Information Disclosure
Monthly
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page abusing the Views UI framework. Chromium rates the severity High, and no public exploit is identified at time of analysis, but sandbox-escape primitives are routinely chained with renderer RCE bugs into full browser compromise on Windows endpoints.
Out-of-bounds read in Google Chrome's Video component on ChromeOS exposes process memory to attackers who have already established renderer process compromise. Specifically, an attacker with an existing foothold in the renderer can serve a crafted HTML page to a ChromeOS user and extract potentially sensitive data from memory. No public exploit or CISA KEV listing exists at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), indicating low real-world exploitation activity despite the High CVSS confidentiality impact.
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in Safe Browsing handling of a malicious file. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome's DevTools component before version 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, this is a second-stage vulnerability typically chained with a renderer RCE bug. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exercises the Accessibility subsystem. Chromium rates the issue Critical severity; no public exploit identified at time of analysis, and the flaw is not on the CISA KEV list. The bug is reachable only after a prior renderer compromise and requires user interaction, which limits drive-by exploitation but makes it a key second-stage primitive in a full browser chain.
Memory exhaustion in Netty's HAProxy PROXY protocol v2 codec (netty-codec-haproxy) allows remote unauthenticated attackers to permanently pin pooled ByteBuf memory by sending PROXY v2 headers containing nested PP2_TYPE_SSL TLVs at depth two or greater. Each malicious connection silently leaks native or heap memory on the successful parse path, enabling a sustained denial-of-service against any Netty-based server that terminates PROXY protocol traffic. No public exploit identified at time of analysis, and EPSS is low (0.04%), but the vendor advisory and fixed releases (4.1.135.Final, 4.2.15.Final) are published.
Path traversal in OpenClaw before version 2026.4.25 allows attackers with workspace access to manipulate local package root resolution and load memory-core artifacts from attacker-controlled locations, leading to arbitrary code execution or sensitive data disclosure. The flaw stems from workspace state influencing artifact resolution paths (CWE-427, Uncontrolled Search Path Element). No public exploit identified at time of analysis, though VulnCheck has published a dedicated advisory describing the fake package root resolution technique.
Unauthorized camera feed access affects Brickcom Cube, Dome, Bullet, and Box IP camera product lines due to factory-shipped default credentials (CWE-1392). Any attacker reaching the camera's management interface can authenticate using the known default account and silently view live video, with no public exploit identified at time of analysis though the trivial nature of the issue means weaponization requires no specialized tooling. CISA ICS-CERT issued advisory ICSA-26-162-03 covering the issue.
Credential interception in CodexBar before 0.33.0 exposes API keys, bearer tokens, and browser cookies to network-adjacent attackers through the shared ProviderHTTPClient transport's failure to validate redirect destinations. When a user initiates a credentialed request to an AI provider backend, an attacker positioned to inject redirect responses can steer the transport to a cross-origin host or a plaintext HTTP endpoint, causing CodexBar to forward the original credentials to the attacker-controlled destination. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, but the high confidentiality impact warrants prompt patching - especially for users on shared or untrusted networks.
Protection mechanism failure in Apple macOS allows a locally-installed malicious app running with standard user privileges to access private information that should be restricted by OS-level access controls. Affected versions span three active macOS release trains: Sequoia before 15.4, Sonoma before 14.7.5, and Ventura before 13.7.5. No active exploitation has been confirmed (not in CISA KEV), and CISA SSVC rates exploitation likelihood as none with partial technical impact, placing this in a monitored-but-not-urgent priority tier for most organizations.
Improper symlink resolution in Apple macOS prior to Sequoia 15.4 allows a locally-executing app with standard user privileges to access protected user data that would ordinarily be restricted by macOS privacy controls such as TCC (Transparency, Consent, and Control). Rooted in CWE-59, the flaw enables a malicious app to craft or exploit symbolic links to bypass the OS file-access boundary and read sensitive user data without authorization. No public exploit has been identified at time of analysis, and CISA's SSVC framework rates exploitation as none with partial technical impact.
Unauthorized sensitive user data access in Apple macOS prior to Sequoia 15.4 allows a locally installed app to read private user information due to the presence of vulnerable code that has since been removed. The flaw is classified under CWE-359 (Exposure of Private Personal Information), indicating an API or code path exposed protected data to apps without proper entitlement or permission checks. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis; SSVC assesses exploitation as none and technical impact as partial.
macOS logs sensitive user data without adequate redaction, allowing a local application to read that data from system logs without requiring elevated privileges. Affecting all macOS versions prior to Tahoe 26.1, the flaw (CWE-532) stems from insufficient data sanitization in the operating system's logging subsystem. An app running in the user context can exploit this to access confidential information that should be protected, with no public exploit identified at time of analysis and an EPSS probability of 0.02%.
Symlink-following vulnerability in Apple macOS prior to 15.4 allows a malicious locally-installed application to access protected user data by exploiting improper handling of UNIX symbolic links. Affected systems are all macOS versions below Sequoia 15.4, per CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. No public exploit or active exploitation has been identified; the EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. Apple has issued a fix in macOS Sequoia 15.4.
Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as the live production Docker image without code review or merge approval. The flaw stems from a GitHub Actions deploy workflow that can be tricked into treating an unmerged pull request build as a main-branch deployment, then checking out the PR commit, building it, pushing it as the `latest` Docker tag, and triggering a Dokploy deployment. No public exploit identified at time of analysis, and CVE is not listed in CISA KEV.
Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.
Unsanitized reason text in Quest Bot's /unban and /unwarn Discord commands enables authenticated moderators to trigger mass pings against all server members. Versions prior to 1.0.5 of this open-source Discord moderation bot pass user-controlled reason strings directly into public bot messages without setting Discord's allowedMentions restriction, unlike other moderation commands that already suppress mention parsing. An attacker with moderator-level Discord permissions can embed @everyone or @here in any ban or warn reason to force mass notification delivery to all guild members. No active exploitation has been confirmed and no public exploit code has been identified at the time of analysis.
Ticket transcript redirection in Quest Bot (prior to v1.0.4) allows a privileged user with bot settings access to configure the closed-ticket transcript destination to any channel they can read, exposing full private ticket histories to unauthorized parties. The bot fails to enforce parity between the access controls of the original ticket channel and the transcript destination, breaking the confidentiality boundary of the ticketing system. No public exploit code exists and no KEV listing applies; the CVSS 4.0 score of 5.7 reflects the high privilege requirement and passive user interaction needed to trigger exposure.
Quest Bot, an open-source Discord moderation/utility bot, exposes private channel message contents to privileged users who should not have access to them. A user holding bot configuration privileges can enable the logging feature and direct logs to a channel they control, causing the bot to forward deleted and edited message content from all channels it can observe - including private channels the configuring user is explicitly excluded from reading. No public exploit has been identified at time of analysis, and a patch was released in version 1.0.4.
Quest Bot (Discord moderation bot) prior to v1.0.4 allows low-privileged moderators to leverage the bot's elevated Discord mention permissions to send @everyone or @here notifications they are not themselves permitted to send. Moderation commands that echo user-supplied reason text in public channel replies do not suppress Discord's mention parser, creating a permission boundary bypass within the Discord API privilege model. No public exploit code exists and no active exploitation has been confirmed, though the conditions for abuse are operationally common in Discord servers where bots hold mention permissions above their moderating users.
Unsanitized output in Quest Bot's ticket creation workflow allows any unprivileged Discord server member to inject @everyone, @here, role mentions, or user mentions into ticket channel messages, causing the bot to trigger mass notifications. All Quest Bot versions prior to 1.0.3 are affected; the bot must hold Discord's 'Mention Everyone' permission for the attack to achieve its full impact. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote attackers to deploy malicious container images to production by opening a pull request from a branch named 'main'. The unprivileged build workflow's head_sha is consumed by a downstream privileged deploy workflow, which then builds and publishes attacker-controlled code as the 'latest' Docker image and triggers production rollout. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-9qf3-c86c-j346) documents the chain end-to-end.
Mass mention abuse in Quest Bot (open-source Discord moderation/utility bot) before version 1.0.3 allows any normal Discord user to schedule reminders containing @everyone or @here payloads that the bot later re-sends without mention suppression. Because the bot typically holds the Mention Everyone permission, the stored reminder text effectively grants unprivileged users the ability to ping an entire server or channel on demand. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the trivial reproduction path makes the abuse pattern likely once known.
Privilege escalation in Quest Bot (open-source Discord moderation bot) prior to version 1.0.3 allows a user holding only the Manage Server (ManageGuild) permission to abuse the AutoRole configuration to auto-assign an Administrator-level role to newly joining members. No public exploit identified at time of analysis, but the attack path is fully documented in the GitHub Security Advisory GHSA-8vgg-4hpx-7qfg, making the technique trivially reproducible by anyone with the required guild permission.
Refresh token replay in Apache CXF's OAuth2 provider lets remote attackers concurrently exchange a single leaked refresh token for multiple valid access tokens, breaking the single-use property defenders rely on. The flaw lives in AbstractOAuthDataProvider and only manifests when deployments set 'recycleRefreshTokens' to false. No public exploit identified at time of analysis, and EPSS sits at 0.02% (4th percentile), but SSVC scores technical impact as 'total' due to the OAuth trust implications.
Unauthenticated information disclosure and CPU-exhaustion DoS in Basekick Labs Arc (versions prior to v26.06.1) expose Go's net/http/pprof debug handlers on the public API port without any token check. Remote attackers can fetch heap and goroutine profiles to leak in-memory secrets (live SQL strings, decoded msgpack records, cached *TokenInfo entries) and invoke /debug/pprof/profile?seconds=N to pin a CPU core for arbitrary durations. No public exploit identified at time of analysis, though the vulnerability is trivial to exercise with curl.
Authentication bypass in Apache CXF's OAuthRequestFilter affects versions prior to 4.1.7 and 4.2.0-4.2.1, where an inverted IP-binding check rejects requests from the configured bound IP and permits requests from every other source address. The flaw turns an intended IP allowlist into an implicit deny-list of one, enabling remote unauthenticated attackers to reach protected OAuth endpoints from arbitrary networks. EPSS is low (0.04%) and no public exploit identified at time of analysis, but the trivial nature of the logic inversion makes exploitation straightforward once the misbehaving filter is enabled.
Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentication endpoints, allowing remote unauthenticated attackers to brute-force or password-spray valid user accounts. The flaw stems from improper restriction of excessive authentication attempts (CWE-307) and carries a CVSS 4.0 base score of 8.7 reflecting high confidentiality impact; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Token confusion in Apache CXF's JwtAccessTokenValidator allows an attacker holding a valid JWT issued for one Resource Server to replay it against an unrelated Resource Server because the 'aud' (Audience) claim is not validated. Affects Apache CXF 4.2.0 through 4.2.1 and all versions prior to 4.1.7, enabling cross-service authentication bypass with full confidentiality, integrity, and availability impact on the unintended target. No public exploit identified at time of analysis and EPSS is very low (0.02%, 4th percentile), but the fix is straightforward and the issue is structurally severe for federated OAuth2/JWT deployments.
Broken access control in the admin-ui-ext component of Red Hat Build of Keycloak permits an authenticated delegated administrator to exploit missing granular permission checks on bulk role-removal endpoints, stripping highly privileged roles from arbitrary users or groups within the Keycloak realm. Affected deployments are those using Keycloak's delegated administration model with the admin-ui-ext extension active; exploitation is bounded by the PR:H CVSS requirement, meaning an attacker must already hold delegated admin credentials. No public exploit has been identified and the vulnerability is not listed in CISA KEV, placing real-world risk in the moderate range with highest relevance to environments with partially trusted delegated administrators.
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
Privilege escalation in IBM i versions 7.3, 7.4, 7.5, and 7.6 allows an authenticated user to execute attacker-controlled code with administrator privileges due to an unqualified library call (CWE-427, uncontrolled search path). No public exploit identified at time of analysis, but IBM has released a patch and rated the issue as high severity (CVSS 8.8) given the low complexity and high impact across confidentiality, integrity, and availability.
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
HTTP request smuggling in Kong Gateway Enterprise (3.4, 3.10-3.14 series) enables unauthenticated remote attackers to desynchronize the HTTP/1.1 processing pipeline between Kong and its backend services, achieving high confidentiality and integrity impact against downstream systems. The parsing flaw (CWE-444) exploits ambiguous header interpretation to poison backend request queues, allowing cross-user request hijacking or malicious content injection. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and no active exploitation is confirmed in CISA KEV at time of analysis.
Session cookie hijacking in Boruta authorization server prior to 0.9.1 allows network-positioned attackers to capture authentication and remember-me cookies because they lack the Secure attribute and may be transmitted over plaintext HTTP. The flaw affects boruta_web, boruta_identity, and boruta_admin components and enables full user impersonation, including potentially administrative sessions on an OAuth 2.0/OpenID Connect identity provider. No public exploit identified at time of analysis and the issue is not in CISA KEV.
Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API access token from pipeboard-co/meta-ads-mcp through version 1.0.108 when the server is run with the streamable-HTTP transport on a network-reachable port. The AuthInjectionMiddleware silently forwards requests lacking an Authorization or X-PIPEBOARD-API-TOKEN header, tool handlers fall back to the META_ACCESS_TOKEN environment variable, and Graph API error responses echo the request URL - including the token query parameter - back to the caller. A working proof-of-concept is published in GHSA-9gw6-46qc-99vr; no public exploit identified at time of analysis as a separate weaponized tool, but the PoC is sufficient to reproduce end-to-end.
Credential header leakage in @hapi/wreck (npm) versions before 18.1.2 allows an attacker controlling an adjacent port on the same hostname, or capable of forging a redirect response, to capture Authorization, Cookie, and Proxy-Authorization headers from Node.js HTTP client applications. The library's redirect-following logic stripped credential headers only on hostname changes, leaving scheme and port components unchecked - so same-host redirects across ports (e.g., :443 → :8080) and HTTPS-to-HTTP downgrades forwarded credentials intact to the redirect target. No public exploit identified at time of analysis and not listed in CISA KEV, but the patch commit and test cases are publicly available in the GHSA advisory.
Information disclosure in Element Call 0.5.17 through 0.19.3 causes the application to send full visited URLs (including URL fragments) to a configured PostHog analytics server via the `$initial_person_info`, `$session_entry_url`, and `$current_url` fields. On standalone SPA deployments such as call.element.io that encode call encryption passwords in the URL fragment, this can leak those passwords to anyone with access to the PostHog data, enabling decryption of the associated E2EE media streams. No public exploit identified at time of analysis; the issue was disclosed and patched by the vendor in 0.19.4.
Memory exhaustion in Netty's RedisArrayAggregator handler (io.netty:netty-codec-redis) allows remote unauthenticated attackers to drain the JVM-wide direct-memory pool by repeatedly opening and closing Redis pipeline connections before RESP array aggregates complete. Affects netty-codec-redis 4.1.x through 4.1.134.Final and 4.2.0.Final through 4.2.14.Final; vendor patches are available in 4.1.135.Final and 4.2.15.Final. No public exploit identified at time of analysis, EPSS is low (0.04%), and the issue is not in CISA KEV.
Host confusion in guzzlehttp/psr7 (all versions prior to 2.10.2) allows unauthenticated network attackers to supply a malformed Host header - such as `trusted.example@evil.example` - causing the library's URI construction logic to reinterpret the value as URI userinfo and a different host, silently replacing the parsed URI host with the attacker-controlled domain. Applications that rely on the resulting PSR-7 URI host for routing, allow-list enforcement, or forwarding decisions are at risk of sending requests and credentials to unintended destinations. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the conditional impact on forwarding gateways and API proxies built on psr7's server-request parsing functions is concrete.
OIDC session cookie exposure in TwiN gatus 5.36.0 allows network-positioned attackers to intercept authentication tokens because the `setSessionCookie` function in `security/oidc.go` sets session cookies without the Secure attribute, permitting transmission over unencrypted HTTP connections. Only deployments with OIDC authentication enabled are affected, and exploitation requires high attack complexity due to mandatory network interception positioning. No public exploit code has been identified; the upstream maintainer has closed the associated GitHub issue (#1689) as 'not planned', meaning no vendor patch will be released.
Cerebrate's inbox self-registration workflow exposed bcrypt password hashes of pending registrants to any authenticated user holding inbox or audit log access privileges. The hashed credential appeared unredacted across HTML, JSON, and CSV inbox responses and was also written unredacted into audit log entries, as confirmed by commit 02da6d7 and its accompanying test assertions checking for suppression of the $2y$10$ bcrypt prefix. Exploitation requires PR:H per the CVSS 4.0 vector, no active exploitation is confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.
Cross-Site WebSocket Hijacking in Spring for GraphQL allows remote attackers to execute arbitrary GraphQL operations under an authenticated victim's identity when the application has enabled the GraphQL WebSocket transport. The flaw stems from missing origin validation on WebSocket handshakes (CWE-346), affecting Spring for GraphQL 1.0.x, 1.3.x, 1.4.x, and 2.0.x branches up to 2.0.3. No public exploit identified at time of analysis, but the high CVSS (8.1) and reliance only on a single victim click make this a meaningful risk for any deployment exposing the WebSocket endpoint.
Insecure temporary file handling in Spring Boot's ArtemisEmbeddedConfigurationFactory allows a local, low-privileged attacker on the same host to hijack the embedded Apache ActiveMQ Artemis broker's data directory before the application starts. By pre-creating the predictable static path or placing a symlink at that location, the attacker can redirect broker persistence writes - including application messages, journal files, and bindings - to an attacker-controlled filesystem location, yielding partial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, but the vulnerability spans five active Spring Boot release trains (2.7.x through 4.0.x), broadening aggregate exposure.
Replay attack protections in Spring Web Services are silently ineffective across multiple major branches due to Wss4jSecurityInterceptor failing to wire configured Apache WSS4J ReplayCache instances into the RequestData object at validation time. Operators who believe UsernameToken nonce replay, Timestamp replay, and SAML one-time-use checks are enforced are unknowingly running without those controls. A network-positioned attacker can intercept and replay valid WS-Security tokens - including credentials and SAML assertions - to re-execute previously-authorized SOAP operations, with no public exploit identified at time of analysis and no CISA KEV listing.
Information disclosure in Spring Web Services (Spring-WS) exposes account lifecycle state - such as locked, disabled, or expired status - to remote unauthenticated SOAP clients through verbose exception messages or callback outcomes during authentication processing. Affected are four actively maintained branches (3.1.x through 5.0.x) when the SOAP layer is integrated with Spring Security; the root cause is CWE-209, where error handling fails to normalize Spring Security's typed account-state exceptions into generic authentication failures. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the CVSS 5.3 (Medium) rating reflects genuine reconnaissance utility for account enumeration against exposed SOAP endpoints.
Spring Web Services' Wss4jSecurityInterceptor silently defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's own safer default and permitting inbound WS-Security decryption to accept the weak RSA PKCS#1 v1.5 (rsa-1_5) key transport algorithm. This misconfiguration-by-default affects all four supported release trains (3.1.x, 4.0.x, 4.1.x, 5.0.x) and opens deployed SOAP services to Bleichenbacher-style adaptive chosen-ciphertext attacks against server-side RSA key material unless operators explicitly override the flag. No public exploit has been identified at time of analysis, and the CVSS-assigned high attack complexity (AC:H) reflects the significant number of oracle queries required to mount a practical attack.
Insecure default initialization in Spring Web Services' Wss4jSecurityInterceptor disables WSS4J BSP (WS-I Basic Security Profile) enforcement on inbound RequestData, allowing remote attackers to submit SOAP messages that violate BSP-mandated WS-Security rules. Affected versions span 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1, with no public exploit identified at time of analysis. The CVSS 8.2 score reflects high integrity impact because protocol-level cryptographic checks expected by downstream consumers are silently weakened.
Spring Boot's Mail auto-configuration omits hostname verification for SMTP over TLS/SSL, leaving applications exposed to man-in-the-middle interception of outbound email traffic on adjacent network segments. Three active release lines are affected - 3.4.x through 3.4.16, 3.5.x through 3.5.14, and 4.0.x through 4.0.6 - unless the deploying application has explicitly set the JavaMail property spring.mail.properties.mail.smtp.ssl.checkserveridentity=true to override the insecure default. No public exploit has been identified at time of analysis, but the flaw is present by default in any Spring Boot application that uses the built-in Mail auto-configuration with TLS/SSL and has not applied the corrective property.
Expression Language Injection in Spring Web Flow exposes applications explicitly configured with WebFlowELExpressionParser to evaluation of malicious Unified EL expressions submitted by authenticated low-privilege users. Affected versions span the 2.5.x, 3.0.x, and 4.0.0 release lines; exploitation requires both non-default configuration and user interaction, which meaningfully constrains real-world risk despite the High confidentiality and integrity impact ratings. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Sensitive information disclosure in nebula-mesh (all versions ≤ v0.3.1) leaks newly-minted 32-byte operator API bearer tokens into browser URL history, cross-origin Referer headers, and reverse-proxy access logs by embedding the raw token in a 303 redirect query string. Any actor with read access to nginx combined-format logs, CDN logs, or browser history backup storage can harvest the token and impersonate the operator via the API. A secondary CWE-116 flaw in the same handler omits url.QueryEscape on the user-supplied key name, enabling query-string corruption and potential header injection in older proxies. No public exploit identified at time of analysis; a detailed step-by-step reproducer is included in the GitHub Security Advisory GHSA-9pg3-25fq-p6cc. Fix is available in v0.3.2.
Session hijacking in Pi-hole FTL versions prior to 6.6.1 stems from a race condition in the CivetWeb-based HTTP session management subsystem introduced during the v6.0 rewrite. Remote attackers can leverage concurrent requests to compromise web admin session state, potentially gaining high-impact access (C:H/I:H/A:H per CVSS 8.8) to the DNS sinkhole and network filtering controls. No public exploit identified at time of analysis, but vendor has published an upstream fix in v6.6.1.
Memory leak in ImageMagick's wand option parser degrades availability when invalid options are supplied, affecting all versions prior to 7.1.2-25. The leak is described as small, meaning impact is limited to gradual memory exhaustion rather than immediate resource collapse. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and an EPSS score was not provided - consistent with a low-severity, locally-triggered defect. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS C:N metric and the description; this discrepancy should be treated as a possible tagging error unless the vendor advisory clarifies memory-content exposure.
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of. Rated medium severity (CVSS 5.3). No vendor patch available.
Improper credential validation in the CommvaultSecurityIQ integration for Palo Alto Networks Cortex XSOAR and Cortex XSIAM allows remote attackers to read and modify protected resources without authentication. The CVSS 4.0 base score of 8.1 reflects high impact to confidentiality, integrity, and availability across a network-reachable attack surface, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or uninstalling the endpoint agent - to unprivileged local users. A local user who reads the exposed passcode can then bypass endpoint protection controls that are specifically designed to prevent such actions, effectively disabling Palo Alto's endpoint security enforcement on the affected machine. No public exploit exists at time of analysis, and CVSS 4.0 supplemental metrics classify exploitation likelihood as 'Unreported' (E:U), though the impact on security posture is significant given that the passcode mechanism is the primary access control preventing users from circumventing GlobalProtect.
Denial of service in Russh (Rust SSH client/server library) versions 0.34.0 through 0.60.x allows remote SSH peers to trigger excessive memory allocation by sending oversized, high-fanout, or malformed length-prefixed SSH strings, name-lists, and byte fields before field-specific bounds checks are applied. The flaw affects both client and server message handlers and impacts availability only (CVSS 7.5, C:N/I:N/A:H). No public exploit identified at time of analysis.
Resource exhaustion in Russh's SSH server identification-string reader allows unauthenticated remote attackers to hold connection setup resources indefinitely during the cleartext pre-authentication phase. Russh versions 0.34.0-beta.1 through 0.60.x used the same permissive identification reader for both client and server roles, failing to cap the number of pre-banner lines a connecting client could send before the SSH identification string - a constraint OpenSSH enforces strictly per RFC 4253. Any application serving SSH via russh is exposed to this pre-auth resource-holding condition. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Denial of service in Russh (versions 0.37.0-0.60.x), a Rust SSH client and server library, allows a malicious SSH server to crash connecting clients by exploiting improper input validation in the keyboard-interactive authentication path. The server supplies an attacker-controlled prompt count in a USERAUTH_INFO_REQUEST message, which the client passes directly to Vec::with_capacity() before verifying the packet contains the claimed number of prompts - resulting in a panic or out-of-memory condition that terminates the client process. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Denial of service in the kafka-python client library (versions prior to 2.3.2) allows a malicious Kafka broker or man-in-the-middle attacker to exhaust client memory or wedge connections by sending a crafted 4-byte frame length header. The protocol parser's receive_bytes() function performs no bounds check on the declared frame size, leading to multi-gigabyte allocations or uncaught ValueError exceptions that stop consumer heartbeats. No public exploit identified at time of analysis; reported by VulnCheck with an upstream patch already merged.
Pairing soundness flaw in OpenVM's openvm-pairing guest library prior to version 1.6.0 allows attackers to produce zero-knowledge proofs that pass a pairing check despite being mathematically invalid, because the try_honest_pairing_check function fails to verify that the scaling factor s lies in a proper subfield of Fp12 as required by Theorem 3 of eprint 2024/640. The vulnerability carries an 8.7 CVSS 4.0 score with high integrity impact and no confidentiality or availability impact, and no public exploit identified at time of analysis. The vendor patched it in OpenVM v1.6.0 as part of a coordinated security release addressing four advisories.
Arbitrary file overwrite in bit7z prior to version 4.0.12 is possible through a symlink attack targeting the predictable temporary file (`<archive_path>.tmp`) created during archive update operations. An attacker with write access to the archive directory can pre-place a symlink at that path pointing to a sensitive target file; when a process subsequently calls bit7z to update an archive, the library follows the symlink and overwrites the target with archive data. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though its low-complexity prerequisites on POSIX systems make it a meaningful risk in shared-directory or multi-tenant environments.
Decrypted CA private keys in nebula-mesh linger in Go's process heap after signing operations complete, violating the keystore package's explicit zeroise contract. All versions through v0.3.6 are affected across three call sites - enroll.go:116, updates.go:297, and mobile_bundle.go:40 - each of which constructs a CAManager with a plaintext ed25519.PrivateKey and drops the reference without wiping the underlying slice. An attacker with local memory-read access can extract the plaintext CA private key from process heap, defeating the master-key envelope-encryption design's core security guarantee. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Path traversal in Fission's SanitizeFilePath function (pkg/utils/utils.go) allows a low-privileged tenant to read or write files outside an intended safe directory on a shared Kubernetes volume. Versions prior to 1.25.0 validated directory confinement using strings.HasPrefix, which performs a purely lexical string comparison: a sibling path such as /packages-extra/evil incorrectly passes a check for the safe directory /packages because it satisfies the string prefix condition without a directory-separator boundary. The builder's Clean handler and the fetcher's Fetch and Upload handlers were all affected. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Service account token disclosure in OpenTelemetry Operator's TargetAllocator (versions prior to 0.152.0) allows a tenant with ServiceMonitor write permissions in a watched namespace to exfiltrate the OpenTelemetry Collector pod's mounted Kubernetes service account JWT or any other file on the Collector's filesystem. By setting the bearerTokenFile field on a ServiceMonitor to an arbitrary path (such as /var/run/secrets/kubernetes.io/serviceaccount/token) and pointing the scrape target to an attacker-controlled endpoint, the Collector reads the file and ships its contents as an Authorization: Bearer header on every scrape interval. No public exploit is identified at the time of analysis, though the technique mirrors a well-known Prometheus Operator primitive (ArbitraryFSAccessThroughSMs).
Cross-namespace package reference flaw in Fission prior to version 1.24.0 allows an authenticated tenant to point a Package CRD at an Environment in another namespace, because the buildermgr controller never verified that Package.spec.environment.namespace matched Package.metadata.namespace. With CVSS 7.7 and a scope-changed confidentiality impact, a low-privileged user in one namespace can cause the controller to read and build against environment resources belonging to other tenants. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged authenticated user to craft panels that bypass the Trusted Domains List and exfiltrate sensitive data from a higher-privileged user's browser session. Affected branches span Splunk Enterprise below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and multiple Splunk Cloud Platform release trains. No public exploit has been identified at time of analysis, and SSVC rates current exploitation as none with partial technical impact, though the high confidentiality impact potential warrants prompt patching in environments where low-privileged users can share dashboards with administrators.
Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authenticated users to craft dashboards that silently exfiltrate sensitive data to attacker-controlled external servers. The flaw (CWE-20) resides in the external content dialog, which fails to enforce complete domain restrictions, allowing outbound requests to untrusted hosts when a victim interacts with the malicious dashboard. No public exploit exists and this vulnerability is not listed in CISA KEV, but the High confidentiality impact (C:H) in the CVSS vector reflects meaningful data exposure risk in environments where Splunk indexes security events, credentials, or sensitive operational logs.
CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data exfiltration by low-privileged users targeting higher-privileged accounts. A low-privileged user (without 'admin' or 'power' roles) can craft a malicious classic dashboard containing injected CSS via inline style attributes; when a higher-privileged user views the dashboard, outbound HTTP requests are triggered to attacker-controlled external servers, bypassing the Trusted Domains restriction. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the C:H confidentiality impact and cross-privilege exploitation path make this a meaningful insider or compromised-account threat in environments with mixed privilege levels.
ScreenConnect versions prior to 26.2 permit an authenticated user holding Host Pass creation privileges to bypass the intended maximum token expiration duration when generating delegated access tokens. The root cause is improper input validation (CWE-1284) on the duration field in the Host Pass workflow, allowing the value to exceed its designed upper bound. While no public exploit or CISA KEV listing exists at time of analysis, successful abuse results in the creation of anomalously long-lived access tokens, extending delegated access well beyond the security policy limit - a persistence and access-control integrity risk.
Path traversal bypass in Roxy-WI versions 8.2.6.4 and earlier allows authenticated remote attackers to escape input sanitization in the EscapedString Pydantic validator and inject shell metacharacters alongside '..' sequences. The flaw stems from a flawed if/elif/elif/else control flow that strips metacharacters without re-enforcing the '..' block, and the result is never shlex-quoted before reaching downstream command contexts. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.
Cache key collision in OpenFGA's iterator caching mechanism allows two distinct authorization check requests to resolve to the same cache key, causing the engine to return a stale, incorrect authorization result to a subsequent requester. All OpenFGA deployments prior to version 1.16.0 with iterator caching enabled are affected, specifically when using the experimental weighted_graph_check union resolution path. An authenticated attacker who can trigger authorization checks under conditions that produce a colliding cache key may receive an incorrect allow or deny decision, undermining the integrity and confidentiality of access control enforced by the engine. No public exploit identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Privilege persistence in Apache Answer through version 2.0.0 allows suspended, deleted, or deactivated administrator accounts to retain access to administrative APIs because previously issued tokens are not invalidated upon account state change. The flaw requires high-privilege access to obtain a token initially and carries a CVSS 7.2 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and SSVC marks exploitation as none.
Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows attacker-controlled servers to harvest Authorization and Proxy-Authorization headers by issuing cross-origin 3xx redirects. Because httpc_response:redirect/2 only updates the host field and copies all other headers verbatim - and autoredirect defaults to true - any httpc caller using HTTP Basic auth or URL userinfo silently forwards credentials to the redirect target. No public exploit identified at time of analysis, but the fix has been published upstream and tagged in vendor-released OTP patch versions.
Path disclosure in Erlang OTP's ssh_sftpd module exposes the absolute backend filesystem path of the SFTP chroot root to authenticated clients. By creating a symlink inside the chroot pointing to '/' and issuing SSH_FXP_READLINK, an authenticated SFTP client receives the raw absolute path (e.g., '/data/sftp') that the server uses as the chroot backend, rather than the sanitized chroot-relative value '/'. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; the CVSS 4.0 score of 2.3 reflects the narrowly scoped, low-severity nature of the disclosure.
Username enumeration via timing side-channel in Erlang/OTP SSH daemon (OTP 29.0-29.0.1) allows unauthenticated remote attackers to distinguish valid from invalid usernames in a single probe. When the daemon is configured with the `user_passwords` or `password` options, valid usernames trigger a 600,000-iteration PBKDF2-SHA256 computation (~300ms) while invalid usernames return near-instantly (~0ms) through an early-exit path - a gap detectable without repeated attempts. No public exploit has been identified at time of analysis, and exploitation is constrained to non-default, test-oriented configurations.
Arbitrary privileged memory read/write in Lenovo ThinkPad embedded controller (EC) firmware allows a local administrator on affected ThinkPad models (X13 Gen 6, X1 Carbon 13th Gen, P16v Gen 3, L16 Gen 1/2, T14s Gen 6, P14s Gen 6, L13 Gen 6, L14 Gen 6) to access or modify protected memory regions. Discovered during Lenovo's internal security assessment, the issue is rated CVSS 4.0 8.4 (High) and there is no public exploit identified at time of analysis, with no CISA KEV listing. Despite the high score, exploitation requires high privileges and local access, narrowing realistic abuse to attackers who already have admin on the host or to supply-chain/insider scenarios.
Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.
Remote code execution in Roxy-WI versions 8.2.6.4 and prior allows authenticated users to write attacker-controlled content to arbitrary absolute paths on managed load balancers via the WAF rule save endpoint. By dropping a malicious cron file (e.g., /etc/cron.d/nginx_cfg_evil), an attacker achieves root-level code execution on every load balancer in the caller's group. No public exploit identified at time of analysis, and no vendor-released patch is currently available, making this a high-priority issue for any exposed deployment.
Information disclosure in nezha 2.x server monitoring dashboard exposes private services marked with `EnableShowInService: false` to unauthenticated network visitors through two API endpoints that bypass the intended visibility filter. Attackers who can reach the API can enumerate hidden service names, IDs, and per-server timing data by iterating over public server IDs or guessing numeric service IDs - both low-cardinality spaces in typical deployments. No public exploit is required to leverage this; a fully functional proof-of-concept using only standard `curl` commands is documented in the GitHub security advisory GHSA-vrmh-5mmx-hjwx, and the fix is available in version 2.0.14.
Silent security posture degradation in `@hulumi/baseline` (npm, versions < 1.4.0) allows AWS detective service configurations to appear active while being suspended, misconfigured, or inadvertently destroyed through normal Pulumi stack teardown operations. The `AccountFoundation` component's opt-in reuse mode for existing GuardDuty detectors and Security Hub configurations never validates imported resource state, meaning a suspended or slow-cadence GuardDuty detector silently passes deployment as healthy, and a routine `pulumi destroy` will call `BatchDisableStandards` to strip CIS/NIST compliance subscriptions from accounts that had those subscriptions before Hulumi was ever introduced. No public exploit identified at time of analysis; both failure modes are triggered by legitimate operator actions, not adversarial input.
Audit log tamper-resistance failure in @hulumi/baseline versions prior to 1.4.0 allows any S3-delete-capable principal in the AWS account to silently erase CloudTrail and AWS Config forensic records that the AccountFoundation construct was advertised to protect. Three compounding defects - hard-coded objectLock:false on the startup-hardened tier, unrestricted propagation of forceDestroy/logBucketForceDestroy to the audit bucket, and a sandbox tier that omitted Object Lock, server access logging, and the CloudTrail-Lake EventDataStore entirely - left consumers believing they had immutable audit capture when they did not. No public exploit identified at time of analysis, no CVSS or EPSS published, and the issue is a defense-in-depth/forensic-integrity weakness rather than a remote code execution path.
Detection bypass in @hulumi/policies versions prior to 1.4.0 allows IAM trust policies that list multiple OIDC federated providers to evade the G_OIDC_1 and G_OIDC_2 policy checks for GitHub Actions OIDC roles. Consumers of HulumiHardeningPack or HulumiGithubHardeningPack can therefore ship roles with wildcard sub: conditions - assumable by untrusted forked-PR workflows - while the validator falsely reports compliance, including missing the AdministratorAccess blast-radius flag. No public exploit identified at time of analysis, and there is no CISA KEV listing.
Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.
Heap-use-after-free corruption in Ghidra's decompiler before version 12.1 allows a local attacker - or any actor who can deliver a crafted binary to a target analyst - to corrupt freed heap memory when the victim opens the file in the decompiler view. The vulnerability resides in HighVariable::merge() during the variable merging pass, where stale pointers in the HighIntersectTest::highedgemap cache are dereferenced against freed memory, producing low-impact integrity and availability effects on the Ghidra process. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the tool's user base of security researchers who routinely open untrusted binaries elevates the practical threat profile.
Improper certificate trust validation in Systerel S2OPC allows remote attackers to have well-formed but untrusted X.509 certificates accepted as trusted, undermining the OPC UA secure channel authentication model. CVSS 7.3 reflects network-reachable, unauthenticated exploitation with low impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. The flaw is reported by GitLab and tracked in Systerel's public issue tracker, with no CISA KEV listing.
Arbitrary symlink creation in Debusine's mergeuploads task allows remote unauthenticated attackers to overwrite files accessible to the worker process. Affected versions 0.12.0 through 0.14.8 fail to sanitize fully user-controlled paths embedded in Debian manifest files (.dsc and .changes), enabling path traversal via CWE-59 link-following. Despite a CVSS network-accessible, no-auth vector, real-world risk is bounded by deployment context - exploitation requires the ability to submit packages to a Debusine instance. No public exploit identified at time of analysis and EPSS sits at 0.02% (4th percentile).
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page abusing the Views UI framework. Chromium rates the severity High, and no public exploit is identified at time of analysis, but sandbox-escape primitives are routinely chained with renderer RCE bugs into full browser compromise on Windows endpoints.
Out-of-bounds read in Google Chrome's Video component on ChromeOS exposes process memory to attackers who have already established renderer process compromise. Specifically, an attacker with an existing foothold in the renderer can serve a crafted HTML page to a ChromeOS user and extract potentially sensitive data from memory. No public exploit or CISA KEV listing exists at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), indicating low real-world exploitation activity despite the High CVSS confidentiality impact.
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in Safe Browsing handling of a malicious file. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome's DevTools component before version 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, this is a second-stage vulnerability typically chained with a renderer RCE bug. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exercises the Accessibility subsystem. Chromium rates the issue Critical severity; no public exploit identified at time of analysis, and the flaw is not on the CISA KEV list. The bug is reachable only after a prior renderer compromise and requires user interaction, which limits drive-by exploitation but makes it a key second-stage primitive in a full browser chain.
Memory exhaustion in Netty's HAProxy PROXY protocol v2 codec (netty-codec-haproxy) allows remote unauthenticated attackers to permanently pin pooled ByteBuf memory by sending PROXY v2 headers containing nested PP2_TYPE_SSL TLVs at depth two or greater. Each malicious connection silently leaks native or heap memory on the successful parse path, enabling a sustained denial-of-service against any Netty-based server that terminates PROXY protocol traffic. No public exploit identified at time of analysis, and EPSS is low (0.04%), but the vendor advisory and fixed releases (4.1.135.Final, 4.2.15.Final) are published.
Path traversal in OpenClaw before version 2026.4.25 allows attackers with workspace access to manipulate local package root resolution and load memory-core artifacts from attacker-controlled locations, leading to arbitrary code execution or sensitive data disclosure. The flaw stems from workspace state influencing artifact resolution paths (CWE-427, Uncontrolled Search Path Element). No public exploit identified at time of analysis, though VulnCheck has published a dedicated advisory describing the fake package root resolution technique.
Unauthorized camera feed access affects Brickcom Cube, Dome, Bullet, and Box IP camera product lines due to factory-shipped default credentials (CWE-1392). Any attacker reaching the camera's management interface can authenticate using the known default account and silently view live video, with no public exploit identified at time of analysis though the trivial nature of the issue means weaponization requires no specialized tooling. CISA ICS-CERT issued advisory ICSA-26-162-03 covering the issue.
Credential interception in CodexBar before 0.33.0 exposes API keys, bearer tokens, and browser cookies to network-adjacent attackers through the shared ProviderHTTPClient transport's failure to validate redirect destinations. When a user initiates a credentialed request to an AI provider backend, an attacker positioned to inject redirect responses can steer the transport to a cross-origin host or a plaintext HTTP endpoint, causing CodexBar to forward the original credentials to the attacker-controlled destination. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, but the high confidentiality impact warrants prompt patching - especially for users on shared or untrusted networks.
Protection mechanism failure in Apple macOS allows a locally-installed malicious app running with standard user privileges to access private information that should be restricted by OS-level access controls. Affected versions span three active macOS release trains: Sequoia before 15.4, Sonoma before 14.7.5, and Ventura before 13.7.5. No active exploitation has been confirmed (not in CISA KEV), and CISA SSVC rates exploitation likelihood as none with partial technical impact, placing this in a monitored-but-not-urgent priority tier for most organizations.
Improper symlink resolution in Apple macOS prior to Sequoia 15.4 allows a locally-executing app with standard user privileges to access protected user data that would ordinarily be restricted by macOS privacy controls such as TCC (Transparency, Consent, and Control). Rooted in CWE-59, the flaw enables a malicious app to craft or exploit symbolic links to bypass the OS file-access boundary and read sensitive user data without authorization. No public exploit has been identified at time of analysis, and CISA's SSVC framework rates exploitation as none with partial technical impact.
Unauthorized sensitive user data access in Apple macOS prior to Sequoia 15.4 allows a locally installed app to read private user information due to the presence of vulnerable code that has since been removed. The flaw is classified under CWE-359 (Exposure of Private Personal Information), indicating an API or code path exposed protected data to apps without proper entitlement or permission checks. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis; SSVC assesses exploitation as none and technical impact as partial.
macOS logs sensitive user data without adequate redaction, allowing a local application to read that data from system logs without requiring elevated privileges. Affecting all macOS versions prior to Tahoe 26.1, the flaw (CWE-532) stems from insufficient data sanitization in the operating system's logging subsystem. An app running in the user context can exploit this to access confidential information that should be protected, with no public exploit identified at time of analysis and an EPSS probability of 0.02%.
Symlink-following vulnerability in Apple macOS prior to 15.4 allows a malicious locally-installed application to access protected user data by exploiting improper handling of UNIX symbolic links. Affected systems are all macOS versions below Sequoia 15.4, per CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. No public exploit or active exploitation has been identified; the EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. Apple has issued a fix in macOS Sequoia 15.4.
Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as the live production Docker image without code review or merge approval. The flaw stems from a GitHub Actions deploy workflow that can be tricked into treating an unmerged pull request build as a main-branch deployment, then checking out the PR commit, building it, pushing it as the `latest` Docker tag, and triggering a Dokploy deployment. No public exploit identified at time of analysis, and CVE is not listed in CISA KEV.
Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.
Unsanitized reason text in Quest Bot's /unban and /unwarn Discord commands enables authenticated moderators to trigger mass pings against all server members. Versions prior to 1.0.5 of this open-source Discord moderation bot pass user-controlled reason strings directly into public bot messages without setting Discord's allowedMentions restriction, unlike other moderation commands that already suppress mention parsing. An attacker with moderator-level Discord permissions can embed @everyone or @here in any ban or warn reason to force mass notification delivery to all guild members. No active exploitation has been confirmed and no public exploit code has been identified at the time of analysis.
Ticket transcript redirection in Quest Bot (prior to v1.0.4) allows a privileged user with bot settings access to configure the closed-ticket transcript destination to any channel they can read, exposing full private ticket histories to unauthorized parties. The bot fails to enforce parity between the access controls of the original ticket channel and the transcript destination, breaking the confidentiality boundary of the ticketing system. No public exploit code exists and no KEV listing applies; the CVSS 4.0 score of 5.7 reflects the high privilege requirement and passive user interaction needed to trigger exposure.
Quest Bot, an open-source Discord moderation/utility bot, exposes private channel message contents to privileged users who should not have access to them. A user holding bot configuration privileges can enable the logging feature and direct logs to a channel they control, causing the bot to forward deleted and edited message content from all channels it can observe - including private channels the configuring user is explicitly excluded from reading. No public exploit has been identified at time of analysis, and a patch was released in version 1.0.4.
Quest Bot (Discord moderation bot) prior to v1.0.4 allows low-privileged moderators to leverage the bot's elevated Discord mention permissions to send @everyone or @here notifications they are not themselves permitted to send. Moderation commands that echo user-supplied reason text in public channel replies do not suppress Discord's mention parser, creating a permission boundary bypass within the Discord API privilege model. No public exploit code exists and no active exploitation has been confirmed, though the conditions for abuse are operationally common in Discord servers where bots hold mention permissions above their moderating users.
Unsanitized output in Quest Bot's ticket creation workflow allows any unprivileged Discord server member to inject @everyone, @here, role mentions, or user mentions into ticket channel messages, causing the bot to trigger mass notifications. All Quest Bot versions prior to 1.0.3 are affected; the bot must hold Discord's 'Mention Everyone' permission for the attack to achieve its full impact. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote attackers to deploy malicious container images to production by opening a pull request from a branch named 'main'. The unprivileged build workflow's head_sha is consumed by a downstream privileged deploy workflow, which then builds and publishes attacker-controlled code as the 'latest' Docker image and triggers production rollout. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-9qf3-c86c-j346) documents the chain end-to-end.
Mass mention abuse in Quest Bot (open-source Discord moderation/utility bot) before version 1.0.3 allows any normal Discord user to schedule reminders containing @everyone or @here payloads that the bot later re-sends without mention suppression. Because the bot typically holds the Mention Everyone permission, the stored reminder text effectively grants unprivileged users the ability to ping an entire server or channel on demand. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the trivial reproduction path makes the abuse pattern likely once known.
Privilege escalation in Quest Bot (open-source Discord moderation bot) prior to version 1.0.3 allows a user holding only the Manage Server (ManageGuild) permission to abuse the AutoRole configuration to auto-assign an Administrator-level role to newly joining members. No public exploit identified at time of analysis, but the attack path is fully documented in the GitHub Security Advisory GHSA-8vgg-4hpx-7qfg, making the technique trivially reproducible by anyone with the required guild permission.
Refresh token replay in Apache CXF's OAuth2 provider lets remote attackers concurrently exchange a single leaked refresh token for multiple valid access tokens, breaking the single-use property defenders rely on. The flaw lives in AbstractOAuthDataProvider and only manifests when deployments set 'recycleRefreshTokens' to false. No public exploit identified at time of analysis, and EPSS sits at 0.02% (4th percentile), but SSVC scores technical impact as 'total' due to the OAuth trust implications.
Unauthenticated information disclosure and CPU-exhaustion DoS in Basekick Labs Arc (versions prior to v26.06.1) expose Go's net/http/pprof debug handlers on the public API port without any token check. Remote attackers can fetch heap and goroutine profiles to leak in-memory secrets (live SQL strings, decoded msgpack records, cached *TokenInfo entries) and invoke /debug/pprof/profile?seconds=N to pin a CPU core for arbitrary durations. No public exploit identified at time of analysis, though the vulnerability is trivial to exercise with curl.
Authentication bypass in Apache CXF's OAuthRequestFilter affects versions prior to 4.1.7 and 4.2.0-4.2.1, where an inverted IP-binding check rejects requests from the configured bound IP and permits requests from every other source address. The flaw turns an intended IP allowlist into an implicit deny-list of one, enabling remote unauthenticated attackers to reach protected OAuth endpoints from arbitrary networks. EPSS is low (0.04%) and no public exploit identified at time of analysis, but the trivial nature of the logic inversion makes exploitation straightforward once the misbehaving filter is enabled.
Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentication endpoints, allowing remote unauthenticated attackers to brute-force or password-spray valid user accounts. The flaw stems from improper restriction of excessive authentication attempts (CWE-307) and carries a CVSS 4.0 base score of 8.7 reflecting high confidentiality impact; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Token confusion in Apache CXF's JwtAccessTokenValidator allows an attacker holding a valid JWT issued for one Resource Server to replay it against an unrelated Resource Server because the 'aud' (Audience) claim is not validated. Affects Apache CXF 4.2.0 through 4.2.1 and all versions prior to 4.1.7, enabling cross-service authentication bypass with full confidentiality, integrity, and availability impact on the unintended target. No public exploit identified at time of analysis and EPSS is very low (0.02%, 4th percentile), but the fix is straightforward and the issue is structurally severe for federated OAuth2/JWT deployments.
Broken access control in the admin-ui-ext component of Red Hat Build of Keycloak permits an authenticated delegated administrator to exploit missing granular permission checks on bulk role-removal endpoints, stripping highly privileged roles from arbitrary users or groups within the Keycloak realm. Affected deployments are those using Keycloak's delegated administration model with the admin-ui-ext extension active; exploitation is bounded by the PR:H CVSS requirement, meaning an attacker must already hold delegated admin credentials. No public exploit has been identified and the vulnerability is not listed in CISA KEV, placing real-world risk in the moderate range with highest relevance to environments with partially trusted delegated administrators.
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
Privilege escalation in IBM i versions 7.3, 7.4, 7.5, and 7.6 allows an authenticated user to execute attacker-controlled code with administrator privileges due to an unqualified library call (CWE-427, uncontrolled search path). No public exploit identified at time of analysis, but IBM has released a patch and rated the issue as high severity (CVSS 8.8) given the low complexity and high impact across confidentiality, integrity, and availability.
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
HTTP request smuggling in Kong Gateway Enterprise (3.4, 3.10-3.14 series) enables unauthenticated remote attackers to desynchronize the HTTP/1.1 processing pipeline between Kong and its backend services, achieving high confidentiality and integrity impact against downstream systems. The parsing flaw (CWE-444) exploits ambiguous header interpretation to poison backend request queues, allowing cross-user request hijacking or malicious content injection. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and no active exploitation is confirmed in CISA KEV at time of analysis.
Session cookie hijacking in Boruta authorization server prior to 0.9.1 allows network-positioned attackers to capture authentication and remember-me cookies because they lack the Secure attribute and may be transmitted over plaintext HTTP. The flaw affects boruta_web, boruta_identity, and boruta_admin components and enables full user impersonation, including potentially administrative sessions on an OAuth 2.0/OpenID Connect identity provider. No public exploit identified at time of analysis and the issue is not in CISA KEV.
Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API access token from pipeboard-co/meta-ads-mcp through version 1.0.108 when the server is run with the streamable-HTTP transport on a network-reachable port. The AuthInjectionMiddleware silently forwards requests lacking an Authorization or X-PIPEBOARD-API-TOKEN header, tool handlers fall back to the META_ACCESS_TOKEN environment variable, and Graph API error responses echo the request URL - including the token query parameter - back to the caller. A working proof-of-concept is published in GHSA-9gw6-46qc-99vr; no public exploit identified at time of analysis as a separate weaponized tool, but the PoC is sufficient to reproduce end-to-end.
Credential header leakage in @hapi/wreck (npm) versions before 18.1.2 allows an attacker controlling an adjacent port on the same hostname, or capable of forging a redirect response, to capture Authorization, Cookie, and Proxy-Authorization headers from Node.js HTTP client applications. The library's redirect-following logic stripped credential headers only on hostname changes, leaving scheme and port components unchecked - so same-host redirects across ports (e.g., :443 → :8080) and HTTPS-to-HTTP downgrades forwarded credentials intact to the redirect target. No public exploit identified at time of analysis and not listed in CISA KEV, but the patch commit and test cases are publicly available in the GHSA advisory.
Information disclosure in Element Call 0.5.17 through 0.19.3 causes the application to send full visited URLs (including URL fragments) to a configured PostHog analytics server via the `$initial_person_info`, `$session_entry_url`, and `$current_url` fields. On standalone SPA deployments such as call.element.io that encode call encryption passwords in the URL fragment, this can leak those passwords to anyone with access to the PostHog data, enabling decryption of the associated E2EE media streams. No public exploit identified at time of analysis; the issue was disclosed and patched by the vendor in 0.19.4.
Memory exhaustion in Netty's RedisArrayAggregator handler (io.netty:netty-codec-redis) allows remote unauthenticated attackers to drain the JVM-wide direct-memory pool by repeatedly opening and closing Redis pipeline connections before RESP array aggregates complete. Affects netty-codec-redis 4.1.x through 4.1.134.Final and 4.2.0.Final through 4.2.14.Final; vendor patches are available in 4.1.135.Final and 4.2.15.Final. No public exploit identified at time of analysis, EPSS is low (0.04%), and the issue is not in CISA KEV.
Host confusion in guzzlehttp/psr7 (all versions prior to 2.10.2) allows unauthenticated network attackers to supply a malformed Host header - such as `trusted.example@evil.example` - causing the library's URI construction logic to reinterpret the value as URI userinfo and a different host, silently replacing the parsed URI host with the attacker-controlled domain. Applications that rely on the resulting PSR-7 URI host for routing, allow-list enforcement, or forwarding decisions are at risk of sending requests and credentials to unintended destinations. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the conditional impact on forwarding gateways and API proxies built on psr7's server-request parsing functions is concrete.
OIDC session cookie exposure in TwiN gatus 5.36.0 allows network-positioned attackers to intercept authentication tokens because the `setSessionCookie` function in `security/oidc.go` sets session cookies without the Secure attribute, permitting transmission over unencrypted HTTP connections. Only deployments with OIDC authentication enabled are affected, and exploitation requires high attack complexity due to mandatory network interception positioning. No public exploit code has been identified; the upstream maintainer has closed the associated GitHub issue (#1689) as 'not planned', meaning no vendor patch will be released.
Cerebrate's inbox self-registration workflow exposed bcrypt password hashes of pending registrants to any authenticated user holding inbox or audit log access privileges. The hashed credential appeared unredacted across HTML, JSON, and CSV inbox responses and was also written unredacted into audit log entries, as confirmed by commit 02da6d7 and its accompanying test assertions checking for suppression of the $2y$10$ bcrypt prefix. Exploitation requires PR:H per the CVSS 4.0 vector, no active exploitation is confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.
Cross-Site WebSocket Hijacking in Spring for GraphQL allows remote attackers to execute arbitrary GraphQL operations under an authenticated victim's identity when the application has enabled the GraphQL WebSocket transport. The flaw stems from missing origin validation on WebSocket handshakes (CWE-346), affecting Spring for GraphQL 1.0.x, 1.3.x, 1.4.x, and 2.0.x branches up to 2.0.3. No public exploit identified at time of analysis, but the high CVSS (8.1) and reliance only on a single victim click make this a meaningful risk for any deployment exposing the WebSocket endpoint.
Insecure temporary file handling in Spring Boot's ArtemisEmbeddedConfigurationFactory allows a local, low-privileged attacker on the same host to hijack the embedded Apache ActiveMQ Artemis broker's data directory before the application starts. By pre-creating the predictable static path or placing a symlink at that location, the attacker can redirect broker persistence writes - including application messages, journal files, and bindings - to an attacker-controlled filesystem location, yielding partial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, but the vulnerability spans five active Spring Boot release trains (2.7.x through 4.0.x), broadening aggregate exposure.
Replay attack protections in Spring Web Services are silently ineffective across multiple major branches due to Wss4jSecurityInterceptor failing to wire configured Apache WSS4J ReplayCache instances into the RequestData object at validation time. Operators who believe UsernameToken nonce replay, Timestamp replay, and SAML one-time-use checks are enforced are unknowingly running without those controls. A network-positioned attacker can intercept and replay valid WS-Security tokens - including credentials and SAML assertions - to re-execute previously-authorized SOAP operations, with no public exploit identified at time of analysis and no CISA KEV listing.
Information disclosure in Spring Web Services (Spring-WS) exposes account lifecycle state - such as locked, disabled, or expired status - to remote unauthenticated SOAP clients through verbose exception messages or callback outcomes during authentication processing. Affected are four actively maintained branches (3.1.x through 5.0.x) when the SOAP layer is integrated with Spring Security; the root cause is CWE-209, where error handling fails to normalize Spring Security's typed account-state exceptions into generic authentication failures. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the CVSS 5.3 (Medium) rating reflects genuine reconnaissance utility for account enumeration against exposed SOAP endpoints.
Spring Web Services' Wss4jSecurityInterceptor silently defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's own safer default and permitting inbound WS-Security decryption to accept the weak RSA PKCS#1 v1.5 (rsa-1_5) key transport algorithm. This misconfiguration-by-default affects all four supported release trains (3.1.x, 4.0.x, 4.1.x, 5.0.x) and opens deployed SOAP services to Bleichenbacher-style adaptive chosen-ciphertext attacks against server-side RSA key material unless operators explicitly override the flag. No public exploit has been identified at time of analysis, and the CVSS-assigned high attack complexity (AC:H) reflects the significant number of oracle queries required to mount a practical attack.
Insecure default initialization in Spring Web Services' Wss4jSecurityInterceptor disables WSS4J BSP (WS-I Basic Security Profile) enforcement on inbound RequestData, allowing remote attackers to submit SOAP messages that violate BSP-mandated WS-Security rules. Affected versions span 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1, with no public exploit identified at time of analysis. The CVSS 8.2 score reflects high integrity impact because protocol-level cryptographic checks expected by downstream consumers are silently weakened.
Spring Boot's Mail auto-configuration omits hostname verification for SMTP over TLS/SSL, leaving applications exposed to man-in-the-middle interception of outbound email traffic on adjacent network segments. Three active release lines are affected - 3.4.x through 3.4.16, 3.5.x through 3.5.14, and 4.0.x through 4.0.6 - unless the deploying application has explicitly set the JavaMail property spring.mail.properties.mail.smtp.ssl.checkserveridentity=true to override the insecure default. No public exploit has been identified at time of analysis, but the flaw is present by default in any Spring Boot application that uses the built-in Mail auto-configuration with TLS/SSL and has not applied the corrective property.
Expression Language Injection in Spring Web Flow exposes applications explicitly configured with WebFlowELExpressionParser to evaluation of malicious Unified EL expressions submitted by authenticated low-privilege users. Affected versions span the 2.5.x, 3.0.x, and 4.0.0 release lines; exploitation requires both non-default configuration and user interaction, which meaningfully constrains real-world risk despite the High confidentiality and integrity impact ratings. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Sensitive information disclosure in nebula-mesh (all versions ≤ v0.3.1) leaks newly-minted 32-byte operator API bearer tokens into browser URL history, cross-origin Referer headers, and reverse-proxy access logs by embedding the raw token in a 303 redirect query string. Any actor with read access to nginx combined-format logs, CDN logs, or browser history backup storage can harvest the token and impersonate the operator via the API. A secondary CWE-116 flaw in the same handler omits url.QueryEscape on the user-supplied key name, enabling query-string corruption and potential header injection in older proxies. No public exploit identified at time of analysis; a detailed step-by-step reproducer is included in the GitHub Security Advisory GHSA-9pg3-25fq-p6cc. Fix is available in v0.3.2.
Session hijacking in Pi-hole FTL versions prior to 6.6.1 stems from a race condition in the CivetWeb-based HTTP session management subsystem introduced during the v6.0 rewrite. Remote attackers can leverage concurrent requests to compromise web admin session state, potentially gaining high-impact access (C:H/I:H/A:H per CVSS 8.8) to the DNS sinkhole and network filtering controls. No public exploit identified at time of analysis, but vendor has published an upstream fix in v6.6.1.
Memory leak in ImageMagick's wand option parser degrades availability when invalid options are supplied, affecting all versions prior to 7.1.2-25. The leak is described as small, meaning impact is limited to gradual memory exhaustion rather than immediate resource collapse. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and an EPSS score was not provided - consistent with a low-severity, locally-triggered defect. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS C:N metric and the description; this discrepancy should be treated as a possible tagging error unless the vendor advisory clarifies memory-content exposure.
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of. Rated medium severity (CVSS 5.3). No vendor patch available.
Improper credential validation in the CommvaultSecurityIQ integration for Palo Alto Networks Cortex XSOAR and Cortex XSIAM allows remote attackers to read and modify protected resources without authentication. The CVSS 4.0 base score of 8.1 reflects high impact to confidentiality, integrity, and availability across a network-reachable attack surface, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or uninstalling the endpoint agent - to unprivileged local users. A local user who reads the exposed passcode can then bypass endpoint protection controls that are specifically designed to prevent such actions, effectively disabling Palo Alto's endpoint security enforcement on the affected machine. No public exploit exists at time of analysis, and CVSS 4.0 supplemental metrics classify exploitation likelihood as 'Unreported' (E:U), though the impact on security posture is significant given that the passcode mechanism is the primary access control preventing users from circumventing GlobalProtect.
Denial of service in Russh (Rust SSH client/server library) versions 0.34.0 through 0.60.x allows remote SSH peers to trigger excessive memory allocation by sending oversized, high-fanout, or malformed length-prefixed SSH strings, name-lists, and byte fields before field-specific bounds checks are applied. The flaw affects both client and server message handlers and impacts availability only (CVSS 7.5, C:N/I:N/A:H). No public exploit identified at time of analysis.
Resource exhaustion in Russh's SSH server identification-string reader allows unauthenticated remote attackers to hold connection setup resources indefinitely during the cleartext pre-authentication phase. Russh versions 0.34.0-beta.1 through 0.60.x used the same permissive identification reader for both client and server roles, failing to cap the number of pre-banner lines a connecting client could send before the SSH identification string - a constraint OpenSSH enforces strictly per RFC 4253. Any application serving SSH via russh is exposed to this pre-auth resource-holding condition. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Denial of service in Russh (versions 0.37.0-0.60.x), a Rust SSH client and server library, allows a malicious SSH server to crash connecting clients by exploiting improper input validation in the keyboard-interactive authentication path. The server supplies an attacker-controlled prompt count in a USERAUTH_INFO_REQUEST message, which the client passes directly to Vec::with_capacity() before verifying the packet contains the claimed number of prompts - resulting in a panic or out-of-memory condition that terminates the client process. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Denial of service in the kafka-python client library (versions prior to 2.3.2) allows a malicious Kafka broker or man-in-the-middle attacker to exhaust client memory or wedge connections by sending a crafted 4-byte frame length header. The protocol parser's receive_bytes() function performs no bounds check on the declared frame size, leading to multi-gigabyte allocations or uncaught ValueError exceptions that stop consumer heartbeats. No public exploit identified at time of analysis; reported by VulnCheck with an upstream patch already merged.
Pairing soundness flaw in OpenVM's openvm-pairing guest library prior to version 1.6.0 allows attackers to produce zero-knowledge proofs that pass a pairing check despite being mathematically invalid, because the try_honest_pairing_check function fails to verify that the scaling factor s lies in a proper subfield of Fp12 as required by Theorem 3 of eprint 2024/640. The vulnerability carries an 8.7 CVSS 4.0 score with high integrity impact and no confidentiality or availability impact, and no public exploit identified at time of analysis. The vendor patched it in OpenVM v1.6.0 as part of a coordinated security release addressing four advisories.
Arbitrary file overwrite in bit7z prior to version 4.0.12 is possible through a symlink attack targeting the predictable temporary file (`<archive_path>.tmp`) created during archive update operations. An attacker with write access to the archive directory can pre-place a symlink at that path pointing to a sensitive target file; when a process subsequently calls bit7z to update an archive, the library follows the symlink and overwrites the target with archive data. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though its low-complexity prerequisites on POSIX systems make it a meaningful risk in shared-directory or multi-tenant environments.
Decrypted CA private keys in nebula-mesh linger in Go's process heap after signing operations complete, violating the keystore package's explicit zeroise contract. All versions through v0.3.6 are affected across three call sites - enroll.go:116, updates.go:297, and mobile_bundle.go:40 - each of which constructs a CAManager with a plaintext ed25519.PrivateKey and drops the reference without wiping the underlying slice. An attacker with local memory-read access can extract the plaintext CA private key from process heap, defeating the master-key envelope-encryption design's core security guarantee. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Path traversal in Fission's SanitizeFilePath function (pkg/utils/utils.go) allows a low-privileged tenant to read or write files outside an intended safe directory on a shared Kubernetes volume. Versions prior to 1.25.0 validated directory confinement using strings.HasPrefix, which performs a purely lexical string comparison: a sibling path such as /packages-extra/evil incorrectly passes a check for the safe directory /packages because it satisfies the string prefix condition without a directory-separator boundary. The builder's Clean handler and the fetcher's Fetch and Upload handlers were all affected. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Service account token disclosure in OpenTelemetry Operator's TargetAllocator (versions prior to 0.152.0) allows a tenant with ServiceMonitor write permissions in a watched namespace to exfiltrate the OpenTelemetry Collector pod's mounted Kubernetes service account JWT or any other file on the Collector's filesystem. By setting the bearerTokenFile field on a ServiceMonitor to an arbitrary path (such as /var/run/secrets/kubernetes.io/serviceaccount/token) and pointing the scrape target to an attacker-controlled endpoint, the Collector reads the file and ships its contents as an Authorization: Bearer header on every scrape interval. No public exploit is identified at the time of analysis, though the technique mirrors a well-known Prometheus Operator primitive (ArbitraryFSAccessThroughSMs).
Cross-namespace package reference flaw in Fission prior to version 1.24.0 allows an authenticated tenant to point a Package CRD at an Environment in another namespace, because the buildermgr controller never verified that Package.spec.environment.namespace matched Package.metadata.namespace. With CVSS 7.7 and a scope-changed confidentiality impact, a low-privileged user in one namespace can cause the controller to read and build against environment resources belonging to other tenants. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged authenticated user to craft panels that bypass the Trusted Domains List and exfiltrate sensitive data from a higher-privileged user's browser session. Affected branches span Splunk Enterprise below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and multiple Splunk Cloud Platform release trains. No public exploit has been identified at time of analysis, and SSVC rates current exploitation as none with partial technical impact, though the high confidentiality impact potential warrants prompt patching in environments where low-privileged users can share dashboards with administrators.
Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authenticated users to craft dashboards that silently exfiltrate sensitive data to attacker-controlled external servers. The flaw (CWE-20) resides in the external content dialog, which fails to enforce complete domain restrictions, allowing outbound requests to untrusted hosts when a victim interacts with the malicious dashboard. No public exploit exists and this vulnerability is not listed in CISA KEV, but the High confidentiality impact (C:H) in the CVSS vector reflects meaningful data exposure risk in environments where Splunk indexes security events, credentials, or sensitive operational logs.
CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data exfiltration by low-privileged users targeting higher-privileged accounts. A low-privileged user (without 'admin' or 'power' roles) can craft a malicious classic dashboard containing injected CSS via inline style attributes; when a higher-privileged user views the dashboard, outbound HTTP requests are triggered to attacker-controlled external servers, bypassing the Trusted Domains restriction. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the C:H confidentiality impact and cross-privilege exploitation path make this a meaningful insider or compromised-account threat in environments with mixed privilege levels.
ScreenConnect versions prior to 26.2 permit an authenticated user holding Host Pass creation privileges to bypass the intended maximum token expiration duration when generating delegated access tokens. The root cause is improper input validation (CWE-1284) on the duration field in the Host Pass workflow, allowing the value to exceed its designed upper bound. While no public exploit or CISA KEV listing exists at time of analysis, successful abuse results in the creation of anomalously long-lived access tokens, extending delegated access well beyond the security policy limit - a persistence and access-control integrity risk.
Path traversal bypass in Roxy-WI versions 8.2.6.4 and earlier allows authenticated remote attackers to escape input sanitization in the EscapedString Pydantic validator and inject shell metacharacters alongside '..' sequences. The flaw stems from a flawed if/elif/elif/else control flow that strips metacharacters without re-enforcing the '..' block, and the result is never shlex-quoted before reaching downstream command contexts. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.
Cache key collision in OpenFGA's iterator caching mechanism allows two distinct authorization check requests to resolve to the same cache key, causing the engine to return a stale, incorrect authorization result to a subsequent requester. All OpenFGA deployments prior to version 1.16.0 with iterator caching enabled are affected, specifically when using the experimental weighted_graph_check union resolution path. An authenticated attacker who can trigger authorization checks under conditions that produce a colliding cache key may receive an incorrect allow or deny decision, undermining the integrity and confidentiality of access control enforced by the engine. No public exploit identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Privilege persistence in Apache Answer through version 2.0.0 allows suspended, deleted, or deactivated administrator accounts to retain access to administrative APIs because previously issued tokens are not invalidated upon account state change. The flaw requires high-privilege access to obtain a token initially and carries a CVSS 7.2 with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis and SSVC marks exploitation as none.
Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows attacker-controlled servers to harvest Authorization and Proxy-Authorization headers by issuing cross-origin 3xx redirects. Because httpc_response:redirect/2 only updates the host field and copies all other headers verbatim - and autoredirect defaults to true - any httpc caller using HTTP Basic auth or URL userinfo silently forwards credentials to the redirect target. No public exploit identified at time of analysis, but the fix has been published upstream and tagged in vendor-released OTP patch versions.
Path disclosure in Erlang OTP's ssh_sftpd module exposes the absolute backend filesystem path of the SFTP chroot root to authenticated clients. By creating a symlink inside the chroot pointing to '/' and issuing SSH_FXP_READLINK, an authenticated SFTP client receives the raw absolute path (e.g., '/data/sftp') that the server uses as the chroot backend, rather than the sanitized chroot-relative value '/'. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; the CVSS 4.0 score of 2.3 reflects the narrowly scoped, low-severity nature of the disclosure.
Username enumeration via timing side-channel in Erlang/OTP SSH daemon (OTP 29.0-29.0.1) allows unauthenticated remote attackers to distinguish valid from invalid usernames in a single probe. When the daemon is configured with the `user_passwords` or `password` options, valid usernames trigger a 600,000-iteration PBKDF2-SHA256 computation (~300ms) while invalid usernames return near-instantly (~0ms) through an early-exit path - a gap detectable without repeated attempts. No public exploit has been identified at time of analysis, and exploitation is constrained to non-default, test-oriented configurations.
Arbitrary privileged memory read/write in Lenovo ThinkPad embedded controller (EC) firmware allows a local administrator on affected ThinkPad models (X13 Gen 6, X1 Carbon 13th Gen, P16v Gen 3, L16 Gen 1/2, T14s Gen 6, P14s Gen 6, L13 Gen 6, L14 Gen 6) to access or modify protected memory regions. Discovered during Lenovo's internal security assessment, the issue is rated CVSS 4.0 8.4 (High) and there is no public exploit identified at time of analysis, with no CISA KEV listing. Despite the high score, exploitation requires high privileges and local access, narrowing realistic abuse to attackers who already have admin on the host or to supply-chain/insider scenarios.
Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.
Remote code execution in Roxy-WI versions 8.2.6.4 and prior allows authenticated users to write attacker-controlled content to arbitrary absolute paths on managed load balancers via the WAF rule save endpoint. By dropping a malicious cron file (e.g., /etc/cron.d/nginx_cfg_evil), an attacker achieves root-level code execution on every load balancer in the caller's group. No public exploit identified at time of analysis, and no vendor-released patch is currently available, making this a high-priority issue for any exposed deployment.
Information disclosure in nezha 2.x server monitoring dashboard exposes private services marked with `EnableShowInService: false` to unauthenticated network visitors through two API endpoints that bypass the intended visibility filter. Attackers who can reach the API can enumerate hidden service names, IDs, and per-server timing data by iterating over public server IDs or guessing numeric service IDs - both low-cardinality spaces in typical deployments. No public exploit is required to leverage this; a fully functional proof-of-concept using only standard `curl` commands is documented in the GitHub security advisory GHSA-vrmh-5mmx-hjwx, and the fix is available in version 2.0.14.
Silent security posture degradation in `@hulumi/baseline` (npm, versions < 1.4.0) allows AWS detective service configurations to appear active while being suspended, misconfigured, or inadvertently destroyed through normal Pulumi stack teardown operations. The `AccountFoundation` component's opt-in reuse mode for existing GuardDuty detectors and Security Hub configurations never validates imported resource state, meaning a suspended or slow-cadence GuardDuty detector silently passes deployment as healthy, and a routine `pulumi destroy` will call `BatchDisableStandards` to strip CIS/NIST compliance subscriptions from accounts that had those subscriptions before Hulumi was ever introduced. No public exploit identified at time of analysis; both failure modes are triggered by legitimate operator actions, not adversarial input.
Audit log tamper-resistance failure in @hulumi/baseline versions prior to 1.4.0 allows any S3-delete-capable principal in the AWS account to silently erase CloudTrail and AWS Config forensic records that the AccountFoundation construct was advertised to protect. Three compounding defects - hard-coded objectLock:false on the startup-hardened tier, unrestricted propagation of forceDestroy/logBucketForceDestroy to the audit bucket, and a sandbox tier that omitted Object Lock, server access logging, and the CloudTrail-Lake EventDataStore entirely - left consumers believing they had immutable audit capture when they did not. No public exploit identified at time of analysis, no CVSS or EPSS published, and the issue is a defense-in-depth/forensic-integrity weakness rather than a remote code execution path.
Detection bypass in @hulumi/policies versions prior to 1.4.0 allows IAM trust policies that list multiple OIDC federated providers to evade the G_OIDC_1 and G_OIDC_2 policy checks for GitHub Actions OIDC roles. Consumers of HulumiHardeningPack or HulumiGithubHardeningPack can therefore ship roles with wildcard sub: conditions - assumable by untrusted forked-PR workflows - while the validator falsely reports compliance, including missing the AdministratorAccess blast-radius flag. No public exploit identified at time of analysis, and there is no CISA KEV listing.
Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.
Heap-use-after-free corruption in Ghidra's decompiler before version 12.1 allows a local attacker - or any actor who can deliver a crafted binary to a target analyst - to corrupt freed heap memory when the victim opens the file in the decompiler view. The vulnerability resides in HighVariable::merge() during the variable merging pass, where stale pointers in the HighIntersectTest::highedgemap cache are dereferenced against freed memory, producing low-impact integrity and availability effects on the Ghidra process. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the tool's user base of security researchers who routinely open untrusted binaries elevates the practical threat profile.
Improper certificate trust validation in Systerel S2OPC allows remote attackers to have well-formed but untrusted X.509 certificates accepted as trusted, undermining the OPC UA secure channel authentication model. CVSS 7.3 reflects network-reachable, unauthenticated exploitation with low impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. The flaw is reported by GitLab and tracked in Systerel's public issue tracker, with no CISA KEV listing.
Arbitrary symlink creation in Debusine's mergeuploads task allows remote unauthenticated attackers to overwrite files accessible to the worker process. Affected versions 0.12.0 through 0.14.8 fail to sanitize fully user-controlled paths embedded in Debian manifest files (.dsc and .changes), enabling path traversal via CWE-59 link-following. Despite a CVSS network-accessible, no-auth vector, real-world risk is bounded by deployment context - exploitation requires the ability to submit packages to a Debusine instance. No public exploit identified at time of analysis and EPSS sits at 0.02% (4th percentile).