Skip to main content

Microsoft

17290 CVEs vendor

Monthly

CVE-2026-20945 MEDIUM PATCH Exploit Unlikely This Month

Stored cross-site scripting (XSS) in Microsoft SharePoint Server allows authenticated users to inject malicious scripts that execute in the browsers of other authorized users viewing affected web pages, enabling account spoofing and credential theft within enterprise collaboration environments. The vulnerability affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition across all versions prior to specific patch releases. CVSS score of 4.6 reflects low severity due to authentication requirement and user interaction needed, but real-world risk is elevated in multi-user SharePoint deployments where XSS can be weaponized for privilege escalation or lateral movement.

XSS Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-20930 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Management Services (all supported Windows 10/11 and Server versions) allows authenticated local attackers with low privileges to gain high-level system access via race condition exploitation. Vendor-released patches are available for all affected versions. CVSS score of 7.8 reflects high complexity attack requiring precise timing but enabling full system compromise with changed scope. No public exploit identified at time of analysis, though the race condition cla

Information Disclosure Race Condition Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21742 MEDIUM This Month

Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.x) transmits sensitive authentication credentials in cleartext in API responses for Secure Message Exchange and RADIUS configurations, allowing authenticated attackers with network access to intercept and view passwords. The vulnerability requires user interaction (UI:R) and prior authentication (PR:L), affecting confidentiality of stored credentials in these integrations with a CVSS score of 5.7.

Fortinet Information Disclosure Microsoft Fortisoar Paas Fortisoar On Premise
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39424 MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated administrators to trigger arbitrary code execution on their own workstations through improper CSV formula sanitization in the chat export feature. When exporting chat history to Excel via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, formula strings (e.g., =cmd|'/c calc'!A1) are written unsanitized to the .xlsx file, enabling Dynamic Data Exchange (DDE) exploitation when the file is opened in Microsoft Excel. No public exploit code has been identified, but the vulnerability represents a high-impact attack path for administrators with legitimate export access and is a direct repeat of a previously patched flaw (CVE-2025-4546) that was incompletely remediated across the codebase.

RCE Microsoft
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-35582 Maven HIGH PATCH GHSA This Week

Shell command injection in NSA Emissary's Executrix.getCommand() allows authenticated users with place configuration authorship to achieve arbitrary OS command execution when any payload is processed. The framework constructs /bin/sh -c commands by directly substituting IN_FILE_ENDING and OUT_FILE_ENDING configuration values into temporary file paths without escaping or validation, despite implementing input sanitization for similar parameters (placeName). Vendor-released patch available (commit 1faf33f). CVSS 8.8 (high) reflects local attack vector requiring low privileges, but scope change to C indicates container/JVM breakout potential. No CISA KEV listing or public exploit identified at time of analysis, though detailed proof-of-concept exists in advisory including Docker-based reproduction and unit test.

Denial Of Service Command Injection Docker Java Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28291 npm HIGH PATCH GHSA This Week

Command injection in simple-git npm package versions ≤3.28.0 enables arbitrary code execution via crafted Git options. Attackers who control Git command options can bypass the allowUnsafePack safety restriction using malformed variations of the -u flag (e.g., -vu, -4u, --u) to execute shell commands on Linux systems. This vulnerability stems from an incomplete fix for CVE-2022-25860, with proof-of-concept code publicly available demonstrating file creation via touch command. EPSS data not provid

Command Injection Docker Microsoft
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-0232 MEDIUM PATCH This Month

Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.

Paloalto Information Disclosure Microsoft Cortex Xdr Agent
NVD VulDB
CVSS 4.0
4.0
EPSS
0.0%
CVE-2026-0233 LOW PATCH NEWS Monitor

Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.

Paloalto RCE Microsoft Autonomous Digital Experience Manager
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0234 HIGH PATCH This Week

Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. With CVSS 7.2 (High complexity, network-accessible, no privileges required) and tags indicating JWT attack vectors and information disclosure potential, this represents a critical integration security flaw requiring immediate patching to version 1.5.52 or later.

Information Disclosure Microsoft Jwt Attack Cortex Xsoar Microsoft Teams Marketplace Cortex Xsiam Microsoft Teams Marketplace
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-66769 HIGH This Week

Nitro PDF Pro for Windows version 14.41.1.4 crashes when processing maliciously crafted XFA (XML Forms Architecture) packets due to a NULL pointer dereference, enabling remote denial-of-service attacks without authentication. An attacker can deliver a weaponized PDF containing the crafted XFA packet, causing the application to terminate when opened. EPSS exploitation probability is very low (0.01%, 2nd percentile), no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis. Despite CVSS 7.5 (High), real-world risk is limited to availability impact only - no code execution, data theft, or privilege escalation possible.

Denial Of Service Null Pointer Dereference Microsoft
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69624 HIGH This Week

Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft N A
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69627 HIGH This Week

Heap use-after-free in Nitro PDF Pro 14.41.1.4 for Windows allows local code execution via malicious PDF containing crafted JavaScript calling this.mailDoc(). The vulnerability stems from premature deallocation of an XID object whose freed pointer is passed to wcscmp() and other functions, where attacker-controlled strings in the freed heap region can manipulate program flow. CVSS 8.4 (AV:L/PR:N) indicates local attack vector requiring no privileges or user interaction. EPSS 0.01% suggests low immediate exploitation probability; no public exploit identified at time of analysis.

Denial Of Service Use After Free Microsoft Memory Corruption N A
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33118 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) allows remote attackers to spoof visual elements through a low-complexity network-based attack requiring user interaction, potentially disclosing limited information to unauthenticated users. The vulnerability affects all versions of Microsoft Edge based on Chromium and carries a CVSS score of 4.3 with low confidentiality impact but no code execution or availability risk. A vendor-released patch is available.

Information Disclosure Google Microsoft Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-33119 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) on Android contains a user interface misrepresentation vulnerability that allows unauthenticated remote attackers to conduct spoofing attacks over a network. The vulnerability exploits UI rendering to misrepresent critical information to end users, enabling attackers to deceive users into taking unintended actions. While the CVSS score is moderate (5.4), the attack requires user interaction and only impacts confidentiality and integrity; a vendor-released patch is available.

Authentication Bypass Google Microsoft
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-35654 npm MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass sender allowlist checks in Microsoft Teams feedback invoke endpoints, enabling unauthorized recording of session feedback. The vulnerability exploits improper authorization logic in feedback processing, granting attackers the ability to trigger feedback recording or reflection operations that should be restricted to authorized senders. No public exploit code has been identified at the time of analysis.

Authentication Bypass Microsoft
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4482 MEDIUM PATCH This Month

Improperly restricted file permissions on Rapid7 Insight Agent installer certificate files on Windows systems allow locally authenticated standard users to read the agent's private key (client.key), enabling identity material disclosure and potential lateral movement or agent impersonation. CVSS 6.8 (CVSS:4.0 LOCAL/LOW complexity, PR:L) reflects local authentication requirement; CISA KEV status not confirmed. Rapid7 released patched version 4.1.0.2 addressing this permission misconfiguration.

Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-13914 HIGH PATCH This Week

Man-in-the-middle attack against Juniper Networks Apstra allows unauthenticated attackers to impersonate managed network devices and capture credentials due to insufficient SSH host key validation. The vulnerability affects all Apstra versions before 6.1.1, enabling interception of SSH connections between the Apstra orchestration platform and managed infrastructure. No public exploit identified at time of analysis, though the attack requires network positioning between Apstra and target devices.

Information Disclosure Microsoft Juniper Apstra
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-40107 Go HIGH PATCH GHSA This Week

NTLM credential theft in SiYuan personal knowledge management system (prior to 3.6.4) allows remote attackers to capture Windows user password hashes without authentication or user interaction. Misconfigured Mermaid.js rendering with securityLevel:loose permits unsanitized <img> tags within SVG foreignObject blocks. Protocol-relative URLs in malicious Mermaid diagrams trigger automatic SMB authentication on Windows, transmitting NTLMv2 hashes to attacker-controlled servers when victims open compromised notes. Electron client processes the SVG via innerHTML without secondary sanitization, enabling SSRF to UNC paths.

SSRF Microsoft
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-39912 CRITICAL POC PATCH Act Now

Authentication bypass in V2Board 1.6.1-1.7.4 and Xboard ≤0.1.9 enables unauthenticated account takeover including admin privileges. When login_with_mail_link_enable is active, attackers POST known email addresses to the loginWithMailLink endpoint, receiving full authentication URLs in HTTP responses. Tokens extracted from these URLs are exchanged at token2Login for valid bearer tokens granting complete account access. Publicly available exploit code exists. CVSS 9.1 critical severity reflects network-accessible attack with no user interaction required.

Information Disclosure Microsoft V2Board Xboard
NVD GitHub
CVSS 4.0
9.1
EPSS
0.1%
CVE-2026-30478 HIGH This Week

DLL injection in GatewayGeo MapServer for Windows version 5 enables authenticated local attackers to escalate privileges to SYSTEM level through crafted executable placement. The vulnerability exploits insecure library loading paths, allowing low-privileged users to inject malicious DLLs that execute with elevated permissions. Publicly available exploit code exists. Affects Windows deployments only; CVSS 8.8 reflects local attack vector requiring low privileges but achieving full system compromise across security boundaries.

Privilege Escalation Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5905 MEDIUM PATCH This Month

Domain spoofing via incorrect security UI in Google Chrome on Windows prior to version 147.0.7727.55 allows unauthenticated remote attackers to deceive users through crafted HTML pages that exploit flawed permission display mechanisms. The attack requires user interaction (clicking or viewing a malicious page) but carries moderate real-world risk due to low EPSS exploitation probability (0.03%, 7th percentile) despite the high CVSS impact score, suggesting the vulnerability requires specific user actions or conditions to successfully exploit.

Google Information Disclosure Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5887 MEDIUM PATCH This Month

Google Chrome on Windows prior to version 147.0.7727.55 fails to properly validate user input in the Downloads functionality, allowing remote attackers to bypass download restrictions through a crafted HTML page. The vulnerability requires user interaction (clicking a link or visiting a malicious page) but has low real-world impact-it enables integrity bypass only, not code execution or confidentiality breaches. No public exploit code or active exploitation has been identified; the low EPSS score (0.02%) reflects minimal practical risk despite the network attack vector.

Authentication Bypass Google Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5885 MEDIUM PATCH This Month

Memory disclosure in Google Chrome on Windows prior to version 147.0.7727.55 allows remote attackers to extract sensitive information from process memory by delivering a crafted HTML page through WebML parsing. The vulnerability stems from insufficient input validation in the WebML component and requires user interaction (visiting a malicious page), making it a moderate-risk information disclosure affecting a ubiquitous browser platform.

Information Disclosure Google Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-39974 npm HIGH PATCH GHSA This Week

Server-Side Request Forgery in n8n-mcp (npm package) versions ≤2.47.3 allows authenticated attackers with valid AUTH_TOKEN to force the server to issue HTTP requests to arbitrary URLs via manipulated multi-tenant HTTP headers (x-n8n-url, x-n8n-key). Response bodies are reflected through JSON-RPC, enabling unauthorized access to cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Oracle, Alibaba), internal network services, and any host reachable by the server process. Multi-tenant HTTP deployments with shared or multiple AUTH_TOKENs are at highest risk. No public exploit identified at time of analysis.

SSRF Oracle Microsoft
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-39885 npm HIGH PATCH GHSA This Week

Server-Side Request Forgery in mcp-from-openapi (<= 2.1.2) allows unauthenticated remote attackers to retrieve cloud metadata credentials, scan internal networks, and read local files by providing malicious OpenAPI specifications containing $ref pointers to internal URLs (http://169.254.169.254/) or file:// paths. The library's json-schema-ref-parser fetches referenced resources without protocol or hostname restrictions during OpenAPI document initialization, enabling AWS/GCP/Azure credential theft and arbitrary file disclosure with no privileges required beyond spec submission.

SSRF Microsoft
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34721 MEDIUM PATCH This Month

Cross-site request forgery in Zammad OAuth callback endpoints for Microsoft, Google, and Facebook authentication allows authenticated attackers to hijack user sessions by crafting malicious requests that bypass CSRF state validation, potentially granting unauthorized access to user accounts and helpdesk data. The vulnerability affects Zammad versions prior to 7.0.1 and 6.5.4, and while no public exploit code has been identified, the attack requires user interaction and moderate attacker effort to execute successfully.

Google CSRF Microsoft
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-39844 PyPI MEDIUM PATCH GHSA This Month

Path traversal via backslash bypass in NiceGUI file upload sanitization allows arbitrary file write on Windows systems. The vulnerability exploits a cross-platform path handling inconsistency where PurePosixPath fails to strip backslash-based path traversal sequences, enabling attackers to write files outside the intended upload directory when applications construct paths using the sanitized filename. Windows deployments are exclusively affected; potential remote code execution is possible if executables or application files can be overwritten. No public exploit code identified at time of analysis, though the vulnerability is confirmed in NiceGUI versions prior to 3.10.0.

Python Path Traversal Apple RCE Microsoft
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-4483 HIGH PATCH This Week

Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.

Microsoft Privilege Escalation
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-34045 CRITICAL PATCH Act Now

Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). SSVC marks exploitation as proof-of-concept and automatable; publicly available exploit code exists, but EPSS probability is low (0.06%, 19th percentile).

Kubernetes Information Disclosure Microsoft Podman Desktop
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-39361 HIGH This Week

Server-Side Request Forgery (SSRF) in OpenObserve up to 0.70.3 allows authenticated attackers to bypass IPv6 address validation and access internal network resources, including cloud metadata services. The vulnerability enables retrieval of AWS IMDSv1 credentials at 169.254.169.254, GCP metadata endpoints, and Azure IMDS on cloud deployments, or probing of internal services in self-hosted environments. CVSS score of 7.7 reflects high confidentiality impact with changed scope. No public exploit identified at time of analysis, though exploitation requires only low-complexity authenticated network access.

SSRF Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-14821 HIGH PATCH This Week

Local man-in-the-middle and SSH security downgrade in libssh on Windows stems from the library automatically loading configuration files from C:\etc, a directory that any unprivileged local user can create and populate. By planting a malicious config, an attacker can manipulate trusted host data and weaken SSH cryptographic negotiation, compromising the confidentiality, integrity, and availability of SSH sessions established by applications linking libssh. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not in CISA KEV.

Microsoft Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34765 npm MEDIUM PATCH GHSA This Month

Electron's window.open() handler fails to properly scope named-window lookups to the opener's browsing context group, allowing a renderer to hijack an existing child window opened by a different renderer and potentially inherit elevated webPreferences including privileged preload scripts. This affects Electron versions before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, and poses a remote code execution risk only in applications that open multiple top-level windows with differing trust levels and grant child windows elevated permissions via setWindowOpenHandler. No public exploit identified at time of analysis.

Microsoft RCE Information Disclosure
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2026-1078 HIGH This Week

Arbitrary file write in Pega Browser Extension allows remote attackers to compromise system integrity when Robot Runtime users visit malicious websites while running automations in Chrome or Edge. Affects Pega Robotic Automation versions 22.1 and R25. Attack requires user interaction (navigating to attacker-controlled site) but no authentication. No public exploit identified at time of analysis, though attack complexity is low once user visits malicious site.

Google Microsoft Authentication Bypass Chrome
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-33227 Maven MEDIUM PATCH This Month

Improper path validation in Apache ActiveMQ Client and Broker allows authenticated users to traverse the classpath via crafted 'key' values in Stomp consumer creation and Web console message browsing operations, potentially enabling information disclosure or chaining with secondary attacks for greater impact. Affects ActiveMQ Client/Broker versions before 5.19.3 and 6.0.0-6.2.1; patch available in 5.19.4 and 6.2.3 (5.19.3/6.2.2 have platform-specific limitations). EPSS score of 0.04% indicates l

Apache Path Traversal Microsoft
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65116 MEDIUM PATCH This Month

Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.

Buffer Overflow Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-65115 HIGH PATCH This Week

Remote code execution in Hitachi's JP1/IT Desktop Management suite allows authenticated network attackers to execute arbitrary code on Windows systems running Manager, Operations Director, and Client components. Affects multiple product generations spanning versions 9.x through 13.x across nine distinct product lines. CVSS score of 8.8 reflects network-accessible attack surface with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, though CWE-73 (external control of file name or path) indicates potential for path traversal-based exploitation. Hitachi has released patches addressing versions 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, and 12-60-12 for actively supported products.

RCE Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-35199 MEDIUM PATCH This Month

Heap buffer overflow in Microsoft SymCrypt versions 103.5.0 through 103.10.x allows local authenticated attackers to cause denial of service or limited integrity compromise via silent truncation of a 64-bit leaf count parameter to 32 bits in the SymCryptXmssSign function during XMSS^MT signature operations with tree height >= 32. Real-world risk is significantly mitigated by the requirement for attacker-controlled signing parameters (uncommon in production), the private-key-operation context, and Microsoft's explicit guidance that XMSS^MT signing should only occur in Hardware Security Modules and is provided in SymCrypt for testing purposes only. No public exploit code or active exploitation has been identified.

Heap Overflow Buffer Overflow Microsoft
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2018-25245 HIGH POC This Week

Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Redirect Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25244 MEDIUM POC This Month

Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25243 MEDIUM POC This Month

Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25242 MEDIUM POC This Month

Microsoft One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25241 HIGH POC This Week

Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25240 MEDIUM POC This Month

Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25239 MEDIUM POC This Month

Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25238 MEDIUM POC This Month

Microsoft VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35459 PyPI CRITICAL GHSA Act Now

Server-Side Request Forgery (SSRF) in pyload-ng allows authenticated users with ADD permission to access internal network resources and cloud metadata endpoints by exploiting unchecked HTTP redirect handling. The vulnerability bypasses CVE-2026-33992 mitigations through redirect chains-pycurl follows up to 10 redirects automatically without validating destination IPs against the SSRF filter. Attackers can retrieve AWS/GCP/Azure instance metadata (including IAM credentials) and probe internal services. While exploitation requires authentication (reducing severity from the Critical unauthenticated CVE-2026-33992), a public proof-of-concept demonstrates the attack and no vendor-released patch has been identified at time of analysis.

SSRF Microsoft
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-35409 npm HIGH PATCH GHSA This Week

Server-Side Request Forgery (SSRF) in Directus headless CMS allows authenticated attackers (or unauthenticated users with public file-import permissions) to bypass IP address deny-list protections and access internal network resources. Attackers exploit IPv4-Mapped IPv6 address notation (e.g., ::ffff:127.0.0.1) to circumvent validation logic, enabling unauthorized requests to localhost services, internal databases, caches, APIs, and cloud instance metadata endpoints (AWS/GCP/Azure IMDS). With CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicating low attack complexity, network accessibility, and scope change with high confidentiality impact, this represents a significant risk for data exfiltration from cloud environments and internal infrastructure. No public exploit identified at time of analysis, though the technical details in the advisory provide clear exploitation guidance.

SSRF Canonical Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-32186 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Microsoft Bing contains a server-side request forgery (SSRF) vulnerability that allows elevation of privilege through improperly validated requests. The flaw affects Microsoft Bing across all versions and enables attackers to bypass access controls and escalate privileges by causing the application to make unintended requests to internal or external resources. A vendor-released patch is available.

Microsoft SSRF
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-28373 CRITICAL Act Now

Stackfield Desktop App before version 1.10.2 for macOS and Windows allows arbitrary file writes to the filesystem through a path traversal vulnerability in its decryption functionality when processing the filePath property. A malicious export file can enable attackers to overwrite critical system or application files, potentially leading to code execution or application compromise without requiring user interaction beyond opening the malicious export.

Path Traversal Apple Microsoft
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-27655 HIGH PATCH This Week

Stored cross-site scripting in Zohocorp ManageEngine Exchange Reporter Plus (pre-5802) allows authenticated attackers to inject malicious scripts via the Permissions Based on Mailboxes report, potentially compromising administrator sessions and stealing high-privilege credentials. Attack requires low complexity and user interaction from a victim administrator. CVSS 7.3 (High) reflects significant confidentiality and integrity impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

XSS Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-4108 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Zohocorp ManageEngine Exchange Reporter Plus versions prior to 5802 allows authenticated attackers to inject malicious scripts through the Non-Owner Mailbox Permission report, potentially compromising confidentiality and integrity of user sessions. With CVSS 7.3 (High) and EPSS data unavailable, exploitation requires low attack complexity and authenticated access with user interaction. No public exploit identified at time of analysis, and vendor has released patched version 5802.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-4107 HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts via the Folder Message Count and Size report. With CVSS 7.3 (High severity) and requiring low-privilege authentication with user interaction, successful exploitation enables session hijacking and credential theft within the administrative interface. No public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack surface with low complexity.

XSS Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3880 HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus (versions prior to 5802) allows authenticated attackers to inject malicious scripts through the Public Folder Client Permissions report, enabling session hijacking and credential theft with medium exploitation complexity. No active exploitation confirmed (not present in CISA KEV), though the network-accessible attack vector and stored nature of the XSS elevate real-world risk for organizations using this Exchange monitoring solution.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3879 HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus (versions prior to 5802) allows authenticated attackers with low privileges to inject malicious scripts into Equipment Mailbox Details reports, enabling session hijacking and credential theft against administrative users who view the poisoned reports. No active exploitation confirmed (not in CISA KEV), but the vulnerability affects organizations monitoring Microsoft Exchange environments through ManageEngine's reporting platform.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28703 HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts into the 'Mails Exchanged Between Users' report. With CVSS 7.3 (High severity) and low attack complexity (AC:L), this vulnerability requires low-privilege authentication (PR:L) and user interaction (UI:R) to achieve high confidentiality and integrity impact. No public exploit identified at time of analysis, though authentication requirements lower the barrier for insider threats or compromised accounts.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28756 HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers with low privileges to inject malicious scripts into the Permissions based on Distribution Groups report, potentially leading to session hijacking and account compromise of administrators viewing the report. No active exploitation confirmed (CISA KEV absent), but the network-accessible attack vector and low complexity make this exploitable with publicly documented vendor advisory details.

XSS Microsoft
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28754 HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus versions prior to 5802 allows authenticated attackers with low privileges to inject malicious scripts into Distribution Lists reports that execute when viewed by other users, potentially compromising session tokens and account credentials of administrators or other privileged users. The vulnerability requires user interaction (victim must view the malicious report) but enables high-impact attacks against confidentiality and integrity within the application scope. No public exploit code or active exploitation has been identified at time of analysis.

XSS Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7024 MEDIUM This Month

AIRBUS TETRA Connectivity Server 7.0 on Windows Server allows privilege escalation to SYSTEM via incorrect default directory permissions (CWE-276), enabling local authenticated attackers to execute arbitrary code by placing a crafted file in a vulnerable directory with user interaction. The vulnerability affects TETRA Connectivity Server version 7.0, with patches available for versions 8.0 and 9.0. No public exploit code or active exploitation in the wild has been identified at time of analysis.

Privilege Escalation RCE Microsoft
NVD VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2026-35037 Go HIGH PATCH GHSA This Week

Unauthenticated Server-Side Request Forgery (SSRF) in Ech0's /api/website/title endpoint allows remote attackers to access internal network services, cloud metadata endpoints (AWS IMDSv1 at 169.254.169.254), and localhost-bound resources without authentication. The vulnerability accepts arbitrary URLs via the website_url parameter with zero validation, enabling attackers to probe internal infrastructure and exfiltrate partial response data through HTML title tag extraction. CVSS 7.2 reflects the

SSRF Information Disclosure Microsoft Redis
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-35036 Go HIGH PATCH GHSA This Week

Unauthenticated server-side request forgery in Ech0's link preview endpoint allows remote attackers to force the application server to perform HTTP/HTTPS requests to arbitrary internal and external targets. The /api/website/title route requires no authentication, performs no URL validation, follows redirects by default, and disables TLS certificate verification (InsecureSkipVerify: true). Attackers can probe internal networks, access cloud metadata services (169.254.169.254), and trigger denial-

SSRF Denial Of Service Apple Docker Microsoft +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34776 npm MEDIUM PATCH GHSA This Month

Out-of-bounds heap read in Electron's single-instance lock mechanism on macOS and Linux allows local attackers with same-user privileges to leak sensitive application memory through crafted second-instance messages. Affected Electron versions prior to 41.0.0, 40.8.1, 39.8.1, and 38.8.6 are vulnerable only if applications explicitly call app.requestSingleInstanceLock(); no public exploit code is currently identified, but the CVSS 5.3 score reflects moderate confidentiality impact combined with local attack complexity requirements.

Information Disclosure Buffer Overflow Microsoft Apple
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34775 npm MEDIUM PATCH GHSA This Month

Electron's nodeIntegrationInWorker webPreference fails to properly isolate Node.js integration in worker contexts across certain process-sharing configurations, allowing workers in frames explicitly configured with nodeIntegrationInWorker: false to unexpectedly gain Node.js capabilities. Only applications that explicitly enable nodeIntegrationInWorker are affected. The vulnerability carries a CVSS score of 6.8 and permits information disclosure and code execution in affected contexts, with no public exploit identified at time of analysis.

Node.js Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-34774 npm HIGH PATCH GHSA This Week

Use-after-free memory corruption in Electron framework (versions <39.8.1, <40.7.0, <41.0.0) allows unauthenticated remote attackers to potentially execute arbitrary code when offscreen rendering is enabled and child windows are permitted. The vulnerability triggers when a parent offscreen WebContents is destroyed while child windows remain active, causing subsequent paint operations to dereference freed memory. EPSS data not available; no public exploit identified at time of analysis. Fixed versions released by vendor.

Use After Free Memory Corruption Buffer Overflow Microsoft
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34773 npm MEDIUM PATCH GHSA This Month

Electron's setAsDefaultProtocolClient() on Windows fails to validate protocol names before writing to the Windows registry, allowing local authenticated attackers to hijack protocol handlers by writing to arbitrary HKCU\Software\Classes\ subkeys when apps pass untrusted input as the protocol parameter. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0, and requires local access and low privileges; no public exploit has been identified at time of analysis.

RCE Microsoft
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-34770 npm HIGH PATCH GHSA This Week

Use-after-free in Electron's powerMonitor module allows local attackers to trigger memory corruption or application crashes through system power events. All Electron applications (versions <38.8.6, <39.8.1, <40.8.0, <41.0.0-beta.8) that subscribe to powerMonitor events (suspend, resume, lock-screen) are vulnerable when garbage collection frees the PowerMonitor object while OS-level event handlers retain dangling pointers. Exploitation requires local access and specific timing conditions (CVSS 7.0 HIGH, AC:H). No public exploit identified at time of analysis, though the technical details are publicly documented in the GitHub security advisory.

Use After Free Memory Corruption Microsoft Apple Buffer Overflow
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34768 npm LOW PATCH GHSA Monitor

Electron's setLoginItemSettings() function on Windows fails to quote executable paths in the Run registry key, allowing local attackers with write access to ancestor directories to execute arbitrary programs at login if the app is installed to a path containing spaces. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, and requires high-privilege access and unfavorable conditions (non-standard install paths) to exploit, making real-world impact limited to non-default Windows configurations.

Microsoft Authentication Bypass
NVD GitHub
CVSS 3.1
3.9
EPSS
0.0%
CVE-2026-33107 CRITICAL PATCH NO ACTION HOSTED Monitor

Server-side request forgery in Azure Databricks enables unauthenticated remote attackers to achieve full privilege escalation with critical impact across confidentiality, integrity, and availability. The vulnerability carries a maximum CVSS 10.0 score with network-based attack vector, low complexity, and scope change, indicating attackers can leverage the SSRF to break out of Databricks' security boundary and access underlying cloud infrastructure or customer data. No public exploit or active exploitation confirmed at time of analysis, though the low attack complexity suggests straightforward exploitation once attack surface is identified.

Microsoft SSRF
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-33105 CRITICAL PATCH NO ACTION HOSTED Monitor

Microsoft Azure Kubernetes Service (AKS) contains an improper authorization vulnerability enabling unauthenticated remote attackers to elevate privileges over a network with critical impact across confidentiality, integrity, and availability. The CVSS 10.0 critical rating reflects network-accessible exploitation requiring no authentication, low complexity, and scope change allowing compromise beyond the vulnerable component. No public exploit identified at time of analysis, though the authentication bypass nature and maximum severity warrant immediate priority.

Microsoft Kubernetes Authentication Bypass
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-32213 CRITICAL PATCH NO ACTION HOSTED Monitor

Azure AI Foundry improper authorization permits unauthenticated remote attackers to escalate privileges and achieve complete compromise with high impact to confidentiality, integrity, and availability. The CVSS 10.0 rating reflects network-based attack vector with low complexity, no user interaction, and scope change indicating containerization/isolation escape. EPSS and KEV status not provided, but the authentication bypass affecting a cloud AI platform poses severe risk. No public exploit identified at time of analysis.

Microsoft Authentication Bypass
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-32211 CRITICAL PATCH NO ACTION HOSTED Monitor

Unauthenticated information disclosure in Azure MCP Server allows remote attackers to access sensitive data over the network without authentication. The vulnerability stems from missing authentication controls on critical functions (CWE-306), enabling attackers to bypass security boundaries and extract confidential information with minimal complexity. With CVSS 9.1 (Critical) and network-accessible attack vector requiring no privileges or user interaction, this represents a significant exposure for organizations running affected Azure MCP Server instances. No public exploit identified at time of analysis, though the straightforward authentication bypass nature increases likelihood of rapid weaponization.

Microsoft Authentication Bypass
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-32173 HIGH PATCH NO ACTION HOSTED Monitor

Information disclosure in Azure SRE Agent can be exploited by remote unauthenticated attackers via improper authentication mechanisms. The vulnerability carries an 8.6 CVSS score with network attack vector requiring low complexity and no user interaction, enabling attackers to extract high-confidentiality data with scope change impact. No public exploit identified at time of analysis, though the authentication bypass nature and network accessibility present significant risk to Azure infrastructure components.

Microsoft Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-26135 CRITICAL PATCH NO ACTION HOSTED Monitor

Server-side request forgery in Azure Custom Locations Resource Provider enables authenticated attackers with low-level privileges to elevate access and exfiltrate sensitive data across scope boundaries via network-based SSRF exploitation. This vulnerability affects Microsoft Azure infrastructure with a CVSS score of 9.6 (Critical), featuring scope change that allows attackers to reach resources beyond the vulnerable component's security context. No public exploit code or active exploitation confirmed at time of analysis, though the low attack complexity and network vector indicate straightforward exploitability once authenticated access is obtained.

Microsoft SSRF
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-34838 CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-33271 MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image for Windows before build 42902 allows authenticated users with low privileges to escalate to higher privileges through insecure folder permissions. An attacker with local access and user-level privileges can exploit improper permission settings on critical directories to achieve full system compromise, requiring user interaction (file execution or folder navigation). This vulnerability has a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact despite the elevated barriers to exploitation.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-27774 MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image (Windows) before build 42902 allows authenticated users with low privileges to gain high-integrity access through DLL hijacking. An attacker with local user access can exploit unsafe DLL loading to execute arbitrary code with elevated permissions, requiring user interaction (e.g., triggering a specific application action). No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-28728 MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image for Windows before build 42902 exploits DLL hijacking to allow authenticated users to escalate privileges. An attacker with local access and valid credentials can manipulate DLL load paths during application execution, requiring user interaction (such as opening a file or launching a feature), to gain elevated system privileges. This vulnerability has a CVSS score of 6.7 and affects all versions prior to the patched build.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-21765 HIGH This Week

Local privilege escalation in HCL BigFix Platform on Windows allows authenticated users with low privileges to access cryptographic private keys due to overly permissive file system permissions, potentially enabling complete system compromise with cross-scope impact. Authentication required (PR:L). No public exploit identified at time of analysis, though the attack is rated low complexity and fully automated. CVSS 8.8 severity driven by scope change and complete confidentiality/integrity/availability impact.

Microsoft Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30332 HIGH This Week

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.

RCE Microsoft
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34969 Go LOW PATCH GHSA Monitor

Nhost auth service exposes OAuth refresh tokens in redirect URL query parameters, allowing access to browser history, server logs, and proxy logs on owned infrastructure. While refresh tokens are single-use and leak vectors are primarily confined to developer-controlled systems, the vulnerability violates RFC 6749 token transport requirements and enables session hijacking if logs are accessed before the token is legitimately consumed. All OAuth providers (GitHub, Google, Apple) are affected equally through the same vulnerable callback handler.

Information Disclosure Apple Microsoft Google
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-34750 npm MEDIUM PATCH GHSA This Month

Path traversal in Payload CMS storage adapter client-upload signed-URL endpoints (S3, GCS, Azure, R2) prior to version 3.78.0 allows authenticated attackers to escape intended storage locations via unsanitized filenames, enabling arbitrary file writes to cloud storage buckets. The vulnerability requires user authentication and affects all four cloud storage integrations across the Payload CMS ecosystem.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-34515 PyPI MEDIUM PATCH GHSA This Month

AIOHTTP static resource handler on Windows exposes NTLMv2 remote path information to unauthenticated remote attackers, allowing information disclosure with high confidentiality impact. Versions prior to 3.13.4 are affected. The vulnerability has been patched and no active exploitation has been confirmed at this time.

Python Information Disclosure Microsoft Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2026-33544 Go HIGH PATCH GHSA This Week

Authentication bypass via OAuth token race condition in tinyauth allows concurrent attackers to hijack user sessions and gain unauthorized access to victim accounts. The vulnerability affects tinyauth v5.0.4 and earlier versions where singleton OAuth service instances share mutable PKCE verifier and access token fields across all concurrent requests. When two users authenticate simultaneously with the same OAuth provider (GitHub, Google, or generic OAuth), the second request overwrites the first

Race Condition Authentication Bypass Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-34447 PyPI MEDIUM PATCH GHSA This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files outside the model directory through symlink traversal during external data loading, requiring user interaction to load a malicious model file. The vulnerability has a CVSS score of 5.5 (medium severity) and is classified as information disclosure with confirmed patch availability in version 1.21.0.

Information Disclosure Microsoft Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34446 PyPI MEDIUM PATCH GHSA This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files by exploiting a hardlink-based path traversal vulnerability in onnx.load(). The vulnerability bypasses existing symlink protections because hardlinks appear as regular files to filesystem checks. An attacker with local file system access can craft a malicious ONNX model file using hardlinks to access sensitive data outside the intended directory, requiring user interaction to load the crafted model. No public exploit code has been identified; EPSS score of 4.7 indicates low exploitation probability despite moderate CVSS impact.

Path Traversal Microsoft Red Hat Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-34445 PyPI HIGH PATCH GHSA This Week

Arbitrary attribute injection in ONNX Python library (versions prior to 1.21.0) allows unauthenticated remote attackers to manipulate internal object properties by embedding malicious metadata in ONNX model files, resulting in potential information disclosure, data integrity violations, and high availability impact (CVSS 8.6). The vulnerability stems from unchecked use of Python's setattr() with externally-controlled keys during ExternalDataInfo deserialization. No public exploit code or CISA KEV listing identified at time of analysis, but proof-of-concept development is trivial given the straightforward nature of Python attribute manipulation. EPSS data not provided, but the unauthenticated network-accessible attack vector and low complexity suggest material risk for organizations processing untrusted ONNX models.

Python Microsoft Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-34397 MEDIUM PATCH This Month

Local privilege escalation in Himmelblau versions 2.0.0-alpha through 2.3.8 and 3.0.0-alpha through 3.1.0 allows authenticated users to assume privileged group membership when their Azure Entra ID-mapped CN or short name collides with system group names (sudo, wheel, docker, adm, etc.). The NSS module resolves the collision to the attacker's fake primary group, potentially granting group-level privileges if the system uses NSS for authorization decisions. CVSS 6.3 (medium); no public exploit identified at time of analysis.

Microsoft Privilege Escalation Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-34510 npm MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style network paths without proper local-path validation, allowing unauthenticated remote attackers to bypass access restrictions and read local files. With a CVSS score of 6.9 and network-based attack vector requiring no user interaction, this vulnerability presents moderate risk to systems processing untrusted media content. No public exploit code or active exploitation has been confirmed at the time of analysis.

Path Traversal Microsoft
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-5277 HIGH PATCH This Week

Integer overflow in ANGLE (Google's OpenGL abstraction layer) in Chrome on Windows before version 146.0.7680.178 enables out-of-bounds memory writes if the renderer process is compromised, allowing an attacker to execute arbitrary code with renderer privileges. The vulnerability requires prior renderer process compromise, limiting the immediate attack surface but representing a critical post-compromise escalation vector. Chromium severity is rated High; patch availability confirms vendor remediation.

Google Buffer Overflow Microsoft Debian Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34604 npm HIGH PATCH GHSA This Week

Path traversal via symlink/junction bypass in @tinacms/graphql FilesystemBridge allows authenticated remote attackers with low privileges to read, write, and delete arbitrary files outside the configured content root. The vulnerability exploits a realpath canonicalization gap where path validation checks lexical string paths but filesystem operations follow symlink targets. Attack complexity is high (CVSS AC:H) as it requires pre-existing symlinks/junctions within the content tree or the ability

Path Traversal Microsoft Canonical
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-34603 npm HIGH PATCH GHSA This Week

TinaCMS CLI media handlers can be bypassed via symlink/junction traversal, allowing authenticated low-privilege attackers to list, write, and delete files outside the configured media root directory. The vulnerability exists in @tinacms/cli's dev server media routes despite recent path-traversal hardening, because validation performs only lexical string checks without resolving symlink targets. Attack complexity is high (requires pre-existing symlink under media root), but impact is significant with confirmed read/write primitives. Vendor patch available via GitHub commit f124eaba. EPSS and KEV data not provided; no public exploit identified at time of analysis beyond researcher's local Windows junction proof-of-concept.

Path Traversal Microsoft Canonical
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Stored cross-site scripting (XSS) in Microsoft SharePoint Server allows authenticated users to inject malicious scripts that execute in the browsers of other authorized users viewing affected web pages, enabling account spoofing and credential theft within enterprise collaboration environments. The vulnerability affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition across all versions prior to specific patch releases. CVSS score of 4.6 reflects low severity due to authentication requirement and user interaction needed, but real-world risk is elevated in multi-user SharePoint deployments where XSS can be weaponized for privilege escalation or lateral movement.

XSS Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Management Services (all supported Windows 10/11 and Server versions) allows authenticated local attackers with low privileges to gain high-level system access via race condition exploitation. Vendor-released patches are available for all affected versions. CVSS score of 7.8 reflects high complexity attack requiring precise timing but enabling full system compromise with changed scope. No public exploit identified at time of analysis, though the race condition cla

Information Disclosure Race Condition Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.x) transmits sensitive authentication credentials in cleartext in API responses for Secure Message Exchange and RADIUS configurations, allowing authenticated attackers with network access to intercept and view passwords. The vulnerability requires user interaction (UI:R) and prior authentication (PR:L), affecting confidentiality of stored credentials in these integrations with a CVSS score of 5.7.

Fortinet Information Disclosure Microsoft +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated administrators to trigger arbitrary code execution on their own workstations through improper CSV formula sanitization in the chat export feature. When exporting chat history to Excel via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, formula strings (e.g., =cmd|'/c calc'!A1) are written unsanitized to the .xlsx file, enabling Dynamic Data Exchange (DDE) exploitation when the file is opened in Microsoft Excel. No public exploit code has been identified, but the vulnerability represents a high-impact attack path for administrators with legitimate export access and is a direct repeat of a previously patched flaw (CVE-2025-4546) that was incompletely remediated across the codebase.

RCE Microsoft
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Shell command injection in NSA Emissary's Executrix.getCommand() allows authenticated users with place configuration authorship to achieve arbitrary OS command execution when any payload is processed. The framework constructs /bin/sh -c commands by directly substituting IN_FILE_ENDING and OUT_FILE_ENDING configuration values into temporary file paths without escaping or validation, despite implementing input sanitization for similar parameters (placeName). Vendor-released patch available (commit 1faf33f). CVSS 8.8 (high) reflects local attack vector requiring low privileges, but scope change to C indicates container/JVM breakout potential. No CISA KEV listing or public exploit identified at time of analysis, though detailed proof-of-concept exists in advisory including Docker-based reproduction and unit test.

Denial Of Service Command Injection Docker +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Command injection in simple-git npm package versions ≤3.28.0 enables arbitrary code execution via crafted Git options. Attackers who control Git command options can bypass the allowUnsafePack safety restriction using malformed variations of the -u flag (e.g., -vu, -4u, --u) to execute shell commands on Linux systems. This vulnerability stems from an incomplete fix for CVE-2022-25860, with proof-of-concept code publicly available demonstrating file creation via touch command. EPSS data not provid

Command Injection Docker Microsoft
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Cortex XDR agent on Windows versions 7.9-CE through 9.0 allows authenticated local administrators to disable the agent through a protection mechanism bypass, enabling malware to operate undetected. The vulnerability requires high privileges and local access, but creates a critical detection evasion vector when exploited by administratively compromised systems or insider threats. No public exploit code or active exploitation has been reported at time of analysis.

Paloalto Information Disclosure Microsoft +1
NVD VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

Remote code execution in Palo Alto Networks Autonomous Digital Experience Manager on Windows via certificate validation bypass allows unauthenticated attackers with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges. CVSS score is 2.0 but reflects a physical adjacency attack vector (AV:P); real-world risk depends on network topology and whether the manager is exposed on trusted adjacent networks. No public exploit code or active exploitation has been confirmed at time of analysis.

Paloalto RCE Microsoft +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. With CVSS 7.2 (High complexity, network-accessible, no privileges required) and tags indicating JWT attack vectors and information disclosure potential, this represents a critical integration security flaw requiring immediate patching to version 1.5.52 or later.

Information Disclosure Microsoft Jwt Attack +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Nitro PDF Pro for Windows version 14.41.1.4 crashes when processing maliciously crafted XFA (XML Forms Architecture) packets due to a NULL pointer dereference, enabling remote denial-of-service attacks without authentication. An attacker can deliver a weaponized PDF containing the crafted XFA packet, causing the application to terminate when opened. EPSS exploitation probability is very low (0.01%, 2nd percentile), no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis. Despite CVSS 7.5 (High), real-world risk is limited to availability impact only - no code execution, data theft, or privilege escalation possible.

Denial Of Service Null Pointer Dereference Microsoft
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Heap use-after-free in Nitro PDF Pro 14.41.1.4 for Windows allows local code execution via malicious PDF containing crafted JavaScript calling this.mailDoc(). The vulnerability stems from premature deallocation of an XID object whose freed pointer is passed to wcscmp() and other functions, where attacker-controlled strings in the freed heap region can manipulate program flow. CVSS 8.4 (AV:L/PR:N) indicates local attack vector requiring no privileges or user interaction. EPSS 0.01% suggests low immediate exploitation probability; no public exploit identified at time of analysis.

Denial Of Service Use After Free Microsoft +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) allows remote attackers to spoof visual elements through a low-complexity network-based attack requiring user interaction, potentially disclosing limited information to unauthenticated users. The vulnerability affects all versions of Microsoft Edge based on Chromium and carries a CVSS score of 4.3 with low confidentiality impact but no code execution or availability risk. A vendor-released patch is available.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) on Android contains a user interface misrepresentation vulnerability that allows unauthenticated remote attackers to conduct spoofing attacks over a network. The vulnerability exploits UI rendering to misrepresent critical information to end users, enabling attackers to deceive users into taking unintended actions. While the CVSS score is moderate (5.4), the attack requires user interaction and only impacts confidentiality and integrity; a vendor-released patch is available.

Authentication Bypass Google Microsoft
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass sender allowlist checks in Microsoft Teams feedback invoke endpoints, enabling unauthorized recording of session feedback. The vulnerability exploits improper authorization logic in feedback processing, granting attackers the ability to trigger feedback recording or reflection operations that should be restricted to authorized senders. No public exploit code has been identified at the time of analysis.

Authentication Bypass Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Improperly restricted file permissions on Rapid7 Insight Agent installer certificate files on Windows systems allow locally authenticated standard users to read the agent's private key (client.key), enabling identity material disclosure and potential lateral movement or agent impersonation. CVSS 6.8 (CVSS:4.0 LOCAL/LOW complexity, PR:L) reflects local authentication requirement; CISA KEV status not confirmed. Rapid7 released patched version 4.1.0.2 addressing this permission misconfiguration.

Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Man-in-the-middle attack against Juniper Networks Apstra allows unauthenticated attackers to impersonate managed network devices and capture credentials due to insufficient SSH host key validation. The vulnerability affects all Apstra versions before 6.1.1, enabling interception of SSH connections between the Apstra orchestration platform and managed infrastructure. No public exploit identified at time of analysis, though the attack requires network positioning between Apstra and target devices.

Information Disclosure Microsoft Juniper +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

NTLM credential theft in SiYuan personal knowledge management system (prior to 3.6.4) allows remote attackers to capture Windows user password hashes without authentication or user interaction. Misconfigured Mermaid.js rendering with securityLevel:loose permits unsanitized <img> tags within SVG foreignObject blocks. Protocol-relative URLs in malicious Mermaid diagrams trigger automatic SMB authentication on Windows, transmitting NTLMv2 hashes to attacker-controlled servers when victims open compromised notes. Electron client processes the SVG via innerHTML without secondary sanitization, enabling SSRF to UNC paths.

SSRF Microsoft
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Authentication bypass in V2Board 1.6.1-1.7.4 and Xboard ≤0.1.9 enables unauthenticated account takeover including admin privileges. When login_with_mail_link_enable is active, attackers POST known email addresses to the loginWithMailLink endpoint, receiving full authentication URLs in HTTP responses. Tokens extracted from these URLs are exchanged at token2Login for valid bearer tokens granting complete account access. Publicly available exploit code exists. CVSS 9.1 critical severity reflects network-accessible attack with no user interaction required.

Information Disclosure Microsoft V2Board +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

DLL injection in GatewayGeo MapServer for Windows version 5 enables authenticated local attackers to escalate privileges to SYSTEM level through crafted executable placement. The vulnerability exploits insecure library loading paths, allowing low-privileged users to inject malicious DLLs that execute with elevated permissions. Publicly available exploit code exists. Affects Windows deployments only; CVSS 8.8 reflects local attack vector requiring low privileges but achieving full system compromise across security boundaries.

Privilege Escalation Microsoft
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Domain spoofing via incorrect security UI in Google Chrome on Windows prior to version 147.0.7727.55 allows unauthenticated remote attackers to deceive users through crafted HTML pages that exploit flawed permission display mechanisms. The attack requires user interaction (clicking or viewing a malicious page) but carries moderate real-world risk due to low EPSS exploitation probability (0.03%, 7th percentile) despite the high CVSS impact score, suggesting the vulnerability requires specific user actions or conditions to successfully exploit.

Google Information Disclosure Microsoft +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Google Chrome on Windows prior to version 147.0.7727.55 fails to properly validate user input in the Downloads functionality, allowing remote attackers to bypass download restrictions through a crafted HTML page. The vulnerability requires user interaction (clicking a link or visiting a malicious page) but has low real-world impact-it enables integrity bypass only, not code execution or confidentiality breaches. No public exploit code or active exploitation has been identified; the low EPSS score (0.02%) reflects minimal practical risk despite the network attack vector.

Authentication Bypass Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory disclosure in Google Chrome on Windows prior to version 147.0.7727.55 allows remote attackers to extract sensitive information from process memory by delivering a crafted HTML page through WebML parsing. The vulnerability stems from insufficient input validation in the WebML component and requires user interaction (visiting a malicious page), making it a moderate-risk information disclosure affecting a ubiquitous browser platform.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-Side Request Forgery in n8n-mcp (npm package) versions ≤2.47.3 allows authenticated attackers with valid AUTH_TOKEN to force the server to issue HTTP requests to arbitrary URLs via manipulated multi-tenant HTTP headers (x-n8n-url, x-n8n-key). Response bodies are reflected through JSON-RPC, enabling unauthorized access to cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Oracle, Alibaba), internal network services, and any host reachable by the server process. Multi-tenant HTTP deployments with shared or multiple AUTH_TOKENs are at highest risk. No public exploit identified at time of analysis.

SSRF Oracle Microsoft
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Server-Side Request Forgery in mcp-from-openapi (<= 2.1.2) allows unauthenticated remote attackers to retrieve cloud metadata credentials, scan internal networks, and read local files by providing malicious OpenAPI specifications containing $ref pointers to internal URLs (http://169.254.169.254/) or file:// paths. The library's json-schema-ref-parser fetches referenced resources without protocol or hostname restrictions during OpenAPI document initialization, enabling AWS/GCP/Azure credential theft and arbitrary file disclosure with no privileges required beyond spec submission.

SSRF Microsoft
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cross-site request forgery in Zammad OAuth callback endpoints for Microsoft, Google, and Facebook authentication allows authenticated attackers to hijack user sessions by crafting malicious requests that bypass CSRF state validation, potentially granting unauthorized access to user accounts and helpdesk data. The vulnerability affects Zammad versions prior to 7.0.1 and 6.5.4, and while no public exploit code has been identified, the attack requires user interaction and moderate attacker effort to execute successfully.

Google CSRF Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Path traversal via backslash bypass in NiceGUI file upload sanitization allows arbitrary file write on Windows systems. The vulnerability exploits a cross-platform path handling inconsistency where PurePosixPath fails to strip backslash-based path traversal sequences, enabling attackers to write files outside the intended upload directory when applications construct paths using the sanitized filename. Windows deployments are exclusively affected; potential remote code execution is possible if executables or application files can be overwritten. No public exploit code identified at time of analysis, though the vulnerability is confirmed in NiceGUI versions prior to 3.10.0.

Python Path Traversal Apple +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.

Microsoft Privilege Escalation
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Denial-of-service and information disclosure in Podman Desktop prior to 1.26.2 stem from an unauthenticated HTTP server that any network attacker can reach without credentials or user interaction. By abusing missing connection limits and timeouts, an attacker exhausts file descriptors and kernel memory to crash the application or freeze the entire host, while verbose error responses leak internal filesystem paths and system details (including Windows usernames). SSVC marks exploitation as proof-of-concept and automatable; publicly available exploit code exists, but EPSS probability is low (0.06%, 19th percentile).

Kubernetes Information Disclosure Microsoft +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Server-Side Request Forgery (SSRF) in OpenObserve up to 0.70.3 allows authenticated attackers to bypass IPv6 address validation and access internal network resources, including cloud metadata services. The vulnerability enables retrieval of AWS IMDSv1 credentials at 169.254.169.254, GCP metadata endpoints, and Azure IMDS on cloud deployments, or probing of internal services in self-hosted environments. CVSS score of 7.7 reflects high confidentiality impact with changed scope. No public exploit identified at time of analysis, though exploitation requires only low-complexity authenticated network access.

SSRF Microsoft
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local man-in-the-middle and SSH security downgrade in libssh on Windows stems from the library automatically loading configuration files from C:\etc, a directory that any unprivileged local user can create and populate. By planting a malicious config, an attacker can manipulate trusted host data and weaken SSH cryptographic negotiation, compromising the confidentiality, integrity, and availability of SSH sessions established by applications linking libssh. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not in CISA KEV.

Microsoft Information Disclosure Red Hat Enterprise Linux 10 +6
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Electron's window.open() handler fails to properly scope named-window lookups to the opener's browsing context group, allowing a renderer to hijack an existing child window opened by a different renderer and potentially inherit elevated webPreferences including privileged preload scripts. This affects Electron versions before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, and poses a remote code execution risk only in applications that open multiple top-level windows with differing trust levels and grant child windows elevated permissions via setWindowOpenHandler. No public exploit identified at time of analysis.

Microsoft RCE Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary file write in Pega Browser Extension allows remote attackers to compromise system integrity when Robot Runtime users visit malicious websites while running automations in Chrome or Edge. Affects Pega Robotic Automation versions 22.1 and R25. Attack requires user interaction (navigating to attacker-controlled site) but no authentication. No public exploit identified at time of analysis, though attack complexity is low once user visits malicious site.

Google Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Improper path validation in Apache ActiveMQ Client and Broker allows authenticated users to traverse the classpath via crafted 'key' values in Stomp consumer creation and Web console message browsing operations, potentially enabling information disclosure or chaining with secondary attacks for greater impact. Affects ActiveMQ Client/Broker versions before 5.19.3 and 6.0.0-6.2.1; patch available in 5.19.4 and 6.2.3 (5.19.3/6.2.2 have platform-specific limitations). EPSS score of 0.04% indicates l

Apache Path Traversal Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.

Buffer Overflow Microsoft
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Hitachi's JP1/IT Desktop Management suite allows authenticated network attackers to execute arbitrary code on Windows systems running Manager, Operations Director, and Client components. Affects multiple product generations spanning versions 9.x through 13.x across nine distinct product lines. CVSS score of 8.8 reflects network-accessible attack surface with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, though CWE-73 (external control of file name or path) indicates potential for path traversal-based exploitation. Hitachi has released patches addressing versions 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, and 12-60-12 for actively supported products.

RCE Microsoft
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Heap buffer overflow in Microsoft SymCrypt versions 103.5.0 through 103.10.x allows local authenticated attackers to cause denial of service or limited integrity compromise via silent truncation of a 64-bit leaf count parameter to 32 bits in the SymCryptXmssSign function during XMSS^MT signature operations with tree height >= 32. Real-world risk is significantly mitigated by the requirement for attacker-controlled signing parameters (uncommon in production), the private-key-operation context, and Microsoft's explicit guidance that XMSS^MT signing should only occur in Hardware Security Modules and is provided in SymCrypt for testing purposes only. No public exploit code or active exploitation has been identified.

Heap Overflow Buffer Overflow Microsoft
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Redirect Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Microsoft One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Microsoft Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the search interface. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Microsoft VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Server-Side Request Forgery (SSRF) in pyload-ng allows authenticated users with ADD permission to access internal network resources and cloud metadata endpoints by exploiting unchecked HTTP redirect handling. The vulnerability bypasses CVE-2026-33992 mitigations through redirect chains-pycurl follows up to 10 redirects automatically without validating destination IPs against the SSRF filter. Attackers can retrieve AWS/GCP/Azure instance metadata (including IAM credentials) and probe internal services. While exploitation requires authentication (reducing severity from the Critical unauthenticated CVE-2026-33992), a public proof-of-concept demonstrates the attack and no vendor-released patch has been identified at time of analysis.

SSRF Microsoft
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in Directus headless CMS allows authenticated attackers (or unauthenticated users with public file-import permissions) to bypass IP address deny-list protections and access internal network resources. Attackers exploit IPv4-Mapped IPv6 address notation (e.g., ::ffff:127.0.0.1) to circumvent validation logic, enabling unauthorized requests to localhost services, internal databases, caches, APIs, and cloud instance metadata endpoints (AWS/GCP/Azure IMDS). With CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicating low attack complexity, network accessibility, and scope change with high confidentiality impact, this represents a significant risk for data exfiltration from cloud environments and internal infrastructure. No public exploit identified at time of analysis, though the technical details in the advisory provide clear exploitation guidance.

SSRF Canonical Microsoft
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Microsoft Bing contains a server-side request forgery (SSRF) vulnerability that allows elevation of privilege through improperly validated requests. The flaw affects Microsoft Bing across all versions and enables attackers to bypass access controls and escalate privileges by causing the application to make unintended requests to internal or external resources. A vendor-released patch is available.

Microsoft SSRF
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Stackfield Desktop App before version 1.10.2 for macOS and Windows allows arbitrary file writes to the filesystem through a path traversal vulnerability in its decryption functionality when processing the filePath property. A malicious export file can enable attackers to overwrite critical system or application files, potentially leading to code execution or application compromise without requiring user interaction beyond opening the malicious export.

Path Traversal Apple Microsoft
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting in Zohocorp ManageEngine Exchange Reporter Plus (pre-5802) allows authenticated attackers to inject malicious scripts via the Permissions Based on Mailboxes report, potentially compromising administrator sessions and stealing high-privilege credentials. Attack requires low complexity and user interaction from a victim administrator. CVSS 7.3 (High) reflects significant confidentiality and integrity impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

XSS Microsoft
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting (XSS) in Zohocorp ManageEngine Exchange Reporter Plus versions prior to 5802 allows authenticated attackers to inject malicious scripts through the Non-Owner Mailbox Permission report, potentially compromising confidentiality and integrity of user sessions. With CVSS 7.3 (High) and EPSS data unavailable, exploitation requires low attack complexity and authenticated access with user interaction. No public exploit identified at time of analysis, and vendor has released patched version 5802.

XSS Microsoft
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts via the Folder Message Count and Size report. With CVSS 7.3 (High severity) and requiring low-privilege authentication with user interaction, successful exploitation enables session hijacking and credential theft within the administrative interface. No public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack surface with low complexity.

XSS Microsoft
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus (versions prior to 5802) allows authenticated attackers to inject malicious scripts through the Public Folder Client Permissions report, enabling session hijacking and credential theft with medium exploitation complexity. No active exploitation confirmed (not present in CISA KEV), though the network-accessible attack vector and stored nature of the XSS elevate real-world risk for organizations using this Exchange monitoring solution.

XSS Microsoft
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting in ManageEngine Exchange Reporter Plus (versions prior to 5802) allows authenticated attackers with low privileges to inject malicious scripts into Equipment Mailbox Details reports, enabling session hijacking and credential theft against administrative users who view the poisoned reports. No active exploitation confirmed (not in CISA KEV), but the vulnerability affects organizations monitoring Microsoft Exchange environments through ManageEngine's reporting platform.

XSS Microsoft
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts into the 'Mails Exchanged Between Users' report. With CVSS 7.3 (High severity) and low attack complexity (AC:L), this vulnerability requires low-privilege authentication (PR:L) and user interaction (UI:R) to achieve high confidentiality and integrity impact. No public exploit identified at time of analysis, though authentication requirements lower the barrier for insider threats or compromised accounts.

XSS Microsoft
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers with low privileges to inject malicious scripts into the Permissions based on Distribution Groups report, potentially leading to session hijacking and account compromise of administrators viewing the report. No active exploitation confirmed (CISA KEV absent), but the network-accessible attack vector and low complexity make this exploitable with publicly documented vendor advisory details.

XSS Microsoft
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus versions prior to 5802 allows authenticated attackers with low privileges to inject malicious scripts into Distribution Lists reports that execute when viewed by other users, potentially compromising session tokens and account credentials of administrators or other privileged users. The vulnerability requires user interaction (victim must view the malicious report) but enables high-impact attacks against confidentiality and integrity within the application scope. No public exploit code or active exploitation has been identified at time of analysis.

XSS Microsoft
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

AIRBUS TETRA Connectivity Server 7.0 on Windows Server allows privilege escalation to SYSTEM via incorrect default directory permissions (CWE-276), enabling local authenticated attackers to execute arbitrary code by placing a crafted file in a vulnerable directory with user interaction. The vulnerability affects TETRA Connectivity Server version 7.0, with patches available for versions 8.0 and 9.0. No public exploit code or active exploitation in the wild has been identified at time of analysis.

Privilege Escalation RCE Microsoft
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unauthenticated Server-Side Request Forgery (SSRF) in Ech0's /api/website/title endpoint allows remote attackers to access internal network services, cloud metadata endpoints (AWS IMDSv1 at 169.254.169.254), and localhost-bound resources without authentication. The vulnerability accepts arbitrary URLs via the website_url parameter with zero validation, enabling attackers to probe internal infrastructure and exfiltrate partial response data through HTML title tag extraction. CVSS 7.2 reflects the

SSRF Information Disclosure Microsoft +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated server-side request forgery in Ech0's link preview endpoint allows remote attackers to force the application server to perform HTTP/HTTPS requests to arbitrary internal and external targets. The /api/website/title route requires no authentication, performs no URL validation, follows redirects by default, and disables TLS certificate verification (InsecureSkipVerify: true). Attackers can probe internal networks, access cloud metadata services (169.254.169.254), and trigger denial-

SSRF Denial Of Service Apple +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds heap read in Electron's single-instance lock mechanism on macOS and Linux allows local attackers with same-user privileges to leak sensitive application memory through crafted second-instance messages. Affected Electron versions prior to 41.0.0, 40.8.1, 39.8.1, and 38.8.6 are vulnerable only if applications explicitly call app.requestSingleInstanceLock(); no public exploit code is currently identified, but the CVSS 5.3 score reflects moderate confidentiality impact combined with local attack complexity requirements.

Information Disclosure Buffer Overflow Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Electron's nodeIntegrationInWorker webPreference fails to properly isolate Node.js integration in worker contexts across certain process-sharing configurations, allowing workers in frames explicitly configured with nodeIntegrationInWorker: false to unexpectedly gain Node.js capabilities. Only applications that explicitly enable nodeIntegrationInWorker are affected. The vulnerability carries a CVSS score of 6.8 and permits information disclosure and code execution in affected contexts, with no public exploit identified at time of analysis.

Node.js Information Disclosure Microsoft
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-after-free memory corruption in Electron framework (versions <39.8.1, <40.7.0, <41.0.0) allows unauthenticated remote attackers to potentially execute arbitrary code when offscreen rendering is enabled and child windows are permitted. The vulnerability triggers when a parent offscreen WebContents is destroyed while child windows remain active, causing subsequent paint operations to dereference freed memory. EPSS data not available; no public exploit identified at time of analysis. Fixed versions released by vendor.

Use After Free Memory Corruption Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Electron's setAsDefaultProtocolClient() on Windows fails to validate protocol names before writing to the Windows registry, allowing local authenticated attackers to hijack protocol handlers by writing to arbitrary HKCU\Software\Classes\ subkeys when apps pass untrusted input as the protocol parameter. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0, and requires local access and low privileges; no public exploit has been identified at time of analysis.

RCE Microsoft
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use-after-free in Electron's powerMonitor module allows local attackers to trigger memory corruption or application crashes through system power events. All Electron applications (versions <38.8.6, <39.8.1, <40.8.0, <41.0.0-beta.8) that subscribe to powerMonitor events (suspend, resume, lock-screen) are vulnerable when garbage collection frees the PowerMonitor object while OS-level event handlers retain dangling pointers. Exploitation requires local access and specific timing conditions (CVSS 7.0 HIGH, AC:H). No public exploit identified at time of analysis, though the technical details are publicly documented in the GitHub security advisory.

Use After Free Memory Corruption Microsoft +2
NVD GitHub
EPSS 0% CVSS 3.9
LOW PATCH Monitor

Electron's setLoginItemSettings() function on Windows fails to quote executable paths in the Run registry key, allowing local attackers with write access to ancestor directories to execute arbitrary programs at login if the app is installed to a path containing spaces. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, and requires high-privilege access and unfavorable conditions (non-standard install paths) to exploit, making real-world impact limited to non-default Windows configurations.

Microsoft Authentication Bypass
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Server-side request forgery in Azure Databricks enables unauthenticated remote attackers to achieve full privilege escalation with critical impact across confidentiality, integrity, and availability. The vulnerability carries a maximum CVSS 10.0 score with network-based attack vector, low complexity, and scope change, indicating attackers can leverage the SSRF to break out of Databricks' security boundary and access underlying cloud infrastructure or customer data. No public exploit or active exploitation confirmed at time of analysis, though the low attack complexity suggests straightforward exploitation once attack surface is identified.

Microsoft SSRF
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Microsoft Azure Kubernetes Service (AKS) contains an improper authorization vulnerability enabling unauthenticated remote attackers to elevate privileges over a network with critical impact across confidentiality, integrity, and availability. The CVSS 10.0 critical rating reflects network-accessible exploitation requiring no authentication, low complexity, and scope change allowing compromise beyond the vulnerable component. No public exploit identified at time of analysis, though the authentication bypass nature and maximum severity warrant immediate priority.

Microsoft Kubernetes Authentication Bypass
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Azure AI Foundry improper authorization permits unauthenticated remote attackers to escalate privileges and achieve complete compromise with high impact to confidentiality, integrity, and availability. The CVSS 10.0 rating reflects network-based attack vector with low complexity, no user interaction, and scope change indicating containerization/isolation escape. EPSS and KEV status not provided, but the authentication bypass affecting a cloud AI platform poses severe risk. No public exploit identified at time of analysis.

Microsoft Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH NO ACTION HOSTED Monitor

Unauthenticated information disclosure in Azure MCP Server allows remote attackers to access sensitive data over the network without authentication. The vulnerability stems from missing authentication controls on critical functions (CWE-306), enabling attackers to bypass security boundaries and extract confidential information with minimal complexity. With CVSS 9.1 (Critical) and network-accessible attack vector requiring no privileges or user interaction, this represents a significant exposure for organizations running affected Azure MCP Server instances. No public exploit identified at time of analysis, though the straightforward authentication bypass nature increases likelihood of rapid weaponization.

Microsoft Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH NO ACTION HOSTED Monitor

Information disclosure in Azure SRE Agent can be exploited by remote unauthenticated attackers via improper authentication mechanisms. The vulnerability carries an 8.6 CVSS score with network attack vector requiring low complexity and no user interaction, enabling attackers to extract high-confidentiality data with scope change impact. No public exploit identified at time of analysis, though the authentication bypass nature and network accessibility present significant risk to Azure infrastructure components.

Microsoft Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH NO ACTION HOSTED Monitor

Server-side request forgery in Azure Custom Locations Resource Provider enables authenticated attackers with low-level privileges to elevate access and exfiltrate sensitive data across scope boundaries via network-based SSRF exploitation. This vulnerability affects Microsoft Azure infrastructure with a CVSS score of 9.6 (Critical), featuring scope change that allows attackers to reach resources beyond the vulnerable component's security context. No public exploit code or active exploitation confirmed at time of analysis, though the low attack complexity and network vector indicate straightforward exploitability once authenticated access is obtained.

Microsoft SSRF
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image for Windows before build 42902 allows authenticated users with low privileges to escalate to higher privileges through insecure folder permissions. An attacker with local access and user-level privileges can exploit improper permission settings on critical directories to achieve full system compromise, requiring user interaction (file execution or folder navigation). This vulnerability has a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact despite the elevated barriers to exploitation.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image (Windows) before build 42902 allows authenticated users with low privileges to gain high-integrity access through DLL hijacking. An attacker with local user access can exploit unsafe DLL loading to execute arbitrary code with elevated permissions, requiring user interaction (e.g., triggering a specific application action). No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Local privilege escalation in Acronis True Image for Windows before build 42902 exploits DLL hijacking to allow authenticated users to escalate privileges. An attacker with local access and valid credentials can manipulate DLL load paths during application execution, requiring user interaction (such as opening a file or launching a feature), to gain elevated system privileges. This vulnerability has a CVSS score of 6.7 and affects all versions prior to the patched build.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Local privilege escalation in HCL BigFix Platform on Windows allows authenticated users with low privileges to access cryptographic private keys due to overly permissive file system permissions, potentially enabling complete system compromise with cross-scope impact. Authentication required (PR:L). No public exploit identified at time of analysis, though the attack is rated low complexity and fully automated. CVSS 8.8 severity driven by scope change and complete confidentiality/integrity/availability impact.

Microsoft Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.

RCE Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Nhost auth service exposes OAuth refresh tokens in redirect URL query parameters, allowing access to browser history, server logs, and proxy logs on owned infrastructure. While refresh tokens are single-use and leak vectors are primarily confined to developer-controlled systems, the vulnerability violates RFC 6749 token transport requirements and enables session hijacking if logs are accessed before the token is legitimately consumed. All OAuth providers (GitHub, Google, Apple) are affected equally through the same vulnerable callback handler.

Information Disclosure Apple Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Path traversal in Payload CMS storage adapter client-upload signed-URL endpoints (S3, GCS, Azure, R2) prior to version 3.78.0 allows authenticated attackers to escape intended storage locations via unsanitized filenames, enabling arbitrary file writes to cloud storage buckets. The vulnerability requires user authentication and affects all four cloud storage integrations across the Payload CMS ecosystem.

Path Traversal Microsoft
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

AIOHTTP static resource handler on Windows exposes NTLMv2 remote path information to unauthenticated remote attackers, allowing information disclosure with high confidentiality impact. Versions prior to 3.13.4 are affected. The vulnerability has been patched and no active exploitation has been confirmed at this time.

Python Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Authentication bypass via OAuth token race condition in tinyauth allows concurrent attackers to hijack user sessions and gain unauthorized access to victim accounts. The vulnerability affects tinyauth v5.0.4 and earlier versions where singleton OAuth service instances share mutable PKCE verifier and access token fields across all concurrent requests. When two users authenticate simultaneously with the same OAuth provider (GitHub, Google, or generic OAuth), the second request overwrites the first

Race Condition Authentication Bypass Microsoft
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files outside the model directory through symlink traversal during external data loading, requiring user interaction to load a malicious model file. The vulnerability has a CVSS score of 5.5 (medium severity) and is classified as information disclosure with confirmed patch availability in version 1.21.0.

Information Disclosure Microsoft Suse
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files by exploiting a hardlink-based path traversal vulnerability in onnx.load(). The vulnerability bypasses existing symlink protections because hardlinks appear as regular files to filesystem checks. An attacker with local file system access can craft a malicious ONNX model file using hardlinks to access sensitive data outside the intended directory, requiring user interaction to load the crafted model. No public exploit code has been identified; EPSS score of 4.7 indicates low exploitation probability despite moderate CVSS impact.

Path Traversal Microsoft Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Arbitrary attribute injection in ONNX Python library (versions prior to 1.21.0) allows unauthenticated remote attackers to manipulate internal object properties by embedding malicious metadata in ONNX model files, resulting in potential information disclosure, data integrity violations, and high availability impact (CVSS 8.6). The vulnerability stems from unchecked use of Python's setattr() with externally-controlled keys during ExternalDataInfo deserialization. No public exploit code or CISA KEV listing identified at time of analysis, but proof-of-concept development is trivial given the straightforward nature of Python attribute manipulation. EPSS data not provided, but the unauthenticated network-accessible attack vector and low complexity suggest material risk for organizations processing untrusted ONNX models.

Python Microsoft Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Local privilege escalation in Himmelblau versions 2.0.0-alpha through 2.3.8 and 3.0.0-alpha through 3.1.0 allows authenticated users to assume privileged group membership when their Azure Entra ID-mapped CN or short name collides with system group names (sudo, wheel, docker, adm, etc.). The NSS module resolves the collision to the attacker's fake primary group, potentially granting group-level privileges if the system uses NSS for authorization decisions. CVSS 6.3 (medium); no public exploit identified at time of analysis.

Microsoft Privilege Escalation Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

OpenClaw before version 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style network paths without proper local-path validation, allowing unauthenticated remote attackers to bypass access restrictions and read local files. With a CVSS score of 6.9 and network-based attack vector requiring no user interaction, this vulnerability presents moderate risk to systems processing untrusted media content. No public exploit code or active exploitation has been confirmed at the time of analysis.

Path Traversal Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in ANGLE (Google's OpenGL abstraction layer) in Chrome on Windows before version 146.0.7680.178 enables out-of-bounds memory writes if the renderer process is compromised, allowing an attacker to execute arbitrary code with renderer privileges. The vulnerability requires prior renderer process compromise, limiting the immediate attack surface but representing a critical post-compromise escalation vector. Chromium severity is rated High; patch availability confirms vendor remediation.

Google Buffer Overflow Microsoft +4
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Path traversal via symlink/junction bypass in @tinacms/graphql FilesystemBridge allows authenticated remote attackers with low privileges to read, write, and delete arbitrary files outside the configured content root. The vulnerability exploits a realpath canonicalization gap where path validation checks lexical string paths but filesystem operations follow symlink targets. Attack complexity is high (CVSS AC:H) as it requires pre-existing symlinks/junctions within the content tree or the ability

Path Traversal Microsoft Canonical
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

TinaCMS CLI media handlers can be bypassed via symlink/junction traversal, allowing authenticated low-privilege attackers to list, write, and delete files outside the configured media root directory. The vulnerability exists in @tinacms/cli's dev server media routes despite recent path-traversal hardening, because validation performs only lexical string checks without resolving symlink targets. Attack complexity is high (requires pre-existing symlink under media root), but impact is significant with confirmed read/write primitives. Vendor patch available via GitHub commit f124eaba. EPSS and KEV data not provided; no public exploit identified at time of analysis beyond researcher's local Windows junction proof-of-concept.

Path Traversal Microsoft Canonical
NVD GitHub
Prev Page 20 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy