Information Disclosure
Monthly
Information disclosure in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to leak sensitive process memory through a crafted HTML page that triggers an uninitialized memory read in the Dawn WebGPU implementation. Google rates the underlying Chromium issue as High severity, and a patched stable channel build is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.03%.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation prior to version 149.0.7827.53 allows a remote attacker to read sensitive data from other origins by luring a user to a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS places exploitation probability at 1.64% (82nd percentile).
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the InterestGroups component. Google rates the Chromium severity as High, and CVSS scores it 8.3 with a changed scope reflecting the cross-boundary impact. No public exploit identified at time of analysis, though a vendor patch is available.
Cross-origin data disclosure in Google Chrome on Windows prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to leak data from other origins via a crafted HTML page in the Dawn (WebGPU) component. Google rates the underlying issue High severity, but no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an uninitialized memory use in the Codecs component. Google has rated this Chromium security severity as High, and no public exploit has been identified at time of analysis. The flaw requires chaining with a separate renderer compromise, but combined with a renderer RCE it enables full host code execution outside Chrome's sandbox.
Type confusion in the ANGLE graphics translation layer of Google Chrome on Windows prior to 149.0.7827.53 enables remote attackers to trigger out-of-bounds memory access through a crafted HTML page, with potential for memory corruption leading to code execution in the renderer process. Chromium rates this High severity and a vendor patch is available, though no public exploit is identified at time of analysis and EPSS exploitation probability is currently 0.03%.
Cross-origin data leakage in Google Chrome on iOS (versions prior to 149.0.7827.53) stems from insufficient policy enforcement in the Autofill component, enabling a remote unauthenticated attacker to read sensitive cross-origin data by directing a victim to a crafted HTML page. The CVSS score of 6.5 (Medium) reflects high confidentiality impact with no integrity or availability loss; the attack requires user interaction but no attacker privileges. EPSS probability sits at 0.03% (11th percentile), SSVC reports no current exploitation, and the CVE is absent from CISA KEV, collectively indicating low real-world threat urgency despite the medium severity classification.
Cross-origin data exfiltration via Autofill in Google Chrome on iOS (prior to 149.0.7827.53) allows a remote attacker to leak sensitive data across origin boundaries by directing a victim to a crafted HTML page. The flaw stems from insufficient policy enforcement in the Autofill subsystem - a protection mechanism failure (CWE-693) that bypasses same-origin boundary controls exclusive to the iOS platform build of Chrome. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) indicates very low observed exploitation probability. A vendor-released patch is available.
Out-of-bounds memory access in the Skia graphics library shipped with Google Chrome before 149.0.7827.53 allows a remote attacker to execute arbitrary code within Chrome's renderer sandbox when a victim visits a malicious page. Google rates the Chromium severity as High and a vendor patch is available; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a race condition in the Codecs component. Chromium rates this High severity, and while no public exploit was identified at time of analysis, the bug fits the classic renderer-to-sandbox-escape pattern frequently chained in real-world Chrome exploit kits. CVSS is 8.3 reflecting high attack complexity, required user interaction, and a scope change.
Out-of-bounds memory read in Google Chrome's ANGLE graphics layer on macOS versions prior to 149.0.7827.53 allows remote attackers to disclose memory contents or crash the renderer by enticing a user to visit a crafted HTML page. Google rates the underlying Chromium issue as High severity, and while no public exploit is identified at time of analysis, the EPSS score of 0.03% suggests low near-term mass exploitation likelihood. The flaw requires user interaction (visiting a page) but no authentication, making drive-by web attacks the realistic threat model.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 can be achieved by remote attackers who have already compromised the renderer process, leveraging an out-of-bounds read in the Dawn WebGPU implementation via a crafted HTML page. Google rates this as High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The bug is part of a multi-stage exploitation chain rather than a single-step RCE, but successful chaining yields full escape from Chrome's renderer sandbox.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the WebShare component. The bug is rated High severity by Chromium and carries a CVSS 8.3 with scope change reflecting the sandbox boundary crossing, though no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting insufficient input validation in the Media component. Google rates the Chromium security severity as High, and no public exploit has been identified at time of analysis. Successful exploitation requires chaining with a separate renderer compromise plus user interaction, raising attack complexity but yielding full host-level impact if achieved.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Media component. Google rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.
Out-of-bounds read in the ANGLE graphics layer of Google Chrome before 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page. Chromium rates the underlying issue Critical severity, and while no public exploit has been identified at time of analysis, the bug is in a historically targeted attack surface (GPU/ANGLE) frequently abused in renderer-to-broker escape chains.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.
Denial of service in Arista EOS devices with IPsec configured allows remote unauthenticated attackers to halt all IPsec traffic processing by sending a specially crafted packet. The control plane's recovery attempt via pipeline reset may itself fail to restore traffic flow, producing a persistent outage of IPsec-protected communications until manual intervention. No public exploit identified at time of analysis, but the vulnerability was reported by an Arista customer, suggesting it was discovered through real-world operational impact rather than theoretical research.
Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.
Injection (CWE-74) in Copilot Chat within Microsoft Edge enables unauthenticated remote attackers to disclose sensitive information when a victim user interacts with maliciously crafted content. The vulnerability resides in improper neutralization of special elements passed to a downstream component of the chat pipeline, resulting in high confidentiality impact with no integrity or availability effect. No public exploit code exists at time of analysis (CVSS E:U), and Microsoft has released an official patch per MSRC advisory CVE-2026-47644.
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files outside the designated workspace by placing symlinks that resolve to external host paths and accessing them through the workspace file or listing APIs. Because the vulnerable code only blocked raw '..' traversal and a small denylist of system directories rather than enforcing that resolved targets stay within the workspace root, attackers can disclose sensitive host content such as SSH keys, cloud credentials, and application tokens. No public exploit identified at time of analysis, but the patch and a VulnCheck advisory are published and the fix is straightforward to reverse-engineer from the upstream commit.
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
DNS transaction ID entropy collapse in AdGuard Home (≤v0.107.74) and its underlying dnsproxy library (≤v0.81.2) reduces the backend UDP forwarding tuple from two random variables to one: the DNS ID is deterministically 0 on every client-triggered DoQ-to-UDP hop, leaving only the UDP source port as the sole remaining entropy variable. An off-path attacker who can inject spoofed ICMP error messages toward the resolver's egress address can exploit a reliable source-port oracle - confirmed across four consecutive runs for both products - to identify the correct backend socket state before injecting a forged DNS response, placing this attack in the same threat-model class as SAD DNS and TUdoor. No public exploit confirmed at time of analysis beyond the working oracle reproducer included in the advisory disclosure; the advisory is not listed in CISA KEV.
Server-side request forgery in Shopware's media subsystem allows authenticated admin users to make arbitrary HTTP HEAD requests to internal network addresses and cloud metadata endpoints via the `/api/_action/media/external-link` endpoint. The root cause is an inconsistency between two URL-handling flows in `MediaUploadService`: the `uploadFromURL` flow correctly validates resolved IPs against private/reserved ranges, while the `linkURL` flow only checks that the URL begins with `http://` or `https://`. Exploiting this, an admin can probe cloud metadata services, enumerate internal ports, and leak `content-length` values from internal services; no public exploit has been identified at time of analysis, and a vendor-released patch exists in version 6.7.10.1.
Timing-based administrator username enumeration in Shopware's OAuth token endpoint exposes valid admin accounts to unauthenticated remote attackers. The flaw exists in shopware/platform and shopware/core packages across the 6.6.x and 6.7.x branches, where the API endpoint api/oauth/token responds measurably faster for non-existent usernames than for valid ones due to skipping the Argon2id password_verify() call. A publicly available proof-of-concept exploit exists; while not confirmed actively exploited in CISA KEV, the POC lowers the barrier for targeted brute-force, credential stuffing, and spear phishing campaigns against Shopware admin panels. CVSS rates this 3.7 (AC:H), reflecting that reliable exploitation requires statistical timing analysis across many requests.
Admin account takeover in Shopware's PHP e-commerce platform is achievable by any low-privilege admin holding the user_recovery:read ACL through a three-endpoint attack chain requiring no special tooling. The vulnerability stems from the UserRecoveryDefinition exposing a secret password-reset hash via the Admin API search endpoint - a hash the recovery flow assumes is delivered exclusively via email - enabling the attacker to bypass the intended out-of-band delivery mechanism entirely. Patched versions 6.6.10.18 and 6.7.10.1 are available; no public exploit code or CISA KEV listing has been identified at time of analysis, though the attack is fully documented in the GitHub Security Advisory GHSA-8v9p-g828-v98f.
Truncation of chunked Oblivious HTTP (OHTTP) streams in netty-incubator-codec-ohttp prior to 0.0.22.Final silently passes partial, cryptographically-incomplete messages to the receiving application with no decryption error or exception. An on-path adversary - the OHTTP relay itself or a MITM on the relay↔gateway or relay↔client transport - can cut a legitimate chunked-OHTTP message at any non-final chunk boundary and cleanly close the outer HTTP body, bypassing the cryptographic integrity guarantee the final-chunk marker is designed to provide. No public exploit is identified (CVSS E:U) and no CISA KEV listing exists, but the integrity impact is rated High (VI:H) given that receivers silently accept and may act on structurally incomplete messages.
Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors.
Incorrect native memory address resolution in Netty's Oblivious HTTP (OHTTP) BoringSSL JNI bridge allows unauthenticated remote attackers to corrupt memory belonging to concurrent connections and disclose the contents of adjacent pooled direct buffers - including HPKE encryption key material - on affected OHTTP gateways. The flaw exists in versions prior to 0.0.22.Final of netty-incubator-codec-ohttp and is only reachable when the JVM is configured to deny `sun.misc.Unsafe` access, causing the vulnerable fallback address-resolution path to activate. This directly undermines the confidentiality guarantees Oblivious HTTP is designed to provide; no public exploit code exists and the vulnerability is not listed in the CISA KEV catalog (CVSS 4.0 E:U).
Improper input validation in the Perl module Net::CIDR::Set through version 0.20 allows attackers to bypass network access controls by submitting network masks containing Unicode digits (e.g., Arabic-Indic numerals like U+0661) or leading zeros that are silently ignored or misinterpreted. The CVSS 7.3 score reflects low-impact compromise across confidentiality, integrity, and availability via the network, with no public exploit identified at time of analysis. Applications using this module for ACL or firewall-like decisions may grant access to wider IP ranges than intended.
Net::CIDR::Set versions through 0.20 for Perl incorrectly accepts Unicode digits in IP addresses and CIDR netmasks, enabling network access controls to silently permit broader address ranges than intended. Applications relying on this library to enforce IP-based allowlists or blocklists may inadvertently grant or deny access to incorrect network ranges when Unicode look-alike digits (e.g., Arabic-Indic U+0661 instead of ASCII '1') are supplied as input. With no public exploit identified at time of analysis and SSVC exploitation status of none, this is a medium-severity library flaw requiring patch deployment rather than emergency response, but the automatable nature of the attack vector warrants prompt remediation in access-control-sensitive deployments.
Weak hashing in milvus-io/milvus up to 2.6.13 exposes the Grantee ID Hash Handler in the KV metadata catalog (internal/metastore/kv/rootcoord/kv_catalog.go), allowing a low-privileged local attacker to predict or forge 16-character grantee IDs used in RBAC privilege assignments backed by etcd. Successful exploitation - rated high complexity - could result in unauthorized manipulation of access control metadata, yielding low-level confidentiality, integrity, and availability impact on the affected Milvus instance. A proof-of-concept has been publicly disclosed via GitHub issue #49857, though no active exploitation is confirmed in CISA KEV.
Message spoofing in matrix-sdk-ui before 0.16.1 allows an authenticated homeserver administrator to impersonate any user on that server by injecting unencrypted replacement events targeting encrypted original messages. The edit validation logic in the Rust crate's `matrix-sdk-ui` component omits the check that a replacement (edit) event for an encrypted original must itself also be encrypted, violating the Matrix specification's replacement event validity algorithm. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the integrity impact is high against affected clients that trust a malicious or compromised homeserver.
Weak hash truncation in LMCache up to 0.4.6 allows a local low-privilege attacker to induce KV cache collisions by exploiting the severely constrained 16-bit integer output of `hex_hash_to_int16` in the vLLM integration's KV Cache Handler. The function masks multimodal content hash identifiers to at most 65,536 unique values, making engineered collisions feasible and causing incorrect cached KV entries to be served, affecting both cache integrity and availability. A proof-of-concept has been published on GitHub (issue #3301); no public exploit confirmed in active exploitation and no CISA KEV listing exists.
Proxy credential disclosure in Axios Node.js HTTP adapter (versions <1.16.0 and <=0.31.1) allows a malicious or attacker-controlled origin to receive the configured Proxy-Authorization header during specific HTTP-to-HTTPS redirect flows where the redirected request bypasses the proxy. No public exploit identified at time of analysis, though the researcher published a safe local proof-of-concept outline. The leaked credential, if reusable and the proxy is reachable, enables the attacker to authenticate to the victim's outbound proxy.
Cache poisoning in zilliztech GPTCache (up to version 0.1.44) allows a local, low-privileged attacker to corrupt LLM response cache entries by exploiting weak image fingerprinting in the Cache Key Handler. The `BufferedReader.peek()` method in `gptcache/processor/pre.py` only reads the first ~8192 bytes of an image file to construct a cache key, meaning two distinct images sharing an identical header prefix generate the same cache key and collide. An attacker can submit a crafted image whose header matches a previously cached image, causing GPTCache to return a poisoned (wrong) LLM response for subsequent queries. Publicly available exploit code exists per the GitHub issue and included PoC; no active exploitation confirmed in CISA KEV at time of analysis.
Proxy credential disclosure in Axios Node.js HTTP adapter (versions <1.16.0 and <=0.31.1) allows an attacker-controlled redirect target to receive the victim's authenticated proxy credentials via a stale Proxy-Authorization header. When a Node.js application uses an authenticated HTTP_PROXY and follows a redirect to a URL that resolves to no proxy (e.g., an https:// destination when HTTPS_PROXY is unset), the previously-set Proxy-Authorization header is not cleared and is sent to the final origin. No public exploit identified at time of analysis, though the advisory itself publishes a working PoC.
Authenticated low-privileged users in MISP versions up to and including 2.5.38 can manipulate the fields parameter of the New Users and New Organisations dashboard widgets to bypass server-side field redaction and retrieve restricted metadata - including user email addresses even when email disclosure is explicitly disabled via Security.disclose_user_emails configuration. The root cause is an order-of-operations flaw: in the original code, the email redaction check was applied after the fallback logic that repopulated the field list, meaning a crafted empty field selection after validation could trigger a return of unredacted model fields. No public exploit has been identified at time of analysis, and SSVC rates exploitation status as none; however, the low attack complexity and absence of user interaction requirements mean any authenticated user can reliably reproduce the condition.
Improper input validation in MISP's over-correlations endpoint allows an authenticated high-privileged attacker to inject arbitrary ordering clauses into database queries via the user-controlled `order` request parameter. All MISP instances running version 2.5.38 and earlier are affected. While direct impact is bounded by query-ordering manipulation, the vulnerability carries SQLi tags and high subsequent system impact scores (SC:H/SI:H/SA:H in CVSS 4.0), suggesting that a successfully crafted ordering expression could escalate to unsafe query construction or unintended data exposure. No public exploit has been identified at time of analysis.
Private galaxy metadata in MISP versions up to and including 2.5.38 was exposed to authenticated non-site-admin users through the event template builder workflow due to missing organisation and distribution-based access controls. The EventTemplatesController.php __setBuilderConfig() method queried all enabled galaxies without filtering by ownership or distribution level, allowing users from one organisation to read galaxy names, types, and descriptions that belong to other organisations and are marked private. No public exploit has been identified and SSVC rates exploitation as none; however, in multi-tenant intelligence-sharing environments this information disclosure carries meaningful operational security risk, as galaxy metadata can reveal the intelligence focus areas or classification schemes of peer organisations.
Password reset token enumeration in FOSSBilling prior to 0.8.0 exposes three authentication endpoints - including the elevated-privilege admin reset at `/staff/email/:hash` - to unlimited brute-force guessing due to a rate limiter architecturally scoped exclusively to `/api/*` routes. The confirmation endpoint acts as a CWE-204 oracle, returning distinguishable HTTP responses (200 for valid tokens, 302 redirect for invalid), allowing an unauthenticated remote attacker to probe token validity without throttling, lockout, or attempt counting. Practical exploitation risk is substantially reduced by 256-bit token entropy (`hash('sha256', random_bytes(32))`) combined with a 15-minute expiry window, which is accurately reflected in the CVSS 4.0 AC:H/AT:P scoring; no public exploit or CISA KEV listing has been identified at time of analysis.
Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.
Privilege escalation via overly permissive RBAC in Red Hat OpenShift Pipelines operator allows any authenticated cluster user to write to Kueue and cert-manager custom resources, enabling disruption of multi-tenant workload scheduling and tampering with cluster TLS certificates. The flaw stems from the tekton-scheduler-rolebinding ClusterRoleBinding granting system:authenticated overly broad write permissions. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the attack requires only basic cluster authentication.
Hash collision vulnerability in Streamlit's caching layer (versions up to 1.53.0) allows a local low-privileged attacker to poison the application cache by supplying crafted PIL palette-mode images or large dataframes that produce identical hash digests for distinct objects. The root cause is twofold: PIL 'P'-mode (palette-indexed) images excluded palette data from the hash computation entirely, and fixed seed values (random_state=0) were used when sampling large pandas, numpy, and polars objects - both enabling deterministic hash collisions. No public exploit identified at time of analysis beyond the public disclosure of the issue. EPSS data is not available, but the CVSS 1.1 score (AV:L/AC:H/PR:L) places real-world risk as very low.
Dataset digest computation in MLflow up to version 3.10.0 uses MD5 - a cryptographically broken algorithm - to fingerprint datasets, enabling a local attacker to craft colliding inputs that undermine dataset integrity tracking. Affected functions include compute_pandas_digest, compute_numpy_digest, and hash_dict_of_arrays in mlflow/data/digest_utils.py, which use a truncated 8-character MD5 digest that further reduces the collision space. Publicly available exploit code exists; this vulnerability is not confirmed actively exploited per CISA KEV, and the CVSS 4.0 score of 1.1 reflects the constrained local-only attack surface.
Stack trace disclosure in HCL iControl v4.0.0 exposes internal application details to authenticated remote attackers via unhandled JavaScript exceptions. The application fails to catch a runtime error when attempting to read the 'dashboard' key from an undefined object, returning a full stack trace to the requesting client. No public exploit exists and no active exploitation has been observed; CVSS scores this Low (3.1), reflecting strictly limited confidentiality impact with no integrity or availability consequences.
HCL iControl exposes session cookies without the Secure or SameSite attributes set, and with the cookie path scoped to root, enabling network-adjacent attackers with authenticated sessions to perform limited integrity modifications under high-complexity conditions. The missing Secure attribute allows cookies to be transmitted over unencrypted HTTP channels, while the absent SameSite attribute opens a cross-site request forgery vector. CVSS scores this at 3.1 (Low); no public exploit code exists and it is not listed in CISA KEV.
Weak input validation in HCL iControl allows authenticated remote attackers to submit input of an unexpected type, resulting in limited integrity impact against the target system. The vulnerability stems from an implementation deficiency in an architectural security tactic - specifically, the application's failure to correctly validate received input against its expected type. No public exploit code exists and no active exploitation has been confirmed; however, the low-complexity, network-accessible attack vector lowers the bar for authenticated users to abuse this flaw.
Content Security Policy weakness in HCL Hive Telco Observability's Keycloak authentication component allows remote attackers to leverage missing CSP directives for client-side attacks against authenticated users. The CVSS 8.1 (AV:N/AC:L/PR:N/UI:R) rating reflects high confidentiality and integrity impact contingent on user interaction, with no public exploit identified at time of analysis. The flaw resides in the web application's browser security headers rather than server-side logic.
Hardcoded RSA private key in GX Earth 2022 ONT (Optical Network Terminal) firmware allows remote attackers to extract the embedded cryptographic material and decrypt HTTPS sessions or perform man-in-the-middle attacks against device management traffic. CERT-In disclosed the issue (CIVN-2026-0288) affecting multiple GX India fiber ONT models and firmware versions, with no public exploit identified at time of analysis but SSVC flagging the flaw as fully automatable once the key is recovered.
Cache key collision in modelscope ms-swift up to 4.2.0 allows a local, low-privileged attacker to cause PIL image integrity failures via the Template._save_pil_image function in swift/template/base.py. The root cause is that the image cache key was computed by hashing only raw pixel bytes (image.tobytes()), without incorporating image metadata such as dimensions or color mode - meaning two structurally different images (e.g., 120×80 vs 80×120) sharing identical byte payloads produce the same SHA-256 cache key and thus collide to the same cached file path. No public exploit identified at time of analysis beyond the publicly disclosed proof-of-concept; no active exploitation confirmed (not listed in CISA KEV).
Sensitive data exposure in the WP eMember WordPress plugin (Tips and Tricks HQ) through version 10.2.2 allows unauthenticated remote attackers to retrieve embedded sensitive system information via a network request. The vulnerability is classified under CWE-497, meaning internally sensitive data is reachable from an unauthorized control sphere - in this case, the open internet without credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation probability from EPSS data was not provided, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is trivially reachable from any network source.
Hash collision weakness in PaddlePaddle FastDeploy up to version 2.4.1 allows a local attacker with low privileges to cause the MultimodalHasher component to produce identical SHA-256 digests for semantically distinct numpy arrays that share raw byte content but differ in shape or dtype. This breaks the uniqueness guarantee of the hash_features function in fastdeploy/multimodal/hasher.py, enabling integrity violations in multimodal data pipelines relying on this component for deduplication or identity checks. No public exploit exists and no active exploitation is confirmed; the CVSS 4.0 score of 2.0 accurately reflects constrained real-world risk given local-only access and high attack complexity.
Uncontrolled recursion in Samsung's rlottie library, affecting all versions before commit e2d19e3b, allows a locally-delivered malicious Lottie animation file to crash the host application by triggering infinite recursive resolution of circular precomposition asset references during parsing. The CVSS vector (AV:L/UI:R/A:H) confirms the primary impact is high availability loss - a stack overflow - with no confidentiality exposure despite the 'Information Disclosure' tag in source metadata. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Out-of-bounds read in Samsung's rlottie rendering library prior to commit 223a2a41ba4f462e4abe767bebba49a366c9b9fd allows a local attacker to crash the rendering process (high availability impact) or cause low-level integrity corruption by supplying a crafted Lottie animation file. Two distinct code paths are affected: signed integer overflow in FreeType raster bit-shift macros and a missing zero-stopCount guard in gradient color table generation. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in CISA KEV, but the wide embedding of rlottie in Samsung consumer devices (TVs, appliances) represents a meaningful aggregate exposure.
Uncontrolled memory allocation in Samsung Open Source rlottie allows a local attacker to trigger excessive heap allocation by supplying a crafted Lottie animation file containing polygon or polystar shape elements with arbitrarily large point counts. Affected are all rlottie versions prior to commit 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. An attacker who can cause a user to open a malicious .lottie or .json animation - in any application embedding the rlottie library - can achieve a high-severity denial-of-service and a minor integrity impact, consistent with the CVSS A:H/I:L scoring. No public exploit code exists and no CISA KEV listing is present at time of analysis.
Uncontrolled recursion and uninitialized pointer access in Samsung's rlottie animation library allow a locally-delivered malicious Lottie file to crash any host application via stack exhaustion. All rlottie versions prior to commit eae37633fda13ac05b25c6c95aacea4bc33c80a3 are affected; the PR #593 fix confirms cyclic layer parent references in crafted JSON animation payloads as the definitive trigger. No public exploit code has been identified at time of analysis and rlottie is not listed in CISA KEV, though the high availability impact (A:H) makes denial-of-service reliable for applications that accept user-supplied animation content.
The web administration panel of the Acer Connect M6E 5G Portable WiFi Router binds to the wildcard IPv6 address [::] on port 8080, exposing internal API endpoints over the public WAN interface without default firewall restrictions. All firmware versions through M6E_AI_1.00.000019 are affected, enabling authenticated remote attackers with high-privilege credentials to reach and query administrative APIs that are intended to be LAN-restricted only. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but the design flaw structurally expands the attack surface for any admin-level compromise.
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote attackers to abuse a hardcoded global API token guarding the /v1/Plan service, granting full administrative control over network access plans. Unauthenticated attackers can create arbitrary zero-cost plans, effectively bypassing billing and access controls. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects trivial network exploitability with no privileges or user interaction required.
Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow malicious applications to obtain write access to internal NVRAM registers, enabling persistent modification of device state and configuration. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.8 reflects high confidentiality and availability impact. The vulnerability was self-reported by Acer and is tracked in the EU vulnerability database as EUVD-2026-34223.
Static zero-filled AES-CBC Initialization Vectors in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) eliminate the cryptographic randomness CBC mode requires, enabling network-accessible attackers to conduct replay attacks and known-plaintext decryption of device-encrypted traffic without authentication. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms trivial remote access with no privileges or user interaction required, though the impact is scoped to partial confidentiality loss (VC:L) with no integrity or availability impact. No public exploit has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows locally running malicious software to overwrite the default Mobile Device Management endpoint address through broadcast events, transferring administrative control of the device to an attacker-operated MDM server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019) combine TrustAllCerts routines that bypass TLS certificate validation with hard-coded DES symmetric encryption keys, enabling a network-positioned attacker to decrypt traffic between the device and its backend services. CVSS 4.0 rates this 9.2 (Critical) given the unauthenticated network attack surface and high confidentiality/integrity impact, though attack complexity is rated High due to the MITM positioning requirement. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication passwords and employee corporate identification data through system log files. With a CVSS 4.0 score of 8.8 (high confidentiality impact, network attack vector, no privileges or user interaction required) and no public exploit identified at time of analysis, the flaw enables remote attackers who can reach the log output to harvest credentials and PII without authentication.
Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage containers leave active device telemetry readable from the internet without authentication. Remote unauthenticated parties can harvest sensitive operational data per the CVSS 4.0 vector (AV:N/PR:N/UI:N, VC:H), and no public exploit identified at time of analysis. The 8.7 CVSS score reflects the high confidentiality impact even though integrity and availability are unaffected.
Use-after-free in libexpat before 2.8.2 allows memory corruption, information disclosure, and potential code execution when prohibited API functions are called from within XML event handler callbacks. All libexpat consumers - including language bindings such as CPython's xml.parsers.expat - are affected when handler code (or attacker-influenced handler logic) invokes XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset in a re-entrant manner during active parsing. No public exploit code exists at time of analysis and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog, but the CPython project has an associated open issue (python/cpython#146169) indicating ecosystem-wide reach.
Unauthenticated root command execution affects the Acer Connect M6E 5G Portable WiFi Router through firmware M6E_AI_1.00.000019, where the ai_cmd utility runs with root privileges and passes socket input directly to popen(). Adjacent-network attackers (anyone on the WiFi or LAN segment) can issue arbitrary shell commands as root with no authentication. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact on the device itself.
Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.00.000019) stems from hard-coded, non-expiring credentials embedded in the companion APK that are shared across all deployments. Remote attackers can extract these static secrets from any copy of the application and use them to access sensitive router data without authentication, and no public exploit identified at time of analysis.
Predictable password generation in Cloud Foundry's BOSH windows-utilities-release (versions prior to v0.23.0) allows remote attackers to recover the local Administrator password set by the randomize_password job. The Get-RandomPassword routine seeds its PRNG from system clock state, so an attacker who can estimate VM boot time can reduce the search space to a small candidate list and brute-force the credential, defeating the hardening control that was supposed to lock down the account. No public exploit identified at time of analysis, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/C:H) reflects the realistic recoverability of high-value Administrator credentials over the network.
Heap information disclosure in HTML::Entities for Perl (versions before 3.84) allows remote attackers to leak adjacent heap memory contents when decoding entities. The XS routine _decode_entities retains a stale pointer into a hash value SV after grow_gap() reallocates the buffer, causing a use-after-free read that copies freed heap bytes into the output scalar. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix is confirmed via GH PR #56.
Credential theft and authorization tampering in Cloud Foundry BOSH (versions prior to v282.1.9) stems from the nats-sync component disabling TLS certificate validation when contacting the BOSH director. An attacker positioned on the network between nats-sync and the director can intercept Basic auth headers or UAA client secrets and modify the VM list written into the NATS authorization file, ultimately gaining administrative director access. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Credential theft and UAA token redirection in Cloud Foundry BOSH versions prior to v282.1.9 allows a network-positioned local attacker to intercept Basic-auth secrets and OAuth requests flowing between bosh-monitor and the BOSH director or UAA. The flaw stems from hard-coded OpenSSL::SSL::VERIFY_NONE in the HttpRequestHelper, effectively disabling TLS certificate validation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Heap out-of-bounds read in Morse Micro HaLowLink 2 prior to version 2.11.12 allows an unauthenticated attacker within 802.11ah radio range to disclose up to 9 bytes of kernel heap memory or trigger a kernel panic (DoS) by transmitting a crafted beacon or probe response frame containing a malformed Vendor Information Element. The morse.ko kernel driver function morse_vendor_find_vendor_ie() fails to validate IE body length against the expected structure size before downstream callers read at fixed offsets, requiring only that the IE length field exceed 3 bytes. No public exploit identified at time of analysis; EPSS places exploitation probability at 0.03% (8th percentile) with no CISA KEV listing, though the zero-prerequisite radio-range attack surface warrants prompt patching for HaLow-enabled deployments.
Cache key collision in Gradio 6.14.0's audio processing component allows a local low-privileged attacker to trigger information disclosure by exploiting incomplete hash inputs in the `save_audio_to_cache` function. Two audio arrays with identical raw bytes but differing metadata (sample rate, format, dtype, or shape) resolve to the same cache directory path, causing one cached audio file to overwrite or be served in place of another. Publicly available exploit code exists per the CVSS 4.0 E:P modifier and CVE description, though no active exploitation has been confirmed via CISA KEV. The CVSS 4.0 score of 1.1 accurately reflects the narrow real-world impact given the mandatory local access and high attack complexity.
Man-in-the-middle attack against OpenStack oslo.messaging 1.0.0 through 17.3.0 is possible because the RabbitMQ driver validates the certificate chain but skips TLS hostname verification, letting any cert signed by the deployment CA impersonate the broker. An attacker positioned on the control-plane network can intercept and tamper with RPC and notification traffic between OpenStack services, with no public exploit identified at time of analysis but a credible POC pathway documented in OSSN-0096.
Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.
Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.
Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.
Denial of service in BACnet Stack 1.3.1 occurs through an out-of-bounds read in the bacnet_tag_number_decode function, allowing remote attackers to crash affected building automation systems by sending crafted BACnet protocol messages. No public exploit identified at time of analysis, and EPSS scores the exploitation probability at a very low 0.02%, though the network-reachable nature of BACnet deployments in critical infrastructure warrants attention.
Improper URI validation in docling-core versions 2.5.0 through 2.74.0 lets remote attackers supplying crafted image references read arbitrary local files readable by the processing user or exhaust memory via oversized inline data: payloads. The flaw exists because the library accepted file:// references and did not enforce a decoded-size cap on inline base64 image content. No public exploit identified at time of analysis, but the GitHub advisory GHSA-j5xp-7m2f-49jv confirms the issue and a fixed release (2.74.1) is available.
Path traversal in Docling's LaTeX backend (pip/docling versions 2.73.0 through 2.90.x) allows an attacker who supplies a crafted LaTeX document to read arbitrary files accessible to the conversion process via the \includegraphics, \input, and \include command handlers. With a high confidentiality impact (C:H) but local attack vector and required user interaction (AV:L/UI:R per CVSS), the practical risk is concentrated in automated document-processing pipelines or services that ingest untrusted .tex files. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV. A vendor-released patch exists as of version 2.91.0.
Authenticated zone-file injection in Froxlor <=2.3.6 allows a customer with DNS editing enabled to inject newline characters into TXT record content via the DomainZones.add API, breaking out of the record line in the generated BIND zone file and injecting arbitrary BIND directives ($INCLUDE, $GENERATE) or DNS records (A, MX, CNAME). The flaw is an incomplete fix for CVE-2026-30932, which sanitized LOC/RP/SSHFP/TLSA records but left TXT handling reliant only on Dns::encloseTXTContent(), which strips no control characters. Publicly available exploit code exists (detailed PoC including a Python script in the GHSA advisory), but there is no public exploit identified at time of analysis in CISA KEV and no EPSS score was provided.
Version disclosure in FOSSBilling prior to 0.8.0 exposes the exact application version string to all visitors - including unauthenticated guests - via cache-busting query parameters appended to every rendered `<script>` and `<link>` HTML tag, directly bypassing the `hide_version_public` security control on every page of the application. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is network-accessible, unauthenticated, and requires no user interaction, making it trivially observable by any visitor. While not directly exploitable for code execution or data access, this reconnaissance enabler meaningfully lowers the barrier to targeting installations with other known FOSSBilling vulnerabilities; no public exploit has been identified at time of analysis and active exploitation has not been confirmed.
Use-of-uninitialized memory in libxls 1.6.3 exposes applications that parse XLS files to potential information disclosure via heap memory leakage. The flaw originates in the OLE layer (ole2_read) and surfaces in xls_parseWorkBook() when processing malformed XLS input, meaning any downstream application or service that accepts and parses XLS files using this library inherits the exposure. With a CVSS score of 5.3 and an EPSS of 0.02% (6th percentile), real-world exploitation probability is low; no public exploit or CISA KEV listing exists at time of analysis.
Uninitialized memory consumption in libxls 1.6.3 and earlier exposes server-side applications that parse XLS files to application crashes and potential heap memory disclosure. The flaw resides in the OLE container parser: read_MSAT() allocates memory for the Master Sector Allocation Table without fully initializing it, then passes it to ole2_validate_sector_chain(), which may read uninitialized bytes from the heap. Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), no authentication or user interaction is required - a remote attacker need only supply a crafted XLS file to an application that uses libxls as a parsing backend. No public exploit code or CISA KEV listing exists at time of analysis; EPSS stands at 0.02% (5th percentile), indicating very low observed exploitation activity.
SHA-1 hash collisions in mlrun's DataFrame Hash Handler allow a local authenticated user to corrupt dataset artifact integrity in ML pipelines up to version 1.12.0-rc3. The `calculate_dataframe_hash` function in `mlrun/utils/helpers.py` uses SHA-1 over raw pandas hash bytes without encoding type or schema information, meaning structurally distinct DataFrames - differing only in column dtype (e.g., bool vs int, int8 vs int64, datetime64[ns] vs int64) - produce identical hashes. Publicly available exploit code exists (disclosed via GitHub issue #9691 and PR #9692 with concrete collision test cases); no active exploitation is confirmed in CISA KEV.
Information disclosure weakness in Securly Chrome Extension version 3.0.7 stems from continued reliance on the deprecated SHA-1 algorithm to hash and match 25,020 IWF CSAM URLs and 12,352 CIPA blocklist URLs. Because SHA-1 is vulnerable to collision attacks, an adversary with knowledge of the hash list could derive or guess matching URLs, exposing sensitive blocklist contents and undermining the integrity of the content-filtering mechanism. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue was reported through CERT/CC (VU#595768), giving it credible vendor-coordinated provenance.
Information disclosure in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to leak sensitive process memory through a crafted HTML page that triggers an uninitialized memory read in the Dawn WebGPU implementation. Google rates the underlying Chromium issue as High severity, and a patched stable channel build is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.03%.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation prior to version 149.0.7827.53 allows a remote attacker to read sensitive data from other origins by luring a user to a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS places exploitation probability at 1.64% (82nd percentile).
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the InterestGroups component. Google rates the Chromium severity as High, and CVSS scores it 8.3 with a changed scope reflecting the cross-boundary impact. No public exploit identified at time of analysis, though a vendor patch is available.
Cross-origin data disclosure in Google Chrome on Windows prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to leak data from other origins via a crafted HTML page in the Dawn (WebGPU) component. Google rates the underlying issue High severity, but no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an uninitialized memory use in the Codecs component. Google has rated this Chromium security severity as High, and no public exploit has been identified at time of analysis. The flaw requires chaining with a separate renderer compromise, but combined with a renderer RCE it enables full host code execution outside Chrome's sandbox.
Type confusion in the ANGLE graphics translation layer of Google Chrome on Windows prior to 149.0.7827.53 enables remote attackers to trigger out-of-bounds memory access through a crafted HTML page, with potential for memory corruption leading to code execution in the renderer process. Chromium rates this High severity and a vendor patch is available, though no public exploit is identified at time of analysis and EPSS exploitation probability is currently 0.03%.
Cross-origin data leakage in Google Chrome on iOS (versions prior to 149.0.7827.53) stems from insufficient policy enforcement in the Autofill component, enabling a remote unauthenticated attacker to read sensitive cross-origin data by directing a victim to a crafted HTML page. The CVSS score of 6.5 (Medium) reflects high confidentiality impact with no integrity or availability loss; the attack requires user interaction but no attacker privileges. EPSS probability sits at 0.03% (11th percentile), SSVC reports no current exploitation, and the CVE is absent from CISA KEV, collectively indicating low real-world threat urgency despite the medium severity classification.
Cross-origin data exfiltration via Autofill in Google Chrome on iOS (prior to 149.0.7827.53) allows a remote attacker to leak sensitive data across origin boundaries by directing a victim to a crafted HTML page. The flaw stems from insufficient policy enforcement in the Autofill subsystem - a protection mechanism failure (CWE-693) that bypasses same-origin boundary controls exclusive to the iOS platform build of Chrome. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) indicates very low observed exploitation probability. A vendor-released patch is available.
Out-of-bounds memory access in the Skia graphics library shipped with Google Chrome before 149.0.7827.53 allows a remote attacker to execute arbitrary code within Chrome's renderer sandbox when a victim visits a malicious page. Google rates the Chromium severity as High and a vendor patch is available; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a race condition in the Codecs component. Chromium rates this High severity, and while no public exploit was identified at time of analysis, the bug fits the classic renderer-to-sandbox-escape pattern frequently chained in real-world Chrome exploit kits. CVSS is 8.3 reflecting high attack complexity, required user interaction, and a scope change.
Out-of-bounds memory read in Google Chrome's ANGLE graphics layer on macOS versions prior to 149.0.7827.53 allows remote attackers to disclose memory contents or crash the renderer by enticing a user to visit a crafted HTML page. Google rates the underlying Chromium issue as High severity, and while no public exploit is identified at time of analysis, the EPSS score of 0.03% suggests low near-term mass exploitation likelihood. The flaw requires user interaction (visiting a page) but no authentication, making drive-by web attacks the realistic threat model.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 can be achieved by remote attackers who have already compromised the renderer process, leveraging an out-of-bounds read in the Dawn WebGPU implementation via a crafted HTML page. Google rates this as High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The bug is part of a multi-stage exploitation chain rather than a single-step RCE, but successful chaining yields full escape from Chrome's renderer sandbox.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the WebShare component. The bug is rated High severity by Chromium and carries a CVSS 8.3 with scope change reflecting the sandbox boundary crossing, though no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting insufficient input validation in the Media component. Google rates the Chromium security severity as High, and no public exploit has been identified at time of analysis. Successful exploitation requires chaining with a separate renderer compromise plus user interaction, raising attack complexity but yielding full host-level impact if achieved.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Media component. Google rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.
Out-of-bounds read in the ANGLE graphics layer of Google Chrome before 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page. Chromium rates the underlying issue Critical severity, and while no public exploit has been identified at time of analysis, the bug is in a historically targeted attack surface (GPU/ANGLE) frequently abused in renderer-to-broker escape chains.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.
Denial of service in Arista EOS devices with IPsec configured allows remote unauthenticated attackers to halt all IPsec traffic processing by sending a specially crafted packet. The control plane's recovery attempt via pipeline reset may itself fail to restore traffic flow, producing a persistent outage of IPsec-protected communications until manual intervention. No public exploit identified at time of analysis, but the vulnerability was reported by an Arista customer, suggesting it was discovered through real-world operational impact rather than theoretical research.
Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.
Injection (CWE-74) in Copilot Chat within Microsoft Edge enables unauthenticated remote attackers to disclose sensitive information when a victim user interacts with maliciously crafted content. The vulnerability resides in improper neutralization of special elements passed to a downstream component of the chat pipeline, resulting in high confidentiality impact with no integrity or availability effect. No public exploit code exists at time of analysis (CVSS E:U), and Microsoft has released an official patch per MSRC advisory CVE-2026-47644.
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files outside the designated workspace by placing symlinks that resolve to external host paths and accessing them through the workspace file or listing APIs. Because the vulnerable code only blocked raw '..' traversal and a small denylist of system directories rather than enforcing that resolved targets stay within the workspace root, attackers can disclose sensitive host content such as SSH keys, cloud credentials, and application tokens. No public exploit identified at time of analysis, but the patch and a VulnCheck advisory are published and the fix is straightforward to reverse-engineer from the upstream commit.
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
DNS transaction ID entropy collapse in AdGuard Home (≤v0.107.74) and its underlying dnsproxy library (≤v0.81.2) reduces the backend UDP forwarding tuple from two random variables to one: the DNS ID is deterministically 0 on every client-triggered DoQ-to-UDP hop, leaving only the UDP source port as the sole remaining entropy variable. An off-path attacker who can inject spoofed ICMP error messages toward the resolver's egress address can exploit a reliable source-port oracle - confirmed across four consecutive runs for both products - to identify the correct backend socket state before injecting a forged DNS response, placing this attack in the same threat-model class as SAD DNS and TUdoor. No public exploit confirmed at time of analysis beyond the working oracle reproducer included in the advisory disclosure; the advisory is not listed in CISA KEV.
Server-side request forgery in Shopware's media subsystem allows authenticated admin users to make arbitrary HTTP HEAD requests to internal network addresses and cloud metadata endpoints via the `/api/_action/media/external-link` endpoint. The root cause is an inconsistency between two URL-handling flows in `MediaUploadService`: the `uploadFromURL` flow correctly validates resolved IPs against private/reserved ranges, while the `linkURL` flow only checks that the URL begins with `http://` or `https://`. Exploiting this, an admin can probe cloud metadata services, enumerate internal ports, and leak `content-length` values from internal services; no public exploit has been identified at time of analysis, and a vendor-released patch exists in version 6.7.10.1.
Timing-based administrator username enumeration in Shopware's OAuth token endpoint exposes valid admin accounts to unauthenticated remote attackers. The flaw exists in shopware/platform and shopware/core packages across the 6.6.x and 6.7.x branches, where the API endpoint api/oauth/token responds measurably faster for non-existent usernames than for valid ones due to skipping the Argon2id password_verify() call. A publicly available proof-of-concept exploit exists; while not confirmed actively exploited in CISA KEV, the POC lowers the barrier for targeted brute-force, credential stuffing, and spear phishing campaigns against Shopware admin panels. CVSS rates this 3.7 (AC:H), reflecting that reliable exploitation requires statistical timing analysis across many requests.
Admin account takeover in Shopware's PHP e-commerce platform is achievable by any low-privilege admin holding the user_recovery:read ACL through a three-endpoint attack chain requiring no special tooling. The vulnerability stems from the UserRecoveryDefinition exposing a secret password-reset hash via the Admin API search endpoint - a hash the recovery flow assumes is delivered exclusively via email - enabling the attacker to bypass the intended out-of-band delivery mechanism entirely. Patched versions 6.6.10.18 and 6.7.10.1 are available; no public exploit code or CISA KEV listing has been identified at time of analysis, though the attack is fully documented in the GitHub Security Advisory GHSA-8v9p-g828-v98f.
Truncation of chunked Oblivious HTTP (OHTTP) streams in netty-incubator-codec-ohttp prior to 0.0.22.Final silently passes partial, cryptographically-incomplete messages to the receiving application with no decryption error or exception. An on-path adversary - the OHTTP relay itself or a MITM on the relay↔gateway or relay↔client transport - can cut a legitimate chunked-OHTTP message at any non-final chunk boundary and cleanly close the outer HTTP body, bypassing the cryptographic integrity guarantee the final-chunk marker is designed to provide. No public exploit is identified (CVSS E:U) and no CISA KEV listing exists, but the integrity impact is rated High (VI:H) given that receivers silently accept and may act on structurally incomplete messages.
Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors.
Incorrect native memory address resolution in Netty's Oblivious HTTP (OHTTP) BoringSSL JNI bridge allows unauthenticated remote attackers to corrupt memory belonging to concurrent connections and disclose the contents of adjacent pooled direct buffers - including HPKE encryption key material - on affected OHTTP gateways. The flaw exists in versions prior to 0.0.22.Final of netty-incubator-codec-ohttp and is only reachable when the JVM is configured to deny `sun.misc.Unsafe` access, causing the vulnerable fallback address-resolution path to activate. This directly undermines the confidentiality guarantees Oblivious HTTP is designed to provide; no public exploit code exists and the vulnerability is not listed in the CISA KEV catalog (CVSS 4.0 E:U).
Improper input validation in the Perl module Net::CIDR::Set through version 0.20 allows attackers to bypass network access controls by submitting network masks containing Unicode digits (e.g., Arabic-Indic numerals like U+0661) or leading zeros that are silently ignored or misinterpreted. The CVSS 7.3 score reflects low-impact compromise across confidentiality, integrity, and availability via the network, with no public exploit identified at time of analysis. Applications using this module for ACL or firewall-like decisions may grant access to wider IP ranges than intended.
Net::CIDR::Set versions through 0.20 for Perl incorrectly accepts Unicode digits in IP addresses and CIDR netmasks, enabling network access controls to silently permit broader address ranges than intended. Applications relying on this library to enforce IP-based allowlists or blocklists may inadvertently grant or deny access to incorrect network ranges when Unicode look-alike digits (e.g., Arabic-Indic U+0661 instead of ASCII '1') are supplied as input. With no public exploit identified at time of analysis and SSVC exploitation status of none, this is a medium-severity library flaw requiring patch deployment rather than emergency response, but the automatable nature of the attack vector warrants prompt remediation in access-control-sensitive deployments.
Weak hashing in milvus-io/milvus up to 2.6.13 exposes the Grantee ID Hash Handler in the KV metadata catalog (internal/metastore/kv/rootcoord/kv_catalog.go), allowing a low-privileged local attacker to predict or forge 16-character grantee IDs used in RBAC privilege assignments backed by etcd. Successful exploitation - rated high complexity - could result in unauthorized manipulation of access control metadata, yielding low-level confidentiality, integrity, and availability impact on the affected Milvus instance. A proof-of-concept has been publicly disclosed via GitHub issue #49857, though no active exploitation is confirmed in CISA KEV.
Message spoofing in matrix-sdk-ui before 0.16.1 allows an authenticated homeserver administrator to impersonate any user on that server by injecting unencrypted replacement events targeting encrypted original messages. The edit validation logic in the Rust crate's `matrix-sdk-ui` component omits the check that a replacement (edit) event for an encrypted original must itself also be encrypted, violating the Matrix specification's replacement event validity algorithm. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the integrity impact is high against affected clients that trust a malicious or compromised homeserver.
Weak hash truncation in LMCache up to 0.4.6 allows a local low-privilege attacker to induce KV cache collisions by exploiting the severely constrained 16-bit integer output of `hex_hash_to_int16` in the vLLM integration's KV Cache Handler. The function masks multimodal content hash identifiers to at most 65,536 unique values, making engineered collisions feasible and causing incorrect cached KV entries to be served, affecting both cache integrity and availability. A proof-of-concept has been published on GitHub (issue #3301); no public exploit confirmed in active exploitation and no CISA KEV listing exists.
Proxy credential disclosure in Axios Node.js HTTP adapter (versions <1.16.0 and <=0.31.1) allows a malicious or attacker-controlled origin to receive the configured Proxy-Authorization header during specific HTTP-to-HTTPS redirect flows where the redirected request bypasses the proxy. No public exploit identified at time of analysis, though the researcher published a safe local proof-of-concept outline. The leaked credential, if reusable and the proxy is reachable, enables the attacker to authenticate to the victim's outbound proxy.
Cache poisoning in zilliztech GPTCache (up to version 0.1.44) allows a local, low-privileged attacker to corrupt LLM response cache entries by exploiting weak image fingerprinting in the Cache Key Handler. The `BufferedReader.peek()` method in `gptcache/processor/pre.py` only reads the first ~8192 bytes of an image file to construct a cache key, meaning two distinct images sharing an identical header prefix generate the same cache key and collide. An attacker can submit a crafted image whose header matches a previously cached image, causing GPTCache to return a poisoned (wrong) LLM response for subsequent queries. Publicly available exploit code exists per the GitHub issue and included PoC; no active exploitation confirmed in CISA KEV at time of analysis.
Proxy credential disclosure in Axios Node.js HTTP adapter (versions <1.16.0 and <=0.31.1) allows an attacker-controlled redirect target to receive the victim's authenticated proxy credentials via a stale Proxy-Authorization header. When a Node.js application uses an authenticated HTTP_PROXY and follows a redirect to a URL that resolves to no proxy (e.g., an https:// destination when HTTPS_PROXY is unset), the previously-set Proxy-Authorization header is not cleared and is sent to the final origin. No public exploit identified at time of analysis, though the advisory itself publishes a working PoC.
Authenticated low-privileged users in MISP versions up to and including 2.5.38 can manipulate the fields parameter of the New Users and New Organisations dashboard widgets to bypass server-side field redaction and retrieve restricted metadata - including user email addresses even when email disclosure is explicitly disabled via Security.disclose_user_emails configuration. The root cause is an order-of-operations flaw: in the original code, the email redaction check was applied after the fallback logic that repopulated the field list, meaning a crafted empty field selection after validation could trigger a return of unredacted model fields. No public exploit has been identified at time of analysis, and SSVC rates exploitation status as none; however, the low attack complexity and absence of user interaction requirements mean any authenticated user can reliably reproduce the condition.
Improper input validation in MISP's over-correlations endpoint allows an authenticated high-privileged attacker to inject arbitrary ordering clauses into database queries via the user-controlled `order` request parameter. All MISP instances running version 2.5.38 and earlier are affected. While direct impact is bounded by query-ordering manipulation, the vulnerability carries SQLi tags and high subsequent system impact scores (SC:H/SI:H/SA:H in CVSS 4.0), suggesting that a successfully crafted ordering expression could escalate to unsafe query construction or unintended data exposure. No public exploit has been identified at time of analysis.
Private galaxy metadata in MISP versions up to and including 2.5.38 was exposed to authenticated non-site-admin users through the event template builder workflow due to missing organisation and distribution-based access controls. The EventTemplatesController.php __setBuilderConfig() method queried all enabled galaxies without filtering by ownership or distribution level, allowing users from one organisation to read galaxy names, types, and descriptions that belong to other organisations and are marked private. No public exploit has been identified and SSVC rates exploitation as none; however, in multi-tenant intelligence-sharing environments this information disclosure carries meaningful operational security risk, as galaxy metadata can reveal the intelligence focus areas or classification schemes of peer organisations.
Password reset token enumeration in FOSSBilling prior to 0.8.0 exposes three authentication endpoints - including the elevated-privilege admin reset at `/staff/email/:hash` - to unlimited brute-force guessing due to a rate limiter architecturally scoped exclusively to `/api/*` routes. The confirmation endpoint acts as a CWE-204 oracle, returning distinguishable HTTP responses (200 for valid tokens, 302 redirect for invalid), allowing an unauthenticated remote attacker to probe token validity without throttling, lockout, or attempt counting. Practical exploitation risk is substantially reduced by 256-bit token entropy (`hash('sha256', random_bytes(32))`) combined with a 15-minute expiry window, which is accurately reflected in the CVSS 4.0 AC:H/AT:P scoring; no public exploit or CISA KEV listing has been identified at time of analysis.
Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.
Privilege escalation via overly permissive RBAC in Red Hat OpenShift Pipelines operator allows any authenticated cluster user to write to Kueue and cert-manager custom resources, enabling disruption of multi-tenant workload scheduling and tampering with cluster TLS certificates. The flaw stems from the tekton-scheduler-rolebinding ClusterRoleBinding granting system:authenticated overly broad write permissions. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the attack requires only basic cluster authentication.
Hash collision vulnerability in Streamlit's caching layer (versions up to 1.53.0) allows a local low-privileged attacker to poison the application cache by supplying crafted PIL palette-mode images or large dataframes that produce identical hash digests for distinct objects. The root cause is twofold: PIL 'P'-mode (palette-indexed) images excluded palette data from the hash computation entirely, and fixed seed values (random_state=0) were used when sampling large pandas, numpy, and polars objects - both enabling deterministic hash collisions. No public exploit identified at time of analysis beyond the public disclosure of the issue. EPSS data is not available, but the CVSS 1.1 score (AV:L/AC:H/PR:L) places real-world risk as very low.
Dataset digest computation in MLflow up to version 3.10.0 uses MD5 - a cryptographically broken algorithm - to fingerprint datasets, enabling a local attacker to craft colliding inputs that undermine dataset integrity tracking. Affected functions include compute_pandas_digest, compute_numpy_digest, and hash_dict_of_arrays in mlflow/data/digest_utils.py, which use a truncated 8-character MD5 digest that further reduces the collision space. Publicly available exploit code exists; this vulnerability is not confirmed actively exploited per CISA KEV, and the CVSS 4.0 score of 1.1 reflects the constrained local-only attack surface.
Stack trace disclosure in HCL iControl v4.0.0 exposes internal application details to authenticated remote attackers via unhandled JavaScript exceptions. The application fails to catch a runtime error when attempting to read the 'dashboard' key from an undefined object, returning a full stack trace to the requesting client. No public exploit exists and no active exploitation has been observed; CVSS scores this Low (3.1), reflecting strictly limited confidentiality impact with no integrity or availability consequences.
HCL iControl exposes session cookies without the Secure or SameSite attributes set, and with the cookie path scoped to root, enabling network-adjacent attackers with authenticated sessions to perform limited integrity modifications under high-complexity conditions. The missing Secure attribute allows cookies to be transmitted over unencrypted HTTP channels, while the absent SameSite attribute opens a cross-site request forgery vector. CVSS scores this at 3.1 (Low); no public exploit code exists and it is not listed in CISA KEV.
Weak input validation in HCL iControl allows authenticated remote attackers to submit input of an unexpected type, resulting in limited integrity impact against the target system. The vulnerability stems from an implementation deficiency in an architectural security tactic - specifically, the application's failure to correctly validate received input against its expected type. No public exploit code exists and no active exploitation has been confirmed; however, the low-complexity, network-accessible attack vector lowers the bar for authenticated users to abuse this flaw.
Content Security Policy weakness in HCL Hive Telco Observability's Keycloak authentication component allows remote attackers to leverage missing CSP directives for client-side attacks against authenticated users. The CVSS 8.1 (AV:N/AC:L/PR:N/UI:R) rating reflects high confidentiality and integrity impact contingent on user interaction, with no public exploit identified at time of analysis. The flaw resides in the web application's browser security headers rather than server-side logic.
Hardcoded RSA private key in GX Earth 2022 ONT (Optical Network Terminal) firmware allows remote attackers to extract the embedded cryptographic material and decrypt HTTPS sessions or perform man-in-the-middle attacks against device management traffic. CERT-In disclosed the issue (CIVN-2026-0288) affecting multiple GX India fiber ONT models and firmware versions, with no public exploit identified at time of analysis but SSVC flagging the flaw as fully automatable once the key is recovered.
Cache key collision in modelscope ms-swift up to 4.2.0 allows a local, low-privileged attacker to cause PIL image integrity failures via the Template._save_pil_image function in swift/template/base.py. The root cause is that the image cache key was computed by hashing only raw pixel bytes (image.tobytes()), without incorporating image metadata such as dimensions or color mode - meaning two structurally different images (e.g., 120×80 vs 80×120) sharing identical byte payloads produce the same SHA-256 cache key and thus collide to the same cached file path. No public exploit identified at time of analysis beyond the publicly disclosed proof-of-concept; no active exploitation confirmed (not listed in CISA KEV).
Sensitive data exposure in the WP eMember WordPress plugin (Tips and Tricks HQ) through version 10.2.2 allows unauthenticated remote attackers to retrieve embedded sensitive system information via a network request. The vulnerability is classified under CWE-497, meaning internally sensitive data is reachable from an unauthorized control sphere - in this case, the open internet without credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation probability from EPSS data was not provided, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is trivially reachable from any network source.
Hash collision weakness in PaddlePaddle FastDeploy up to version 2.4.1 allows a local attacker with low privileges to cause the MultimodalHasher component to produce identical SHA-256 digests for semantically distinct numpy arrays that share raw byte content but differ in shape or dtype. This breaks the uniqueness guarantee of the hash_features function in fastdeploy/multimodal/hasher.py, enabling integrity violations in multimodal data pipelines relying on this component for deduplication or identity checks. No public exploit exists and no active exploitation is confirmed; the CVSS 4.0 score of 2.0 accurately reflects constrained real-world risk given local-only access and high attack complexity.
Uncontrolled recursion in Samsung's rlottie library, affecting all versions before commit e2d19e3b, allows a locally-delivered malicious Lottie animation file to crash the host application by triggering infinite recursive resolution of circular precomposition asset references during parsing. The CVSS vector (AV:L/UI:R/A:H) confirms the primary impact is high availability loss - a stack overflow - with no confidentiality exposure despite the 'Information Disclosure' tag in source metadata. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Out-of-bounds read in Samsung's rlottie rendering library prior to commit 223a2a41ba4f462e4abe767bebba49a366c9b9fd allows a local attacker to crash the rendering process (high availability impact) or cause low-level integrity corruption by supplying a crafted Lottie animation file. Two distinct code paths are affected: signed integer overflow in FreeType raster bit-shift macros and a missing zero-stopCount guard in gradient color table generation. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in CISA KEV, but the wide embedding of rlottie in Samsung consumer devices (TVs, appliances) represents a meaningful aggregate exposure.
Uncontrolled memory allocation in Samsung Open Source rlottie allows a local attacker to trigger excessive heap allocation by supplying a crafted Lottie animation file containing polygon or polystar shape elements with arbitrarily large point counts. Affected are all rlottie versions prior to commit 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. An attacker who can cause a user to open a malicious .lottie or .json animation - in any application embedding the rlottie library - can achieve a high-severity denial-of-service and a minor integrity impact, consistent with the CVSS A:H/I:L scoring. No public exploit code exists and no CISA KEV listing is present at time of analysis.
Uncontrolled recursion and uninitialized pointer access in Samsung's rlottie animation library allow a locally-delivered malicious Lottie file to crash any host application via stack exhaustion. All rlottie versions prior to commit eae37633fda13ac05b25c6c95aacea4bc33c80a3 are affected; the PR #593 fix confirms cyclic layer parent references in crafted JSON animation payloads as the definitive trigger. No public exploit code has been identified at time of analysis and rlottie is not listed in CISA KEV, though the high availability impact (A:H) makes denial-of-service reliable for applications that accept user-supplied animation content.
The web administration panel of the Acer Connect M6E 5G Portable WiFi Router binds to the wildcard IPv6 address [::] on port 8080, exposing internal API endpoints over the public WAN interface without default firewall restrictions. All firmware versions through M6E_AI_1.00.000019 are affected, enabling authenticated remote attackers with high-privilege credentials to reach and query administrative APIs that are intended to be LAN-restricted only. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but the design flaw structurally expands the attack surface for any admin-level compromise.
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote attackers to abuse a hardcoded global API token guarding the /v1/Plan service, granting full administrative control over network access plans. Unauthenticated attackers can create arbitrary zero-cost plans, effectively bypassing billing and access controls. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects trivial network exploitability with no privileges or user interaction required.
Exposed factory diagnostics in Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allow malicious applications to obtain write access to internal NVRAM registers, enabling persistent modification of device state and configuration. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.8 reflects high confidentiality and availability impact. The vulnerability was self-reported by Acer and is tracked in the EU vulnerability database as EUVD-2026-34223.
Static zero-filled AES-CBC Initialization Vectors in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) eliminate the cryptographic randomness CBC mode requires, enabling network-accessible attackers to conduct replay attacks and known-plaintext decryption of device-encrypted traffic without authentication. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms trivial remote access with no privileges or user interaction required, though the impact is scoped to partial confidentiality loss (VC:L) with no integrity or availability impact. No public exploit has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows locally running malicious software to overwrite the default Mobile Device Management endpoint address through broadcast events, transferring administrative control of the device to an attacker-operated MDM server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019) combine TrustAllCerts routines that bypass TLS certificate validation with hard-coded DES symmetric encryption keys, enabling a network-positioned attacker to decrypt traffic between the device and its backend services. CVSS 4.0 rates this 9.2 (Critical) given the unauthenticated network attack surface and high confidentiality/integrity impact, though attack complexity is rated High due to the MITM positioning requirement. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sensitive information disclosure in the Acer Connect M6E 5G Portable WiFi Router exposes cleartext SMTP authentication passwords and employee corporate identification data through system log files. With a CVSS 4.0 score of 8.8 (high confidentiality impact, network attack vector, no privileges or user interaction required) and no public exploit identified at time of analysis, the flaw enables remote attackers who can reach the log output to harvest credentials and PII without authentication.
Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage containers leave active device telemetry readable from the internet without authentication. Remote unauthenticated parties can harvest sensitive operational data per the CVSS 4.0 vector (AV:N/PR:N/UI:N, VC:H), and no public exploit identified at time of analysis. The 8.7 CVSS score reflects the high confidentiality impact even though integrity and availability are unaffected.
Use-after-free in libexpat before 2.8.2 allows memory corruption, information disclosure, and potential code execution when prohibited API functions are called from within XML event handler callbacks. All libexpat consumers - including language bindings such as CPython's xml.parsers.expat - are affected when handler code (or attacker-influenced handler logic) invokes XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset in a re-entrant manner during active parsing. No public exploit code exists at time of analysis and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog, but the CPython project has an associated open issue (python/cpython#146169) indicating ecosystem-wide reach.
Unauthenticated root command execution affects the Acer Connect M6E 5G Portable WiFi Router through firmware M6E_AI_1.00.000019, where the ai_cmd utility runs with root privileges and passes socket input directly to popen(). Adjacent-network attackers (anyone on the WiFi or LAN segment) can issue arbitrary shell commands as root with no authentication. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact on the device itself.
Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.00.000019) stems from hard-coded, non-expiring credentials embedded in the companion APK that are shared across all deployments. Remote attackers can extract these static secrets from any copy of the application and use them to access sensitive router data without authentication, and no public exploit identified at time of analysis.
Predictable password generation in Cloud Foundry's BOSH windows-utilities-release (versions prior to v0.23.0) allows remote attackers to recover the local Administrator password set by the randomize_password job. The Get-RandomPassword routine seeds its PRNG from system clock state, so an attacker who can estimate VM boot time can reduce the search space to a small candidate list and brute-force the credential, defeating the hardening control that was supposed to lock down the account. No public exploit identified at time of analysis, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/C:H) reflects the realistic recoverability of high-value Administrator credentials over the network.
Heap information disclosure in HTML::Entities for Perl (versions before 3.84) allows remote attackers to leak adjacent heap memory contents when decoding entities. The XS routine _decode_entities retains a stale pointer into a hash value SV after grow_gap() reallocates the buffer, causing a use-after-free read that copies freed heap bytes into the output scalar. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix is confirmed via GH PR #56.
Credential theft and authorization tampering in Cloud Foundry BOSH (versions prior to v282.1.9) stems from the nats-sync component disabling TLS certificate validation when contacting the BOSH director. An attacker positioned on the network between nats-sync and the director can intercept Basic auth headers or UAA client secrets and modify the VM list written into the NATS authorization file, ultimately gaining administrative director access. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Credential theft and UAA token redirection in Cloud Foundry BOSH versions prior to v282.1.9 allows a network-positioned local attacker to intercept Basic-auth secrets and OAuth requests flowing between bosh-monitor and the BOSH director or UAA. The flaw stems from hard-coded OpenSSL::SSL::VERIFY_NONE in the HttpRequestHelper, effectively disabling TLS certificate validation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Heap out-of-bounds read in Morse Micro HaLowLink 2 prior to version 2.11.12 allows an unauthenticated attacker within 802.11ah radio range to disclose up to 9 bytes of kernel heap memory or trigger a kernel panic (DoS) by transmitting a crafted beacon or probe response frame containing a malformed Vendor Information Element. The morse.ko kernel driver function morse_vendor_find_vendor_ie() fails to validate IE body length against the expected structure size before downstream callers read at fixed offsets, requiring only that the IE length field exceed 3 bytes. No public exploit identified at time of analysis; EPSS places exploitation probability at 0.03% (8th percentile) with no CISA KEV listing, though the zero-prerequisite radio-range attack surface warrants prompt patching for HaLow-enabled deployments.
Cache key collision in Gradio 6.14.0's audio processing component allows a local low-privileged attacker to trigger information disclosure by exploiting incomplete hash inputs in the `save_audio_to_cache` function. Two audio arrays with identical raw bytes but differing metadata (sample rate, format, dtype, or shape) resolve to the same cache directory path, causing one cached audio file to overwrite or be served in place of another. Publicly available exploit code exists per the CVSS 4.0 E:P modifier and CVE description, though no active exploitation has been confirmed via CISA KEV. The CVSS 4.0 score of 1.1 accurately reflects the narrow real-world impact given the mandatory local access and high attack complexity.
Man-in-the-middle attack against OpenStack oslo.messaging 1.0.0 through 17.3.0 is possible because the RabbitMQ driver validates the certificate chain but skips TLS hostname verification, letting any cert signed by the deployment CA impersonate the broker. An attacker positioned on the control-plane network can intercept and tamper with RPC and notification traffic between OpenStack services, with no public exploit identified at time of analysis but a credible POC pathway documented in OSSN-0096.
Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.
Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.
Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.
Denial of service in BACnet Stack 1.3.1 occurs through an out-of-bounds read in the bacnet_tag_number_decode function, allowing remote attackers to crash affected building automation systems by sending crafted BACnet protocol messages. No public exploit identified at time of analysis, and EPSS scores the exploitation probability at a very low 0.02%, though the network-reachable nature of BACnet deployments in critical infrastructure warrants attention.
Improper URI validation in docling-core versions 2.5.0 through 2.74.0 lets remote attackers supplying crafted image references read arbitrary local files readable by the processing user or exhaust memory via oversized inline data: payloads. The flaw exists because the library accepted file:// references and did not enforce a decoded-size cap on inline base64 image content. No public exploit identified at time of analysis, but the GitHub advisory GHSA-j5xp-7m2f-49jv confirms the issue and a fixed release (2.74.1) is available.
Path traversal in Docling's LaTeX backend (pip/docling versions 2.73.0 through 2.90.x) allows an attacker who supplies a crafted LaTeX document to read arbitrary files accessible to the conversion process via the \includegraphics, \input, and \include command handlers. With a high confidentiality impact (C:H) but local attack vector and required user interaction (AV:L/UI:R per CVSS), the practical risk is concentrated in automated document-processing pipelines or services that ingest untrusted .tex files. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV. A vendor-released patch exists as of version 2.91.0.
Authenticated zone-file injection in Froxlor <=2.3.6 allows a customer with DNS editing enabled to inject newline characters into TXT record content via the DomainZones.add API, breaking out of the record line in the generated BIND zone file and injecting arbitrary BIND directives ($INCLUDE, $GENERATE) or DNS records (A, MX, CNAME). The flaw is an incomplete fix for CVE-2026-30932, which sanitized LOC/RP/SSHFP/TLSA records but left TXT handling reliant only on Dns::encloseTXTContent(), which strips no control characters. Publicly available exploit code exists (detailed PoC including a Python script in the GHSA advisory), but there is no public exploit identified at time of analysis in CISA KEV and no EPSS score was provided.
Version disclosure in FOSSBilling prior to 0.8.0 exposes the exact application version string to all visitors - including unauthenticated guests - via cache-busting query parameters appended to every rendered `<script>` and `<link>` HTML tag, directly bypassing the `hide_version_public` security control on every page of the application. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is network-accessible, unauthenticated, and requires no user interaction, making it trivially observable by any visitor. While not directly exploitable for code execution or data access, this reconnaissance enabler meaningfully lowers the barrier to targeting installations with other known FOSSBilling vulnerabilities; no public exploit has been identified at time of analysis and active exploitation has not been confirmed.
Use-of-uninitialized memory in libxls 1.6.3 exposes applications that parse XLS files to potential information disclosure via heap memory leakage. The flaw originates in the OLE layer (ole2_read) and surfaces in xls_parseWorkBook() when processing malformed XLS input, meaning any downstream application or service that accepts and parses XLS files using this library inherits the exposure. With a CVSS score of 5.3 and an EPSS of 0.02% (6th percentile), real-world exploitation probability is low; no public exploit or CISA KEV listing exists at time of analysis.
Uninitialized memory consumption in libxls 1.6.3 and earlier exposes server-side applications that parse XLS files to application crashes and potential heap memory disclosure. The flaw resides in the OLE container parser: read_MSAT() allocates memory for the Master Sector Allocation Table without fully initializing it, then passes it to ole2_validate_sector_chain(), which may read uninitialized bytes from the heap. Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), no authentication or user interaction is required - a remote attacker need only supply a crafted XLS file to an application that uses libxls as a parsing backend. No public exploit code or CISA KEV listing exists at time of analysis; EPSS stands at 0.02% (5th percentile), indicating very low observed exploitation activity.
SHA-1 hash collisions in mlrun's DataFrame Hash Handler allow a local authenticated user to corrupt dataset artifact integrity in ML pipelines up to version 1.12.0-rc3. The `calculate_dataframe_hash` function in `mlrun/utils/helpers.py` uses SHA-1 over raw pandas hash bytes without encoding type or schema information, meaning structurally distinct DataFrames - differing only in column dtype (e.g., bool vs int, int8 vs int64, datetime64[ns] vs int64) - produce identical hashes. Publicly available exploit code exists (disclosed via GitHub issue #9691 and PR #9692 with concrete collision test cases); no active exploitation is confirmed in CISA KEV.
Information disclosure weakness in Securly Chrome Extension version 3.0.7 stems from continued reliance on the deprecated SHA-1 algorithm to hash and match 25,020 IWF CSAM URLs and 12,352 CIPA blocklist URLs. Because SHA-1 is vulnerable to collision attacks, an adversary with knowledge of the hash list could derive or guess matching URLs, exposing sensitive blocklist contents and undermining the integrity of the content-filtering mechanism. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue was reported through CERT/CC (VU#595768), giving it credible vendor-coordinated provenance.