-9.9.0 exposes raw MFA TOTP secrets and recovery codes through the /verifyPassword and /login endpoints when the _User class-level permission (CLP) is configured to deny get operations. An attacker with knowledge of a victim's username and password can call /verifyPassword without a session token or MFA token and receive the victim's plaintext TOTP secret and recovery codes in the response, completely defeating the second authentication factor. No public exploit has been identified at time of analysis; a patch exists in version 9.9.1-alpha.5, and the EPSS score of 0.04% (13th percentile) reflects limited opportunistic exploitation so far.
WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. Reported via CISA ICS-CERT advisory ICSA-26-162-02; no public exploit code identified, though the attack requires only commodity serial hardware and minimal technical knowledge.
Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform, V720, and IX Cam - allows unauthenticated remote attackers to build a complete inventory of active devices deployed in the field. The identifier scheme combines fixed manufacturing prefixes with sequential counters (CWE-340), and the platform compounds this by exposing an endpoint that reveals the current identifier high-water mark, effectively handing attackers a starting point for a full sweep. Reported by ICS-CERT under ICSA-26-162-02, this is a platform-wide architectural flaw; no public exploit or KEV listing is confirmed at time of analysis, but the low complexity and zero-authentication barrier make opportunistic enumeration trivially achievable.
Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.
Unauthenticated denial-of-service in Typesense search engine versions prior to 29.1 and 30.2 allows remote attackers to terminate the server process by sending a crafted request to the /multi_search endpoint. The flaw triggers an unhandled exception during request processing, causing complete service unavailability for the duration of restart and dataset reload. No public exploit identified at time of analysis, and the low EPSS score (0.10%) suggests limited current exploitation interest despite the high CVSS 4.0 score of 8.7.
Cache isolation failure in Typesense's search engine exposes restricted search results across Scoped Search API Key authorization boundaries. When server-side caching and Scoped API Keys are both active, a specific sequence of requests can cause the cache to serve results to a scoped requester that were originally populated by a less-restricted context, effectively bypassing the embedded filter constraints of that key. Versions prior to 29.1 and 30.2 are affected; vendor-released patches exist in both release lines, with no public exploit identified and an EPSS of 0.05% (15th percentile) confirming low current exploitation probability.
Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser allows unauthenticated remote attackers to read up to approximately 4 GiB of heap memory or crash the application by delivering a crafted archive to a Windows user who opens it. Affected versions span 3.0.1000.0 through all releases before 6.0.1698.0, with the vulnerability rooted in an inherited integer overflow flaw in 7-Zip's upstream AvbHandler. No public exploit code or active exploitation has been identified; an EPSS score of 0.05% (15th percentile) confirms negligible current threat activity, and this CVE does not appear in the CISA KEV catalog.
Heap out-of-bounds read in NanaZip's inherited 7-Zip LvmHandler component allows an unauthenticated remote attacker to crash the application or potentially expose heap memory by tricking a user into opening a maliciously crafted LVM2 disk image. All NanaZip installations from version 3.0.1000.0 up to (but not including) 6.0.1698.0 on Windows are vulnerable. No public exploit code or active exploitation has been identified; an EPSS score of 0.04% at the 11th percentile reflects very low real-world exploitation probability.
Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may leak heap memory contents when a victim opens a crafted .avb or .img file. Affected versions span 3.0.1000.0 through any release before 6.0.1698.0, covering a wide install base of Windows users. No public exploit code exists and EPSS sits at 0.05% (15th percentile), indicating low current exploitation interest, though the deterministic crash behavior lowers the bar for denial-of-service abuse.
Private message interception in Mattermost affects versions 11.6.x through 11.6.1, 11.5.x through 11.5.4, and 10.11.x through 10.11.16, allowing a low-privileged attacker to receive plugin-generated direct messages intended for bot accounts. The flaw stems from the bot registration flow failing to verify that a claimed username actually belongs to a bot account, enabling an attacker who pre-registers a human account using a predictable plugin bot username to silently hijack those message channels. No public exploit code exists at time of analysis, and exploitation requires both an existing user account and advance knowledge of the target bot's username.
Remote cluster authentication token disclosure in Mattermost's Secure Connections feature allows authenticated users holding the manage_secure_connections permission to retrieve plaintext inter-cluster credentials via a crafted PATCH request. Affected deployments span versions 10.11.x through 10.11.15, 11.5.x through 11.5.4, and 11.6.x through 11.6.1, with a CVSS-rated High confidentiality impact (6.5). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but successful exploitation could undermine the trust model of federated multi-cluster deployments.
Mattermost's WebSocket layer improperly broadcasts `role_updated` events to all authenticated connections regardless of team or channel membership, enabling guest-level authenticated users to observe permission scheme change notifications for private teams they do not belong to. Affected versions span the 10.11.x, 11.5.x, and 11.6.x release lines. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, but the low attack complexity and broad version impact make patching a straightforward priority for any Mattermost deployment with guest accounts enabled.
Hard-coded cryptographic keys in the Aqara Home Android app (com.lumiunited.aqarahome) 6.0.0 and white-label clients embedding the same liblumidevsdk.so let attackers who extract the static keys from the shipped binary decrypt protected data and forge or tamper with device/cloud communications. Because every install ships the identical embedded keys, a single extraction compromises confidentiality and integrity across the entire installed base. Reported by runZero (CVE-2026-50091 / EUVD-2026-36481); publicly available exploit code exists (GitHub PoC 'theres-no-place-like-home'), but it is not on CISA KEV and EPSS is very low at 0.03%.
Cross-origin information disclosure in the Aqara Developer Portal (developer.aqara.com) and its shared test environments (developer-test.aqara.com, aiot-test.aqara.com) allows a malicious website to read authenticated responses from any victim developer who visits it, exposing portal data tied to IoT/smart-home developer accounts. The flaw is a permissive CORS policy (CWE-942) that trusts untrusted origins; runZero disclosed it and no public exploit identified at time of analysis, though the technique is well-known and trivially scriptable.
Cross-origin information disclosure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) allows attacker-controlled web origins to read authenticated user data by exploiting a permissive CORS policy that trusts arbitrary domains. The flaw, scored CVSS 8.2 with scope change due to credential exposure crossing the browser/identity-provider trust boundary, affects all users of Aqara's centralized smart-home identity service and can be triggered when a logged-in victim visits an attacker-hosted page. A public GitHub repository (xn0tsa/theres-no-place-like-home) is linked from the advisory, so publicly available exploit code exists, though no CISA KEV listing or EPSS signal is provided.
Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the pseudorandom function and only 1,000 iterations - leaving derived keys and stored passwords highly vulnerable to offline brute-force attacks. Applications that do not explicitly override these defaults expose any compromised credential store to cracking at rates orders of magnitude faster than OWASP-recommended configurations (220,000-1,400,000 iterations depending on algorithm). No public exploit is identified at time of analysis and the CVE is not listed in CISA KEV, but the structural nature of CWE-916 means all previously generated hashes using the weak defaults remain exploitable even after upgrading the library unless proactively rehashed.
HTTP request smuggling in Netty's HttpObjectDecoder (netty-codec-http) allows unauthenticated remote attackers to manipulate request-boundary parsing in pipelined or multiplexed deployments by injecting non-CRLF ISO control characters (NUL, SOH, STX, etc.) before the HTTP request-line. Affected are all Netty releases prior to 4.1.135.Final and 4.2.15.Final; both branches have vendor-confirmed patches. No public exploit code has been identified and EPSS is 0.04% (12th percentile), indicating low current exploitation likelihood, though the attack surface expands significantly in architectures fronted by proxies or load balancers that strip or interpret those control bytes differently than Netty does.
Memory exhaustion in opentelemetry-cpp OTLP HTTP exporters (traces, metrics, logs) prior to 1.27.0 allows an attacker who controls the configured collector endpoint - or occupies a MITM position on the network path - to crash the instrumented process by returning an arbitrarily large HTTP response body. The curl-based HTTP client read response data into an unbounded in-memory buffer via io-equivalent copy with no size limit, making peak heap allocation entirely attacker-controlled. No public exploit has been identified at time of analysis, and EPSS at 0.02% (6th percentile) indicates low opportunistic exploitation probability, though the targeted threat model (supply-chain-adjacent collector compromise) is realistic in telemetry-heavy environments.
TLS hostname verification is silently disabled in Netty's netty-handler module for any client built with SslContextBuilder.forClient().trustManager(somePlainX509TrustManager), allowing network attackers in a man-in-the-middle position to present a valid certificate for any host and intercept supposedly encrypted traffic. Affects all Netty versions prior to 4.1.135.Final and 4.2.15.Final; no public exploit identified at time of analysis and EPSS is very low (0.04%), but the defect bypasses a core TLS protection that Netty 4.2 explicitly advertises as enabled by default.
Stateless reset token leakage in Netty's QUIC codec (io.netty:netty-codec-classes-quic prior to 4.2.15.Final) enables an on-path attacker to derive the reset token for active connections and terminate them via spoofed Stateless Reset packets. The default HMAC-based generators expose a deterministic relationship between the source connection ID visible in QUIC headers and the server's stateless reset token - after a source-CID rotation, an observer can compute the token from the new connection-ID bytes. No public exploit identified at time of analysis; the CVSS 4.8 Medium rating reflects the on-path attacker prerequisite (AC:H), which meaningfully limits opportunistic exploitation.
Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.
DB schema enumeration in Frappe (versions prior to 15.107.2 and 16.17.4) exposes internal database structure to unauthenticated remote attackers via a vulnerable endpoint. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or special conditions are required, making this accessible to any internet-facing instance. While limited to low confidentiality impact (VC:L) with no integrity or availability consequences, schema information can inform targeted follow-on attacks against the application's data layer. No public exploit has been identified at time of analysis, and EPSS of 0.02% (7th percentile) indicates low current exploitation probability.
Remote code execution in jmespath.php versions prior to 2.9.1 allows attackers controlling JMESPath expressions to inject arbitrary PHP into compiler-generated cache files, which are then loaded and executed by JmesPath\CompilerRuntime. The flaw stems from insufficient escaping of parsed function names when the compiler emits PHP source, enabling code execution whenever an application evaluates untrusted expressions through the compiler runtime. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects unauthenticated network-reachable RCE in any web app that pipes user input into the compiler.
Credential exposure in Redmine allows any local attacker with access to a previously-used browser session to recover plaintext login credentials stored by the application after form submission. The flaw (CWE-257) affects all tracked Redmine versions per NVD CPE data and represents a classic insecure credential storage issue. No public exploit has been identified at time of analysis, and exploitation is constrained to local attack vectors requiring prior user interaction.
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Weak password recovery in PbootCMS up to 3.2.12 allows remote unauthenticated attackers to take over user accounts by manipulating the `checkcode`, `username`, `password`, and `email` parameters in the `retrieve` function of `apps/home/controller/MemberController.php`. The recovery mechanism fails to adequately validate or protect the verification token, enabling bypass of the intended authentication challenge during the password reset flow. A public proof-of-concept exploit explicitly titled 'Account-Takeover' is available on GitHub, elevating the realistic risk beyond the conservative base score of 6.9.
Source code exfiltration in Nuxt's @nuxt/webpack-builder and @nuxt/rspack-builder (versions 3.15.4-3.21.6 and 4.0.0-alpha.1-4.4.6) enables a LAN-adjacent attacker to read a developer's full application source from the webpack dev server when it is bound to a non-loopback address via `nuxt dev --host`. This is a second incomplete fix in a chain stemming from GHSA-4gf7-ff8x-hq99: the previous patch (GHSA-6m52-m754-pw2g) relied on Sec-Fetch-* metadata headers that browsers silently omit for non-trustworthy (plain HTTP) origins, leaving a bypass when an attacker page strips all three identifying headers (Sec-Fetch-Site, Origin, Referer) simultaneously. A proof-of-concept JavaScript payload is documented in the GHSA advisory; EPSS is very low at 0.02% (7th percentile) and no CISA KEV entry exists, reflecting the narrow exploitation conditions required.
Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.
Squid caching proxy is affected by CVE-2026-50012, disclosed via the oss-security mailing list on 2026-06-12 as a pre-NVD advisory. No technical details - description, affected versions, vulnerability class, or impact - have been made available in the current intelligence snapshot. The advisory was bundled with a sibling disclosure (CVE-2026-47729) from the same Squid maintainer post, suggesting a coordinated release, but no further differentiation between the two CVEs is derivable from available data. No exploitation, no KEV listing, and no EPSS score are present at time of analysis.
Improper authorization in the WebView URL Handler of the Groww Stock, Mutual Fund, Gold App for Android (all versions up to build 20260805) allows a low-privileged attacker with physical device access to invoke custom URL scheme handlers without proper authorization, enabling unauthorized in-app navigation or bypass of client-side access controls. The CVSS 4.0 score of 0.3 reflects severe exploitation constraints: physical access is mandatory, attack complexity is high, and impact is limited to low integrity compromise with no confirmed confidentiality exposure. A public proof-of-concept is available on GitHub and Google Drive; the vulnerability is not listed in CISA KEV and no vendor patch has been confirmed at time of analysis.
Mention injection in Quest Bot prior to version 1.1.6 allows Discord server moderators to embed @everyone or @here mass-ping triggers inside warning reasons, which are later replayed unsanitized when the /warns command outputs stored records. While the bot correctly suppresses Discord mentions during warning creation and several other moderation actions (unbanning, unwarning, kicking, muting, unmuting), the /warns display path lacks equivalent output encoding, creating an inconsistent trust boundary. The issue is patched in version 1.1.6 with no public exploit code identified at time of analysis.
Improper input validation in Quest Bot (an open-source Discord bot) prior to version 1.1.6 lets a guild moderator weaponize the automod feature to delete every non-bot message in a server. By submitting whitespace-only input to the automod add command, the trimmed empty string is stored as a rule and the message listener's content.includes("") check evaluates true for all messages. No public exploit identified at time of analysis, though the trigger is trivial to reproduce by anyone with permission to configure automod rules.
Disk encryption bypass in Moxa UC-1200A series industrial computers allows an attacker with invasive physical access to recover the LUKS disk encryption key by sniffing the SPI bus between the CPU and TPM2 chip. The flaw is an incomplete fix for CVE-2026-0714 - Moxa added TPM2 parameter encryption but misconfigured the authorization session so the encryption provides no real protection. No public exploit identified at time of analysis, and the CVSS 4.0 vector (AV:P) reflects that exploitation is bounded to attackers who can physically open the device.
Vulnerability Title
PingDirectory's virtual attribute processing exposes an authenticated denial-of-service path capable of exhausting the Java heap, with cascading availability, confidentiality, and integrity impacts on all downstream identity-dependent systems. Authorized users with elevated directory privileges can trigger progressive, unreclaimed heap allocation by copying virtual attributes referencing `ds-privilege-name` values while recent login history is active. The vendor-assigned CVSS 4.0 score of 6.3 (Amber urgency) masks notably high subsequent-system impact ratings (SC:H/SI:H/SA:H), reflecting that the real organizational risk lies not in PingDirectory itself but in the authentication and authorization disruption cascading to every application integrated with the directory; no public exploit code or CISA KEV listing has been identified at time of analysis.
Improper TLS certificate validation in CyberArk (Palo Alto Networks) Privilege Cloud Connector (PAM SH Connector, branded 'Idira') versions prior to 1.1.100504 allows adjacent-network attackers to intercept or tamper with privileged-access traffic under specific configuration scenarios. The flaw is rated CVSS 4.0 7.5 with no public exploit identified at time of analysis, but the Connector's role as a broker for secrets and privileged sessions makes successful exploitation highly impactful. Reported by Palo Alto with disclosure tracked under CyberArk Security Bulletin CA26-17.
SQL wildcard character injection in ClipBucket v5's subtitle editing endpoint allows authenticated users to overwrite all subtitle titles across every video they own in a single HTTP request. Affected versions are all releases prior to 5.5.3 - #141 of the open-source video sharing platform maintained by MacWarrior. No public exploit exists and the vulnerability is not listed in CISA KEV, but the trivial exploitation mechanism (a single % character) means any authenticated account could cause bulk subtitle data corruption against their own content.
Unauthenticated blind SQL injection in ClipBucket v5 prior to version 5.5.3 - #129 allows remote attackers to exfiltrate arbitrary database contents via the ids parameter of the actions/progress_video.php endpoint. The flaw carries a critical CVSS 9.8 score and no public exploit identified at time of analysis, but the trivial network-reachable attack surface on a public-facing video sharing platform makes opportunistic scanning likely. Vendor patch is available in 5.5.3 - #129 per the GHSA advisory.
Authenticated SQL injection in ClipBucket v5 prior to release 5.5.3 - #132 allows any user with video-upload privileges to exfiltrate database contents via the POST /actions/subtitle_edit.php endpoint. The vulnerable 'number' parameter handling enables boolean-based blind SQLi, and no public exploit is identified at time of analysis though the GitHub Security Advisory (GHSA-q233-m544-6jqr) documents the issue in detail.
Local privilege/integrity compromise in CyberArk Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allows an authenticated local attacker to interfere with the agent daemon's initialization sequence, potentially undermining the endpoint privilege controls the product is meant to enforce. The CVSS 4.0 score of 8.5 reflects high impact on confidentiality, integrity, and availability of the vulnerable system, though exploitation requires existing local access with low privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.