Microsoft
Monthly
Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.
Privilege escalation in ZITADEL identity platform (before 4.15.3) allows an attacker holding a low-privilege OAuth2 token to exchange it for elevated permissions at a different application, because the token-exchange endpoint fails to bind the subject token to the requesting client and does not constrain requested scopes to the original token's scopes. Any authenticated principal with a valid low-scope token can escalate laterally across relying applications; no public exploit is identified at time of analysis and it is not listed in CISA KEV. A vendor patch (4.15.3) and fixing commit are available.
Memory exhaustion in NanaZip's UFS/FFS archive handler (all versions prior to 6.5.1749.0) allows a local low-privilege attacker to terminate the NanaZip process by delivering a crafted disk image that a user opens. The root cause is missing upper-bound validation of the `fs_fsize` fragment size field in the UFS superblock - unlike `fs_bsize`, which is checked against MINBSIZE, `fs_fsize` flows unchecked into indirect-block, directory, and extraction buffer allocation calculations, enabling a tiny image file to trigger multi-gigabyte heap allocation requests. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.4 (Low) reflects the constrained local, user-interaction-required attack path with availability-only impact.
Process crash via uncaught C++ exception in NanaZip's .NET single-file bundle handler affects all versions prior to 6.5.1749.0 on Windows. The extraction buffer is sized from the bundle entry's Size field, which is validated only for sign - not against the actual file content - allowing a crafted archive to trigger an attacker-controlled allocation whose resulting std::bad_alloc or std::length_error propagates across the COM STDMETHODCALLTYPE ABI boundary and terminates the NanaZip process. Impact is limited to denial of service; no public exploit has been identified at time of analysis, and the vendor has released a fix in version 6.5.1749.0.
NULL pointer dereference in NanaZip's custom archive handlers crashes the application when a user tests or extracts archives of seven specific formats. All NanaZip versions prior to 6.5.1749.0 are affected; the seven vulnerable handlers cover WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive types. Impact is limited to a process crash (denial of service) with no confidentiality or integrity consequence; no public exploit or active exploitation has been identified at time of analysis.
Memory exhaustion in NanaZip's WebAssembly archive handler (prior to 6.5.1749.0) allows a crafted .wasm file to trigger multi-gigabyte heap allocations by supplying oversized 32-bit NameSize or Information.Size fields that are consumed without bounds validation in NanaZip.Codecs.Archive.WebAssembly.cpp. When a user opens or lists such an archive, NanaZip attempts to satisfy the inflated allocations via std::string or std::vector paths, exhausting process memory and causing a crash. No active exploitation or public exploit code has been identified at time of analysis; the impact is strictly limited to NanaZip process availability with no confidentiality or integrity consequence.
Denial of service in the Excelize Go library (github.com/xuri/excelize/v2, a.k.a. qax-os/excelize) before 2.11.0 allows remote attackers to crash any service that opens attacker-supplied XLSX files and reads cell values. The checkSheet() function trusts the <row r="N"> XML attribute as an allocation length, enabling either a ~16 GB out-of-memory kill (r=2147483647) or a runtime panic from negative-index slicing (r=-1). No authentication is required; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Panic-triggering denial of service in the Excelize Go library (all versions prior to 2.11.0) allows any actor who can supply a crafted XLSX file to crash the consuming application. The root cause is an integer bounds check that validates only the upper bound of shared-string indices, permitting a cell value of -1 to reach a slice-index operation as a negative integer and cause a Go runtime panic in `GetCellValue` or `GetRows`. No active exploitation has been identified at time of analysis, but the attack is trivially constructable and requires no privileges if the target application exposes XLSX processing to untrusted input.
Uncontrolled memory and CPU consumption in Excelize (qax-os/excelize), the widely used Go library for reading and writing Microsoft Excel spreadsheets, before version 2.11.0 lets a crafted XLSX file trigger a denial of service. The streaming worksheet reader behind the Rows and GetRows APIs fails to enforce the TotalRows (1,048,576) limit on the row 'r' attribute, so a tiny file declaring an out-of-range row index with no cell coordinate forces GetRows to allocate empty rows up to that attacker-chosen index. No public exploit identified at time of analysis, but the trigger is trivial to construct and the fix is confined to a single validation check.
Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the `processes` table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a maliciously crafted binary and having the authenticode table query it, triggering a heap out-of-bounds write in the getOriginalProgramName publisher-parsing routine. The flaw is a CWE-122 heap buffer overflow reachable whenever osquery (typically running as SYSTEM) evaluates authenticode publisher metadata against attacker-controlled files. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.
Open redirect bypass in openrun prior to v0.17.7 allows remote unauthenticated attackers to redirect victims to arbitrary external URLs by exploiting a double-slash path prefix that evades the application's host/scheme validation. The referrer-based redirect logic correctly validates the host and scheme but passes the extracted path `//attacker.com` to the Location header, which browsers interpret as a protocol-relative URL and resolve to an external destination. A proof-of-concept is publicly documented in the security advisory; no active exploitation has been confirmed by CISA KEV at time of analysis.
OS command injection in the wnx/laravel-backup-restore Composer package (fixed in v1.9.4) allows an attacker who can get a malicious backup archive restored to run arbitrary shell commands as the Laravel application user. The restore workflow interpolates an unescaped ZIP entry filename from the db-dumps directory directly into shell command strings (mysql, psql, sqlite3, gunzip) executed via Symfony Process::fromShellCommandline(), so shell metacharacters in the filename are interpreted by /bin/sh. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the flaw is trivially exploitable once a crafted archive reaches the restore path.
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to interception and manipulation by a network-adjacent attacker. The flaw (CWE-295) enables a man-in-the-middle position to defeat the agent's TLS/certificate trust chain, allowing an adversary to read or alter traffic that the iOS client believes is securely tunneled. Exploitation is limited to iOS deployments - the Windows, macOS, Linux, Android, and ChromeOS agents are confirmed unaffected. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog.
Multiple protection mechanism failures in the Data Loss Prevention (DLP) component of Palo Alto Networks Prisma Access Agent for Windows enable a local authenticated user to bypass DLP policy enforcement controls. Only the Windows platform is affected; the Prisma Access Agent for macOS is explicitly excluded per vendor advisory. No public exploit code or active exploitation has been identified at time of analysis, though the CVSS 4.0 supplemental urgency rating of Amber and high confidentiality/integrity impact on the vulnerable system make this a meaningful insider threat risk.
Authentication bypass in the MERCURY MIPC252W IP camera (firmware v1.0.5 Build 230306 Rel.79931n) lets an attacker on the same local network replay a captured RTSP Digest authentication exchange to view the live video feed without knowing the device credentials. The root cause is that the RTSP server never expires or invalidates authentication nonces, so a sniffed nonce/response pair remains valid on new connections indefinitely. No public exploit is identified at time of analysis and EPSS is low (0.19%), but the barrier to abuse is minimal for anyone already positioned on the LAN.
Authentication bypass in n8n's external identity resolution lets an attacker impersonate other users when the instance trusts more than one token-exchange issuer. Affecting n8n before 2.27.4 and version 2.28.0, the flaw stems from resolving federated identities using only the JWT sub claim while ignoring the iss claim, so a valid token from one trusted issuer whose sub matches a victim registered under a different issuer grants full access to that victim's account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the authentication-level impact (VC:H/VI:H) makes it a meaningful account-takeover risk for multi-issuer SSO deployments.
Local privilege escalation in Xen's Windows PV (paravirtualized) drivers arises because the XenBus interface (CVE-2025-27464) is exposed to userspace with no security descriptor, leaving it fully accessible to any unprivileged user on a Windows guest. Because XenBus mediates communication between the guest and the hypervisor's device backend, an unprivileged local user can abuse this open interface to gain elevated privileges and potentially impact the guest and the virtualization layer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it is documented in Xen Security Advisory XSA-468.
Local privilege escalation in Xen's Windows PV (paravirtualized) drivers arises because the XenIface interface is exposed to userspace with no security descriptor, leaving it fully accessible to unprivileged users. Any low-privileged local user on an affected Windows guest can interact with this facility to gain elevated control over the system. This is one of three sibling issues (alongside CVE-2025-27462 XenCons and CVE-2025-27464 XenBus) disclosed in Xen Security Advisory XSA-468; no public exploit has been identified at time of analysis.
Local privilege escalation in the Xen Windows PV Drivers (the XenCons paravirtualized console interface) lets any unprivileged user of a Windows guest reach a device object that ships with no security descriptor, so its facilities are fully accessible to non-administrators. Successful abuse can yield full compromise of the guest with integrity, confidentiality and availability impact, and the vendor scores it critical (CVSS 4.0 base 9.4) with subsequent-system impact. There is no public exploit identified at time of analysis and it is not on CISA KEV. This is one of three related XSA-468 issues (XenCons/CVE-2025-27462, XenIface/CVE-2025-27463, XenBus/CVE-2025-27464).
Server-side request forgery (and cross-scheme local file disclosure) in the Ruby css_parser gem (all versions prior to 3.0.0) lets an attacker who can land a single @import url(...) rule in parsed CSS force the server to issue arbitrary HTTP/HTTPS GETs to any internal host, port or IP, and — via an attacker-controlled 302 redirect to a file:// URI — read local files. Premailer-style consumers that re-emit the parsed CSS into rendered HTML/email leak any CSS-shaped response bytes back to the attacker, turning this into a data-exfiltration channel rather than a blind SSRF. No public CVSS is published and it is not in CISA KEV, but a complete working proof-of-concept (poc.rb) is included in the advisory, so publicly available exploit code exists.
Predictable SSH credential generation in Cloud Foundry's bosh-windows-stemcell-builder (versions prior to v2019.98) lets attackers brute-force the SSH login on TCP/22 because the GenerateRandomPassword function relies on a cryptographically weak random number generator, drastically shrinking the effective password keyspace. Any Windows stemcell built with an affected release ships with a guessable administrative password, so an attacker who can reach port 22 of a deployed VM can recover interactive access and full control. No public exploit code has been identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in BOSH-Ecosystem bosh-windows-stemcell-builder (versions prior to v2019.98) lets a low-privilege authenticated Windows user overwrite the BOSH agent executables at C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, which then run as NT AUTHORITY\SYSTEM on the next service restart or reboot, yielding full host control. The weakness stems from overly permissive filesystem ACLs applied by BOSH.Utils.psm1 when the stemcell is built. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Sandbox escape in Google Chrome on Windows prior to 150.0.7871.115 allows an attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page, chaining a codec input-validation flaw into higher-privileged host-process compromise. The bug is rated High by Chromium and carries a CVSS 8.3 with a scope-changing vector reflecting the sandbox-boundary crossing. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sandbox escape in Google Chrome's Core component on Windows (versions prior to 150.0.7871.115) lets an attacker who has already compromised the renderer process break out of the sandbox and reach the higher-privileged browser process via a crafted HTML page. The flaw is a CWE-416 use-after-free rated High by Chromium and CVSS 8.3, with a scope change reflecting the renderer-to-browser boundary crossing. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but as the second stage of a browser exploit chain it is a meaningful patch priority.
Security feature bypass in Microsoft Edge (Chromium-based) allows a remote, unauthenticated attacker to circumvent a browser security control over the network when a user is lured into interacting with attacker-controlled content. The scope-changing CVSS 8.2 vector and high confidentiality impact suggest the bypass can expose sensitive information beyond the browser's normal security boundary. Reported by Microsoft's own security team; no public exploit identified at time of analysis.
OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.
Command injection in yt-dlp and youtube-dl before 2026.7.4 lets a malicious video/webpage host smuggle attacker-controlled data into shortcut files generated by the --write-link, --write-url-link, and --write-desktop-link options. Because webpage_url and filename metadata are written to .url/.desktop files without validation or escaping, an attacker can inject a file:// URI on Windows or a newline-based Desktop Entry key on Linux that runs commands when the victim later opens the generated shortcut. No public exploit identified at time of analysis; EPSS is modest at 0.55% and CISA SSVC records exploitation as none, but technical impact is rated total.
Local privilege escalation in Omnissa Workspace ONE Tunnel for Windows lets an authenticated low-privileged local user abuse a path-traversal weakness (CWE-22) to gain higher (likely SYSTEM) privileges on the endpoint. The flaw affects the Windows Tunnel client used for per-app VPN in Workspace ONE managed fleets; no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is high across confidentiality, integrity, and availability, but exploitation is confined to attackers who already have a local foothold on the machine.
Memory corruption in the OpenSSH client (ssh) before 10.4 lets a malicious or compromised SSH server trigger a use-after-free on the connecting client by changing its host key during a key re-exchange (rekey), potentially leading to information disclosure or code execution in the client process. Only the client side is affected; the server is not vulnerable. There is no public exploit identified at time of analysis and it is not on CISA KEV, and EPSS is low (0.25%, 16th percentile), but the flaw is fixed in OpenSSH 10.4/10.4p1.
OpenSSH sshd before version 10.4 silently ignores the GSSAPIStrictAcceptorCheck configuration directive when the server is integrated with Windows Active Directory, defeating a security control that administrators rely on to enforce GSSAPI acceptor name validation during Kerberos-based SSH authentication. This undocumented behavior means AD-joined SSH servers may accept GSSAPI authentications against unintended Kerberos service principals regardless of how the option is configured, yielding limited confidentiality and integrity impact. No public exploits or active exploitation have been identified; the CVSS AC:H rating reflects the specific environmental prerequisites required for exploitation.
Path traversal in Goploy's `/deploy/fileDiff` endpoint (versions <=1.17.5) enables any authenticated low-privilege member to read arbitrary files on both the Goploy host and every SFTP-managed remote server registered in the system. The dual file read returns local content in the `srcText` response field and remote server content in `distText`, multiplying the blast radius across all managed deployment targets. Publicly available exploit code exists per the GitHub Security Advisory; this is not listed in CISA KEV, but exploitation conditions are trivially met under default Goploy configuration.
Single-use authorization-code enforcement can be bypassed under concurrency in the better-auth OAuth provider (@better-auth/oauth-provider 1.6.0 through 1.6.10, the embedded plugin in better-auth 1.4.8-beta.7 through 1.6.10, and the legacy oidc-provider and mcp plugins). Because the POST /oauth2/token authorization_code grant redeems the code via a non-atomic find-then-delete, two concurrent requests carrying the same code both pass the read step and each mint a fresh access, refresh, and id token for the original user's scope. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor rates it CVSS 4.0 7.6 (High) with high confidentiality and integrity impact.
Pre-account-hijacking in the better-auth Node/TypeScript authentication library (versions < 1.6.11 on the stable line and all current `next` pre-releases) lets an unauthenticated attacker seize a victim's account by pre-registering the victim's email via `/sign-up/email`, then having the victim's later OAuth/SSO sign-in implicitly linked to the attacker's row. The result is a single account the attacker controls with a working password login plus the victim's OAuth identity, and the link-time verification flip defeats `requireEmailVerification: true`. No public exploit identified at time of analysis; not listed in CISA KEV, though the flaw is the same class as Microsoft nOAuth (2023) and the Sign in with Apple JWT flaw (2020).
Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg).
Missing authentication in Esri Portal for ArcGIS 12.1 and earlier (Windows, Linux, and Kubernetes deployments) exposes a critical API endpoint that a remote, unauthenticated attacker can reach directly, bypassing access controls to interact with functionality that should require an authenticated session. Esri rates this critical (CVSS 9.8) and disclosed it in its June 2026 ArcGIS security bulletin; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because the exposed function is an administrative/portal API reachable over the network with no credentials, successful access could lead to disclosure or manipulation of portal content and configuration.
Account takeover in Esri Portal for ArcGIS 12.1 and earlier (Windows, Linux, and Kubernetes) stems from a weak forgotten-password recovery mechanism (CWE-640) that a remote, unauthenticated attacker can manipulate to assume ownership of another user's account. The flaw carries a CVSS 9.8 rating because it is network-reachable with no authentication or user interaction, yielding full compromise of confidentiality, integrity, and availability of the targeted account. There is no public exploit identified at time of analysis and EPSS is low (0.22%, 13th percentile), and CISA's SSVC framework records exploitation as none, indicating no observed in-the-wild activity despite the critical score.
Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.
{from}/sendMail path segment, rewriting both path and query string of the outbound request. No public exploit has been identified at time of analysis; a vendor-released patch is available in version 1.26.3.
Untrusted JMS deserialization in Apache Camel's JMS-family components (camel-jms, camel-sjms, camel-sjms2, camel-amqp, camel-activemq, camel-activemq6) lets an attacker who can publish an ObjectMessage to a consumed queue or topic inject arbitrary Exchange state - body, IN/OUT headers, properties, variables, exchange id and exception - into a Camel route. It affects 3.0.0 through 4.14.7, 4.15.0 through 4.18.2, and 4.19.0 through 4.20.x when mapJmsMessage (the default) is enabled and Camel acts as a JMS consumer. This is a bypass of the earlier CVE-2026-40860 hardening, requires no gadget chain (only java.lang/java.util types), carries CVSS 7.3, and has no public exploit identified at time of analysis (EPSS 0.18%).
Confused-deputy operation redirection in the Apache Camel camel-cxf SOAP component (versions 4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets an attacker steer which backend SOAP operation gets invoked. Because the operationName / operationNamespace selection headers lacked the Camel/camel prefix, HttpHeaderFilterStrategy failed to strip them at the HTTP boundary, so in any route bridging an HTTP consumer (e.g. platform-http) into a cxf: producer, an HTTP client could inject these headers and force CxfProducer to call a different WSDL operation than intended - for example swapping a read for a destructive write. No public exploit is identified at time of analysis, EPSS is low (0.15%), and it is not in CISA KEV.
Query injection and authorization bypass in the Apache Camel Lucene component (camel-lucene) lets remote unauthenticated HTTP clients override the full-text search a route intends to run. Because the raw header names QUERY and RETURN_LUCENE_DOCS lack the Camel/camel prefix, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so an attacker-supplied header flows straight into the Exchange and executes against the index - enabling disclosure of documents the requester should not see (e.g. a match-all query dumping the whole index) and CPU-heavy regex queries. Affects 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x; no public exploit identified at time of analysis, and EPSS is low (0.16%, 6th percentile).
Header injection in Apache Camel Mail Component enables attackers to override SMTP JavaMail session properties by supplying crafted headers in the mail.smtp./ mail.smtps. namespace through any untrusted inbound protocol - including HTTP query parameters, JMS, or Kafka - that feeds into a Camel route terminating at an SMTP producer. On releases before 4.19.0, the most severe impact is full SMTP host redirection: the producer reconnects to an attacker-controlled server and authenticates with the endpoint's configured credentials, resulting in credential theft. On 4.19.0 through pre-4.21.0, host redirection is blocked, but attackers can still weaken transport security (disabling STARTTLS, manipulating SSL trust, or injecting a SOCKS proxy) and intercept outgoing mail content. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Header injection in the Apache Camel camel-nats component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) allows any NATS client that can publish to a consumed subject to inject arbitrary Camel-internal control headers into the Exchange because the consumer's default DefaultHeaderFilterStrategy has no inbound filter rules. An attacker can override headers such as CamelHttpUri, CamelFileName, or CamelSqlQuery to redirect HTTP producers, rename files, or alter queries in downstream route steps. No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile) and CISA SSVC lists exploitation as none, but the flaw is remotely reachable without credentials when the NATS server runs with its default (no-auth) configuration.
Unauthenticated Camel control-header injection in Apache Camel's camel-cometd component (4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets any client that completes a Bayeux/CometD handshake inject internal headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName into the Camel Exchange, hijacking the behaviour of downstream producers. Because a CometdComponent installs no Bayeux SecurityPolicy by default, no authentication is required (PR:N), and the injected headers survive internal direct/seda/vm hops. Reported by Apache with a fix in 4.21.0; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (9th percentile).
Authorization bypass in Apache Camel's camel-elasticsearch-rest-client component allows unauthenticated remote attackers to override Elasticsearch query operations by injecting HTTP headers. Because the component uses unprefixed header constants ('SEARCH_QUERY', 'OPERATION', 'INDEX_NAME', 'INDEX_SETTINGS', 'ID') that are not blocked by Camel's inbound HttpHeaderFilterStrategy - which filters only 'Camel'-prefixed names - any HTTP client reaching a Camel route that fronts an elasticsearch-rest-client producer can substitute their own query body, operation type, or target index. Practical outcomes include full index enumeration via match_all, targeted document deletion, and field-level data exfiltration. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the attack requires no credentials and is trivially reproducible from the description alone.
Argument injection and directory traversal in Apache Camel's camel-docling component (4.15.0 before 4.18.3) let attackers who can influence the CamelDoclingCustomArguments or path-bearing exchange headers inject unintended docling CLI flags and traversal-laden path values into the externally executed docling tool. Because the original DoclingProducer validation relied on a flag denylist and only rejected literal '../' sequences, crafted arguments could reach the subprocess and resolve files outside the intended directory, yielding high confidentiality and integrity impact but no OS command injection (ProcessBuilder uses the list form, so no shell interprets the values). There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; EPSS is low (0.79%, 52nd percentile).
Improper input validation (CWE-20) in the camel-aws2-sns component of Apache Camel stems from a missing inbound HeaderFilterStrategy rule on Sns2HeaderFilterStrategy, mirroring the flaw fixed in the sibling camel-aws2-sqs component (CVE-2026-46456). However, camel-aws2-sns is producer-only - Sns2Endpoint throws UnsupportedOperationException on createConsumer - so no externally-supplied SNS message attributes are ever mapped inbound into a Camel Exchange, leaving the missing filter rule unreachable by any attacker. Despite the NVD CVSS 9.8 rating, the vendor explicitly classifies this as a defense-in-depth alignment with no known exploit path, and EPSS scores it at just 0.16% (6th percentile); no public exploit identified at time of analysis.
Camel-internal control header injection in the Apache Camel AWS2-SQS component (camel-aws2-sqs) lets any principal holding sqs:SendMessage on a consumed SQS queue override downstream producer behaviour in a route. Because Sqs2HeaderFilterStrategy defined only an outbound filter and no inbound filter, DefaultHeaderFilterStrategy copied sender-supplied attributes such as CamelHttpUri, CamelFileName and CamelSqlQuery verbatim into the Exchange, so an attacker can redirect HTTP producers, rename files or override SQL queries. This is a design flaw with no public exploit identified at time of analysis; EPSS is low (0.16%, 6th percentile) and it is not on CISA KEV.
Server-side request forgery and secret disclosure in the Apache Camel camel-iggy consumer (versions 4.17.0-4.18.2 and 4.19.0-4.20.x) allow an actor able to publish to a consumed Iggy stream to inject Camel control headers such as CamelHttpUri into the Exchange. When the consumer feeds a downstream HTTP producer, the attacker redirects the server-side request to internal services or cloud metadata endpoints, and because the producer resolves Camel property placeholders on the attacker-controlled URI, environment variables, application properties, and vault secrets are exfiltrated. No public exploit identified at time of analysis, and EPSS is low (0.15%), but the confidentiality impact is rated High.
Server-side request forgery and secret disclosure in Apache Camel's camel-atmosphere-websocket component allow a remote attacker to hijack downstream server-side HTTP requests by injecting Camel control headers as WebSocket query parameters. Affecting Camel 4.0.0-4.14.7, 4.15.0-4.18.2 and 4.19.0-4.20.x, the flaw lets an attacker set CamelHttpUri to redirect internal HTTP calls (e.g., to cloud metadata endpoints) and force resolution of Camel property placeholders, leaking environment variables, application properties and vault secrets. Where the WebSocket endpoint is exposed without authentication the issue is unauthenticated (CVSS 7.5); there is no public exploit identified at time of analysis and EPSS is low (0.24%).
Header injection in Apache Camel's camel-salesforce component allows any HTTP client to override SOQL queries, SOSL searches, Salesforce object targets, and Apex REST endpoints by setting non-Camel-prefixed Exchange headers that the framework's HttpHeaderFilterStrategy fails to block. Routes that bridge an HTTP consumer (such as platform-http) into a salesforce: producer are the attack surface; when that HTTP consumer is unauthenticated, exploitation requires zero attacker credentials. All injected operations execute under the configured Salesforce integration user's permissions, which are typically broad, enabling unauthorized data exfiltration or destructive CRUD and Apex calls across the organization's Salesforce instance. No public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Header injection in Apache Camel's camel-kafka component allows HTTP clients to redirect Kafka messages to arbitrary topics in routes that bridge an HTTP consumer into a Kafka producer. The kafka.OVERRIDE_TOPIC, kafka.OVERRIDE_TIMESTAMP, and kafka.PARTITION_KEY Exchange header constants used non-CamelKafka-prefixed names, causing them to bypass HttpHeaderFilterStrategy - which blocks only the Camel/camel namespace - while remaining readable by KafkaProducer.evaluateTopic() as authoritative control directives. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but when the HTTP ingress is unauthenticated the attack requires only a standard HTTP client and a known Kafka topic name.
Header injection in Apache Camel's camel-irc component enables unauthenticated HTTP clients to redirect outgoing IRC messages to attacker-chosen channels or users by supplying non-Camel-prefixed headers (e.g., irc.sendTo) that Camel's HttpHeaderFilterStrategy fails to block. Affected versions span 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x; fixes are available in 4.14.8, 4.18.3, and 4.21.0. No public exploit code or CISA KEV listing exists at time of analysis, but the attack requires no credentials when the bridging HTTP consumer is unauthenticated, making it trivially reproducible against any qualifying deployment.
Routing header injection in Apache Camel's camel-dapr component allows any actor with publish access to a subscribed Dapr Pub/Sub topic to redirect or exfiltrate re-published messages to an arbitrary Dapr Pub/Sub component and topic. The flaw exists in routes that both consume and republish via Dapr - specifically, DaprPubSubConsumer blindly copies attacker-controlled CloudEvent fields (pub/sub-name and topic) into producer-direction routing headers (CamelDaprPubSubName and CamelDaprTopic), which DaprConfigurationOptionsProxy then prefers over the route's configured endpoint destination. No public exploit code or CISA KEV listing exists at time of analysis, but exploitation is mechanically straightforward for any publisher on the subscribed topic.
Authorization bypass in Apache Camel's camel-jira component (versions 4.0.0 through pre-4.21.0) allows unauthenticated HTTP clients - in routes that bridge an HTTP consumer to a jira: producer - to drive arbitrary JIRA issue operations using the endpoint's configured service-account credentials, including deleting or transitioning issues, creating issues in unauthorized projects, modifying fields, and manipulating watchers. The root cause is that JIRA control header constants (IssueKey, ProjectKey, IssueTransitionId, linkType, and others) use non-Camel-prefixed string values, bypassing the HttpHeaderFilterStrategy which only guards the 'Camel/'/'camel' header namespace at the HTTP boundary. Fixes are confirmed in 4.14.8, 4.18.3, and 4.21.0; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Server-side request forgery in the Apache Camel camel-dns component lets any HTTP client control DNS lookups when a route bridges an HTTP consumer (e.g. platform-http) into a dns: producer. Because the dns.server, dns.name, dns.domain, dns.type, dns.class and term headers lack the Camel/camel prefix, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so an attacker can point the resolver at an attacker-controlled DNS server and enumerate internal hostnames. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2 and 4.19.0-4.20.x; no public exploit identified at time of analysis, and EPSS is low (0.15%), but SSVC rates the flaw automatable with total technical impact.
Unauthenticated NoSQL operation hijacking in Apache Camel's camel-mongodb-gridfs component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) lets a remote HTTP client override the intended GridFS operation and inject MongoDB query documents. When a route bridges an HTTP consumer such as platform-http into a mongodb-gridfs: producer that has no explicit operation set (the default), the raw gridfs.operation, gridfs.objectid and gridfs.metadata headers pass through the HTTP header filter because they lack the Camel/camel prefix, allowing an attacker to turn an intended upload into remove, listAll, or findOne and to inject NoSQL operators. There is no public exploit identified at time of analysis and EPSS is low (0.16%), but CVSS is 9.8 and SSVC rates technical impact as total and automatable.
Server-side request forgery and parameter/field injection in the Apache Camel camel-solr component (versions 4.0.0 through 4.14.7, 4.15.0 through 4.18.2, and 4.19.0 through 4.20.x) allow remote attackers to hijack Solr requests issued by a Camel route. Because the SolrParam. and SolrField. header prefixes lack the Camel/camel namespace, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so any client hitting a route that bridges an HTTP consumer (e.g. platform-http) into a solr: producer can inject arbitrary Solr parameters - notably shards or stream.url to force the Solr server into attacker-chosen outbound requests (internal services, cloud metadata endpoints), or qt to reach admin handlers - and inject arbitrary indexed-document fields. Rated CVSS 9.1; there is no public exploit identified at time of analysis and EPSS is low (0.18%), but SSVC marks the flaw as automatable with total technical impact.
Server-side request forgery and secret disclosure in Apache Camel's camel-vertx-websocket component (versions 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x) let a WebSocket client inject Camel-internal control headers such as CamelHttpUri because inbound query/path parameters are copied into the Exchange header map without a HeaderFilterStrategy. In routes that bridge the WebSocket consumer into a downstream HTTP producer, an attacker can redirect the server-side HTTP request to internal services or cloud metadata endpoints, and because the HTTP producer resolves Camel property placeholders on the attacker-supplied URI, environment variables, application properties, and vault secrets are resolved and exfiltrated. When the WebSocket endpoint is exposed without authentication (PR:N per CVSS), this is reachable by an unauthenticated remote attacker; there is no public exploit identified at time of analysis, and EPSS is low at 0.24%.
Local privilege escalation in Unity Parsec for Windows (all builds through v2026-05-04.0) lets an unprivileged local user coerce an instance of parsecd.exe to run as NT AUTHORITY\SYSTEM while honoring a user-controlled AppData environment variable, allowing the attacker to redirect the privileged process to resources under their control and gain SYSTEM. The flaw is a CWE-648 misuse of privileged APIs; publicly available exploit code exists (a dedicated CVE GitHub repository and a researcher write-up), and it is fixed in Parsec for Windows 150-104a. It is not listed in CISA KEV and no EPSS score was supplied, so there is no evidence of widespread active exploitation.
Security feature bypass in Microsoft Edge for Android exposes high-confidentiality data to unauthenticated network attackers who can induce user interaction. The vulnerability stems from improper access control (CWE-284) in the Chromium-based mobile browser, allowing an attacker to circumvent a security boundary and access protected information without credentials. No active exploitation is confirmed (CISA KEV absent, temporal metric E:U), and a vendor patch is available via MSRC, making this a patch-priority item rather than an emergency response.
Information disclosure in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based attackers to expose sensitive browser data through a use-after-resource condition (CWE-672). Exploitation requires user interaction and high attack complexity, but the changed scope (S:C) indicates the flaw breaches browser isolation boundaries, yielding high confidentiality impact. No public exploit or active exploitation has been identified at time of analysis; vendor patch is available from Microsoft MSRC.
Spoofing in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 allows a remote unauthenticated attacker to present deceptive browser UI to a victim user, resulting in high-confidentiality-impact information disclosure. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms exploitation is network-delivered and requires only a single user interaction, consistent with a classic UI-spoofing or URL-spoofing class of flaw. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; a vendor-released patch is available.
Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) before version 150.0.4078.48 enables network-based spoofing attacks against users who interact with adversary-controlled content. Per the CVSS vector (PR:N, UI:R), an unauthenticated remote attacker can exploit this flaw without any privileges, but requires the victim to interact with the browser during the attack. No public exploit identified at time of analysis; the Medium CVSS score of 4.3 and confidentiality-only impact (C:L) reflect a bounded but real risk primarily useful for phishing, credential harvesting, or identity spoofing scenarios.
Cross-site scripting in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based spoofing attacks against users who interact with attacker-controlled content. The flaw stems from improper input neutralization during web page generation (CWE-79), allowing injected scripts to execute within the browser's context and manipulate rendered content. No public exploit code or active exploitation has been identified at time of analysis, and Microsoft has released a patch addressing the issue.
Absolute path traversal in Microsoft Edge for Android (Chromium-based) prior to version 150.0.4078.48 enables local, unauthenticated information disclosure by allowing crafted paths to escape the application's intended directory scope. The CVSS vector (AV:L/C:H/I:N/A:N) confirms the impact is limited to confidentiality loss on the local device, with no integrity or availability consequences. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Cross-site scripting in Microsoft Edge (Chromium-based) before version 150.0.4078.48 lets a remote attacker trick a victim into rendering attacker-controlled script that spoofs UI or content over the network. Because the CVSS scope is changed (S:C) and user interaction is required (UI:R), a lured user visiting or interacting with a malicious page can be deceived into trusting forged content, undermining browser security-context integrity. Reported by Microsoft with a vendor patch available; EPSS is low (0.28%, 20th percentile) and no public exploit identified at time of analysis.
Information disclosure in Microsoft Edge for Android (Chromium-based) allows a network-based attacker to expose a victim's private personal information, but only after luring the user into interacting with attacker-controlled content (UI:R). The flaw carries a CVSS 7.1 rating driven by high confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor patch is available via Microsoft's MSRC update guide.
Information disclosure in Microsoft Edge for Android allows a remote unauthenticated attacker to exfiltrate private personal information over the network when a victim interacts with attacker-controlled content. The flaw carries a CVSS 7.1 with high confidentiality impact and stems from private data being exposed to an unauthorized actor (CWE-359); Microsoft has released a fix. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Security-feature bypass in Microsoft Edge (Chromium-based) stems from a type-confusion (CWE-843) flaw that a remote, unauthenticated attacker can trigger over the network to defeat a browser security boundary. Microsoft has published a fix via its Update Guide (CVE-2026-58295), and the issue carries a CVSS 8.3 with a scope change reflecting the crossed trust boundary. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthorized, remote attacker can trigger to run arbitrary code. Exploitation requires the victim to interact with attacker-controlled web content, and the CVSS 3.1 vector marks high attack complexity (AC:H) despite requiring no privileges (PR:N). Microsoft has released a fix; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Remote code execution in Microsoft Edge (Chromium-based) before version 150.0.4078.48 lets an unauthorized attacker run arbitrary code when a victim is lured to interact with attacker-controlled content, stemming from external control of a file name or path (CWE-73). The flaw is network-reachable but non-trivial to exploit, requiring user interaction and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patched build, and EPSS estimates a low 0.53% exploitation probability with SSVC reporting no observed exploitation.
Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated attacker run code on a victim's machine when the user is lured into interacting with attacker-controlled web content. The flaw stems from improper input validation (CWE-20) and, per its CVSS scope-change metric, is consistent with a renderer/sandbox boundary escape. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a fix.
Remote code execution in Microsoft Edge (Chromium-based) stems from a type confusion flaw (CWE-843) that an unauthorized attacker can trigger over the network to run arbitrary code, provided the victim interacts with attacker-controlled web content. Microsoft self-reported and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (AC:H) and required user interaction (UI:R) temper an otherwise network-reachable, unauthenticated attack surface.
Remote code execution in Microsoft Edge (Chromium-based) before 150.0.4078.48 allows an unauthenticated attacker to run arbitrary code when a victim is lured to a malicious web page, via a type-confusion flaw (CWE-843) in the browser engine. The CVSS:3.1 score is 8.3 with a scope change (S:C), indicating a likely sandbox/renderer boundary escape, though exploitation carries high attack complexity and requires user interaction. There is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none, with EPSS at 0.53% (41st percentile).
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthenticated, network-based attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact — typically by visiting a malicious or compromised web page — and the CVSS 3.1 score of 8.3 reflects high attack complexity plus a scope change consistent with a renderer sandbox escape. There is no public exploit identified at time of analysis and no CISA KEV listing, though the underlying Chromium engine origin (tags reference Google) means a shared upstream root cause across Chromium browsers is likely.
Spoofing in Microsoft Edge (Chromium-based) lets a remote, unauthenticated attacker misrepresent trusted UI or content to a victim by abusing improper access control (CWE-284), per Microsoft's own advisory (MSRC CVE-2026-58286). The high CVSS 8.1 is driven by a scope-changed impact (S:C) with high integrity effect, though the AC:H rating signals the attack is not trivially reliable. Currently there is no public exploit identified at time of analysis and no CISA KEV listing, so this is a proactively-patched issue rather than one under active exploitation.
Remote code execution in Microsoft Edge (Chromium-based) via a type-confusion flaw (CWE-843) lets an unauthorized attacker run arbitrary code when a victim is lured to malicious web content. The CVSS 3.1 base score is 8.3 with a scope change, reflecting a likely renderer-to-sandbox impact, but exploitation requires user interaction and has high attack complexity. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available via Microsoft's MSRC update guide.
Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to break out of the browser's security boundary and run arbitrary code when a victim is lured to malicious web content. Rooted in an improper authorization flaw (CWE-285) with a scope-changing CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C), exploitation requires user interaction and high attack complexity. No public exploit identified at time of analysis, and it is not listed in CISA KEV, so exploitation is currently theoretical rather than observed.
Server-side request forgery in Microsoft Edge (Chromium-based) versions before 150.0.4078.48 enables unauthenticated remote attackers to perform network spoofing by inducing the browser to issue forged requests on behalf of a victim. The attack requires user interaction - a victim must visit or interact with attacker-controlled content - after which the browser can be coerced into making unauthorized requests that manipulate resource integrity or availability. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; a vendor-released patch is available.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that an unauthorized network attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact with attacker-controlled content (UI:R) and involves high attack complexity (AC:H), so a user must be lured to a malicious or compromised page. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a fix.
Information disclosure in Microsoft Edge (Chromium-based) lets a remote attacker read sensitive data by abusing improper symbolic/link resolution (CWE-59) when a victim interacts with attacker-controlled content. Exploitation requires user interaction (UI:R) but no authentication (PR:N), and the scope-changed impact (S:C) indicates data is exposed beyond the browser's own security boundary. Microsoft has released a fix; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory-corruption bug (CWE-416) that an unauthorized attacker can trigger over the network to run arbitrary code in the browser's context. Exploitation requires the victim to interact with attacker-controlled web content and the CVSS vector flags high attack complexity, so successful attacks are not trivial. There is no public exploit identified at time of analysis and no CISA KEV listing, but a vendor patch is available from Microsoft.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that lets an unauthenticated attacker run arbitrary code when a victim visits a malicious web page. All Edge Chromium versions prior to the vendor-patched build are affected, and the CVSS 3.1 base score is 8.8 (High). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires user interaction such as browsing to attacker-controlled content.
Spoofing in Microsoft Edge (Chromium-based) arises from a cross-site scripting (CWE-79) flaw that lets a network-based, unauthenticated attacker inject script into a generated web page, producing a convincing spoofed browser context after the victim interacts with malicious content. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R, C:L/I:H) reflects a high-integrity spoofing impact gated only by user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.
Remote code execution in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to run arbitrary code by luring a victim to a malicious web page that triggers an integer overflow (CWE-190). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R) indicates network-based exploitation requiring user interaction, with high confidentiality, integrity, and availability impact. Microsoft has released a fix; no public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV.
UI misrepresentation in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based spoofing attacks against users who interact with attacker-controlled web content. The browser fails to accurately present critical security information - such as origin indicators, security status, or authentication prompts - allowing an unauthenticated remote attacker to deceive victims into believing they are interacting with a trusted source. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and a vendor patch is available.
Relative path traversal in Microsoft Edge for Android (Chromium-based) before version 150.0.4078.48 permits a local, unprivileged attacker to read sensitive files outside the application's intended directory scope, achieving high confidentiality impact with minor integrity exposure. The flaw (CWE-23) stems from insufficient sanitization of relative path sequences in Edge's Android file-handling logic. No public exploit code or active exploitation has been identified at time of analysis, though a vendor patch is available and should be prioritized given the high confidentiality impact rating.
Remote code execution in Microsoft Edge for Android (Chromium-based) arises from a time-of-check to time-of-use (TOCTOU) race condition that an unauthenticated network attacker can win to run arbitrary code, though success requires the victim to interact (UI:R) and the timing window makes exploitation high-complexity. Microsoft (self-reported) has shipped an official fix, and the temporal signals (E:U, RC:C) indicate no public exploit identified at time of analysis despite confirmed technical validity. The flaw is credited to Microsoft/Google collaboration and tagged as an authentication-bypass-class issue.
Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.
Privilege escalation in ZITADEL identity platform (before 4.15.3) allows an attacker holding a low-privilege OAuth2 token to exchange it for elevated permissions at a different application, because the token-exchange endpoint fails to bind the subject token to the requesting client and does not constrain requested scopes to the original token's scopes. Any authenticated principal with a valid low-scope token can escalate laterally across relying applications; no public exploit is identified at time of analysis and it is not listed in CISA KEV. A vendor patch (4.15.3) and fixing commit are available.
Memory exhaustion in NanaZip's UFS/FFS archive handler (all versions prior to 6.5.1749.0) allows a local low-privilege attacker to terminate the NanaZip process by delivering a crafted disk image that a user opens. The root cause is missing upper-bound validation of the `fs_fsize` fragment size field in the UFS superblock - unlike `fs_bsize`, which is checked against MINBSIZE, `fs_fsize` flows unchecked into indirect-block, directory, and extraction buffer allocation calculations, enabling a tiny image file to trigger multi-gigabyte heap allocation requests. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.4 (Low) reflects the constrained local, user-interaction-required attack path with availability-only impact.
Process crash via uncaught C++ exception in NanaZip's .NET single-file bundle handler affects all versions prior to 6.5.1749.0 on Windows. The extraction buffer is sized from the bundle entry's Size field, which is validated only for sign - not against the actual file content - allowing a crafted archive to trigger an attacker-controlled allocation whose resulting std::bad_alloc or std::length_error propagates across the COM STDMETHODCALLTYPE ABI boundary and terminates the NanaZip process. Impact is limited to denial of service; no public exploit has been identified at time of analysis, and the vendor has released a fix in version 6.5.1749.0.
NULL pointer dereference in NanaZip's custom archive handlers crashes the application when a user tests or extracts archives of seven specific formats. All NanaZip versions prior to 6.5.1749.0 are affected; the seven vulnerable handlers cover WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive types. Impact is limited to a process crash (denial of service) with no confidentiality or integrity consequence; no public exploit or active exploitation has been identified at time of analysis.
Memory exhaustion in NanaZip's WebAssembly archive handler (prior to 6.5.1749.0) allows a crafted .wasm file to trigger multi-gigabyte heap allocations by supplying oversized 32-bit NameSize or Information.Size fields that are consumed without bounds validation in NanaZip.Codecs.Archive.WebAssembly.cpp. When a user opens or lists such an archive, NanaZip attempts to satisfy the inflated allocations via std::string or std::vector paths, exhausting process memory and causing a crash. No active exploitation or public exploit code has been identified at time of analysis; the impact is strictly limited to NanaZip process availability with no confidentiality or integrity consequence.
Denial of service in the Excelize Go library (github.com/xuri/excelize/v2, a.k.a. qax-os/excelize) before 2.11.0 allows remote attackers to crash any service that opens attacker-supplied XLSX files and reads cell values. The checkSheet() function trusts the <row r="N"> XML attribute as an allocation length, enabling either a ~16 GB out-of-memory kill (r=2147483647) or a runtime panic from negative-index slicing (r=-1). No authentication is required; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Panic-triggering denial of service in the Excelize Go library (all versions prior to 2.11.0) allows any actor who can supply a crafted XLSX file to crash the consuming application. The root cause is an integer bounds check that validates only the upper bound of shared-string indices, permitting a cell value of -1 to reach a slice-index operation as a negative integer and cause a Go runtime panic in `GetCellValue` or `GetRows`. No active exploitation has been identified at time of analysis, but the attack is trivially constructable and requires no privileges if the target application exposes XLSX processing to untrusted input.
Uncontrolled memory and CPU consumption in Excelize (qax-os/excelize), the widely used Go library for reading and writing Microsoft Excel spreadsheets, before version 2.11.0 lets a crafted XLSX file trigger a denial of service. The streaming worksheet reader behind the Rows and GetRows APIs fails to enforce the TotalRows (1,048,576) limit on the row 'r' attribute, so a tiny file declaring an out-of-range row index with no cell coordinate forces GetRows to allocate empty rows up to that attacker-chosen index. No public exploit identified at time of analysis, but the trigger is trivial to construct and the fix is confined to a single validation check.
Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the `processes` table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a maliciously crafted binary and having the authenticode table query it, triggering a heap out-of-bounds write in the getOriginalProgramName publisher-parsing routine. The flaw is a CWE-122 heap buffer overflow reachable whenever osquery (typically running as SYSTEM) evaluates authenticode publisher metadata against attacker-controlled files. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.
Open redirect bypass in openrun prior to v0.17.7 allows remote unauthenticated attackers to redirect victims to arbitrary external URLs by exploiting a double-slash path prefix that evades the application's host/scheme validation. The referrer-based redirect logic correctly validates the host and scheme but passes the extracted path `//attacker.com` to the Location header, which browsers interpret as a protocol-relative URL and resolve to an external destination. A proof-of-concept is publicly documented in the security advisory; no active exploitation has been confirmed by CISA KEV at time of analysis.
OS command injection in the wnx/laravel-backup-restore Composer package (fixed in v1.9.4) allows an attacker who can get a malicious backup archive restored to run arbitrary shell commands as the Laravel application user. The restore workflow interpolates an unescaped ZIP entry filename from the db-dumps directory directly into shell command strings (mysql, psql, sqlite3, gunzip) executed via Symfony Process::fromShellCommandline(), so shell metacharacters in the filename are interpreted by /bin/sh. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the flaw is trivially exploitable once a crafted archive reaches the restore path.
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to interception and manipulation by a network-adjacent attacker. The flaw (CWE-295) enables a man-in-the-middle position to defeat the agent's TLS/certificate trust chain, allowing an adversary to read or alter traffic that the iOS client believes is securely tunneled. Exploitation is limited to iOS deployments - the Windows, macOS, Linux, Android, and ChromeOS agents are confirmed unaffected. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog.
Multiple protection mechanism failures in the Data Loss Prevention (DLP) component of Palo Alto Networks Prisma Access Agent for Windows enable a local authenticated user to bypass DLP policy enforcement controls. Only the Windows platform is affected; the Prisma Access Agent for macOS is explicitly excluded per vendor advisory. No public exploit code or active exploitation has been identified at time of analysis, though the CVSS 4.0 supplemental urgency rating of Amber and high confidentiality/integrity impact on the vulnerable system make this a meaningful insider threat risk.
Authentication bypass in the MERCURY MIPC252W IP camera (firmware v1.0.5 Build 230306 Rel.79931n) lets an attacker on the same local network replay a captured RTSP Digest authentication exchange to view the live video feed without knowing the device credentials. The root cause is that the RTSP server never expires or invalidates authentication nonces, so a sniffed nonce/response pair remains valid on new connections indefinitely. No public exploit is identified at time of analysis and EPSS is low (0.19%), but the barrier to abuse is minimal for anyone already positioned on the LAN.
Authentication bypass in n8n's external identity resolution lets an attacker impersonate other users when the instance trusts more than one token-exchange issuer. Affecting n8n before 2.27.4 and version 2.28.0, the flaw stems from resolving federated identities using only the JWT sub claim while ignoring the iss claim, so a valid token from one trusted issuer whose sub matches a victim registered under a different issuer grants full access to that victim's account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the authentication-level impact (VC:H/VI:H) makes it a meaningful account-takeover risk for multi-issuer SSO deployments.
Local privilege escalation in Xen's Windows PV (paravirtualized) drivers arises because the XenBus interface (CVE-2025-27464) is exposed to userspace with no security descriptor, leaving it fully accessible to any unprivileged user on a Windows guest. Because XenBus mediates communication between the guest and the hypervisor's device backend, an unprivileged local user can abuse this open interface to gain elevated privileges and potentially impact the guest and the virtualization layer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it is documented in Xen Security Advisory XSA-468.
Local privilege escalation in Xen's Windows PV (paravirtualized) drivers arises because the XenIface interface is exposed to userspace with no security descriptor, leaving it fully accessible to unprivileged users. Any low-privileged local user on an affected Windows guest can interact with this facility to gain elevated control over the system. This is one of three sibling issues (alongside CVE-2025-27462 XenCons and CVE-2025-27464 XenBus) disclosed in Xen Security Advisory XSA-468; no public exploit has been identified at time of analysis.
Local privilege escalation in the Xen Windows PV Drivers (the XenCons paravirtualized console interface) lets any unprivileged user of a Windows guest reach a device object that ships with no security descriptor, so its facilities are fully accessible to non-administrators. Successful abuse can yield full compromise of the guest with integrity, confidentiality and availability impact, and the vendor scores it critical (CVSS 4.0 base 9.4) with subsequent-system impact. There is no public exploit identified at time of analysis and it is not on CISA KEV. This is one of three related XSA-468 issues (XenCons/CVE-2025-27462, XenIface/CVE-2025-27463, XenBus/CVE-2025-27464).
Server-side request forgery (and cross-scheme local file disclosure) in the Ruby css_parser gem (all versions prior to 3.0.0) lets an attacker who can land a single @import url(...) rule in parsed CSS force the server to issue arbitrary HTTP/HTTPS GETs to any internal host, port or IP, and — via an attacker-controlled 302 redirect to a file:// URI — read local files. Premailer-style consumers that re-emit the parsed CSS into rendered HTML/email leak any CSS-shaped response bytes back to the attacker, turning this into a data-exfiltration channel rather than a blind SSRF. No public CVSS is published and it is not in CISA KEV, but a complete working proof-of-concept (poc.rb) is included in the advisory, so publicly available exploit code exists.
Predictable SSH credential generation in Cloud Foundry's bosh-windows-stemcell-builder (versions prior to v2019.98) lets attackers brute-force the SSH login on TCP/22 because the GenerateRandomPassword function relies on a cryptographically weak random number generator, drastically shrinking the effective password keyspace. Any Windows stemcell built with an affected release ships with a guessable administrative password, so an attacker who can reach port 22 of a deployed VM can recover interactive access and full control. No public exploit code has been identified at time of analysis and the issue is not listed in CISA KEV.
Local privilege escalation in BOSH-Ecosystem bosh-windows-stemcell-builder (versions prior to v2019.98) lets a low-privilege authenticated Windows user overwrite the BOSH agent executables at C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, which then run as NT AUTHORITY\SYSTEM on the next service restart or reboot, yielding full host control. The weakness stems from overly permissive filesystem ACLs applied by BOSH.Utils.psm1 when the stemcell is built. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Sandbox escape in Google Chrome on Windows prior to 150.0.7871.115 allows an attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page, chaining a codec input-validation flaw into higher-privileged host-process compromise. The bug is rated High by Chromium and carries a CVSS 8.3 with a scope-changing vector reflecting the sandbox-boundary crossing. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sandbox escape in Google Chrome's Core component on Windows (versions prior to 150.0.7871.115) lets an attacker who has already compromised the renderer process break out of the sandbox and reach the higher-privileged browser process via a crafted HTML page. The flaw is a CWE-416 use-after-free rated High by Chromium and CVSS 8.3, with a scope change reflecting the renderer-to-browser boundary crossing. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but as the second stage of a browser exploit chain it is a meaningful patch priority.
Security feature bypass in Microsoft Edge (Chromium-based) allows a remote, unauthenticated attacker to circumvent a browser security control over the network when a user is lured into interacting with attacker-controlled content. The scope-changing CVSS 8.2 vector and high confidentiality impact suggest the bypass can expose sensitive information beyond the browser's normal security boundary. Reported by Microsoft's own security team; no public exploit identified at time of analysis.
OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.
Command injection in yt-dlp and youtube-dl before 2026.7.4 lets a malicious video/webpage host smuggle attacker-controlled data into shortcut files generated by the --write-link, --write-url-link, and --write-desktop-link options. Because webpage_url and filename metadata are written to .url/.desktop files without validation or escaping, an attacker can inject a file:// URI on Windows or a newline-based Desktop Entry key on Linux that runs commands when the victim later opens the generated shortcut. No public exploit identified at time of analysis; EPSS is modest at 0.55% and CISA SSVC records exploitation as none, but technical impact is rated total.
Local privilege escalation in Omnissa Workspace ONE Tunnel for Windows lets an authenticated low-privileged local user abuse a path-traversal weakness (CWE-22) to gain higher (likely SYSTEM) privileges on the endpoint. The flaw affects the Windows Tunnel client used for per-app VPN in Workspace ONE managed fleets; no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is high across confidentiality, integrity, and availability, but exploitation is confined to attackers who already have a local foothold on the machine.
Memory corruption in the OpenSSH client (ssh) before 10.4 lets a malicious or compromised SSH server trigger a use-after-free on the connecting client by changing its host key during a key re-exchange (rekey), potentially leading to information disclosure or code execution in the client process. Only the client side is affected; the server is not vulnerable. There is no public exploit identified at time of analysis and it is not on CISA KEV, and EPSS is low (0.25%, 16th percentile), but the flaw is fixed in OpenSSH 10.4/10.4p1.
OpenSSH sshd before version 10.4 silently ignores the GSSAPIStrictAcceptorCheck configuration directive when the server is integrated with Windows Active Directory, defeating a security control that administrators rely on to enforce GSSAPI acceptor name validation during Kerberos-based SSH authentication. This undocumented behavior means AD-joined SSH servers may accept GSSAPI authentications against unintended Kerberos service principals regardless of how the option is configured, yielding limited confidentiality and integrity impact. No public exploits or active exploitation have been identified; the CVSS AC:H rating reflects the specific environmental prerequisites required for exploitation.
Path traversal in Goploy's `/deploy/fileDiff` endpoint (versions <=1.17.5) enables any authenticated low-privilege member to read arbitrary files on both the Goploy host and every SFTP-managed remote server registered in the system. The dual file read returns local content in the `srcText` response field and remote server content in `distText`, multiplying the blast radius across all managed deployment targets. Publicly available exploit code exists per the GitHub Security Advisory; this is not listed in CISA KEV, but exploitation conditions are trivially met under default Goploy configuration.
Single-use authorization-code enforcement can be bypassed under concurrency in the better-auth OAuth provider (@better-auth/oauth-provider 1.6.0 through 1.6.10, the embedded plugin in better-auth 1.4.8-beta.7 through 1.6.10, and the legacy oidc-provider and mcp plugins). Because the POST /oauth2/token authorization_code grant redeems the code via a non-atomic find-then-delete, two concurrent requests carrying the same code both pass the read step and each mint a fresh access, refresh, and id token for the original user's scope. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor rates it CVSS 4.0 7.6 (High) with high confidentiality and integrity impact.
Pre-account-hijacking in the better-auth Node/TypeScript authentication library (versions < 1.6.11 on the stable line and all current `next` pre-releases) lets an unauthenticated attacker seize a victim's account by pre-registering the victim's email via `/sign-up/email`, then having the victim's later OAuth/SSO sign-in implicitly linked to the attacker's row. The result is a single account the attacker controls with a working password login plus the victim's OAuth identity, and the link-time verification flip defeats `requireEmailVerification: true`. No public exploit identified at time of analysis; not listed in CISA KEV, though the flaw is the same class as Microsoft nOAuth (2023) and the Sign in with Apple JWT flaw (2020).
Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg).
Missing authentication in Esri Portal for ArcGIS 12.1 and earlier (Windows, Linux, and Kubernetes deployments) exposes a critical API endpoint that a remote, unauthenticated attacker can reach directly, bypassing access controls to interact with functionality that should require an authenticated session. Esri rates this critical (CVSS 9.8) and disclosed it in its June 2026 ArcGIS security bulletin; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because the exposed function is an administrative/portal API reachable over the network with no credentials, successful access could lead to disclosure or manipulation of portal content and configuration.
Account takeover in Esri Portal for ArcGIS 12.1 and earlier (Windows, Linux, and Kubernetes) stems from a weak forgotten-password recovery mechanism (CWE-640) that a remote, unauthenticated attacker can manipulate to assume ownership of another user's account. The flaw carries a CVSS 9.8 rating because it is network-reachable with no authentication or user interaction, yielding full compromise of confidentiality, integrity, and availability of the targeted account. There is no public exploit identified at time of analysis and EPSS is low (0.22%, 13th percentile), and CISA's SSVC framework records exploitation as none, indicating no observed in-the-wild activity despite the critical score.
Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.
{from}/sendMail path segment, rewriting both path and query string of the outbound request. No public exploit has been identified at time of analysis; a vendor-released patch is available in version 1.26.3.
Untrusted JMS deserialization in Apache Camel's JMS-family components (camel-jms, camel-sjms, camel-sjms2, camel-amqp, camel-activemq, camel-activemq6) lets an attacker who can publish an ObjectMessage to a consumed queue or topic inject arbitrary Exchange state - body, IN/OUT headers, properties, variables, exchange id and exception - into a Camel route. It affects 3.0.0 through 4.14.7, 4.15.0 through 4.18.2, and 4.19.0 through 4.20.x when mapJmsMessage (the default) is enabled and Camel acts as a JMS consumer. This is a bypass of the earlier CVE-2026-40860 hardening, requires no gadget chain (only java.lang/java.util types), carries CVSS 7.3, and has no public exploit identified at time of analysis (EPSS 0.18%).
Confused-deputy operation redirection in the Apache Camel camel-cxf SOAP component (versions 4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets an attacker steer which backend SOAP operation gets invoked. Because the operationName / operationNamespace selection headers lacked the Camel/camel prefix, HttpHeaderFilterStrategy failed to strip them at the HTTP boundary, so in any route bridging an HTTP consumer (e.g. platform-http) into a cxf: producer, an HTTP client could inject these headers and force CxfProducer to call a different WSDL operation than intended - for example swapping a read for a destructive write. No public exploit is identified at time of analysis, EPSS is low (0.15%), and it is not in CISA KEV.
Query injection and authorization bypass in the Apache Camel Lucene component (camel-lucene) lets remote unauthenticated HTTP clients override the full-text search a route intends to run. Because the raw header names QUERY and RETURN_LUCENE_DOCS lack the Camel/camel prefix, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so an attacker-supplied header flows straight into the Exchange and executes against the index - enabling disclosure of documents the requester should not see (e.g. a match-all query dumping the whole index) and CPU-heavy regex queries. Affects 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x; no public exploit identified at time of analysis, and EPSS is low (0.16%, 6th percentile).
Header injection in Apache Camel Mail Component enables attackers to override SMTP JavaMail session properties by supplying crafted headers in the mail.smtp./ mail.smtps. namespace through any untrusted inbound protocol - including HTTP query parameters, JMS, or Kafka - that feeds into a Camel route terminating at an SMTP producer. On releases before 4.19.0, the most severe impact is full SMTP host redirection: the producer reconnects to an attacker-controlled server and authenticates with the endpoint's configured credentials, resulting in credential theft. On 4.19.0 through pre-4.21.0, host redirection is blocked, but attackers can still weaken transport security (disabling STARTTLS, manipulating SSL trust, or injecting a SOCKS proxy) and intercept outgoing mail content. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Header injection in the Apache Camel camel-nats component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) allows any NATS client that can publish to a consumed subject to inject arbitrary Camel-internal control headers into the Exchange because the consumer's default DefaultHeaderFilterStrategy has no inbound filter rules. An attacker can override headers such as CamelHttpUri, CamelFileName, or CamelSqlQuery to redirect HTTP producers, rename files, or alter queries in downstream route steps. No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile) and CISA SSVC lists exploitation as none, but the flaw is remotely reachable without credentials when the NATS server runs with its default (no-auth) configuration.
Unauthenticated Camel control-header injection in Apache Camel's camel-cometd component (4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets any client that completes a Bayeux/CometD handshake inject internal headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName into the Camel Exchange, hijacking the behaviour of downstream producers. Because a CometdComponent installs no Bayeux SecurityPolicy by default, no authentication is required (PR:N), and the injected headers survive internal direct/seda/vm hops. Reported by Apache with a fix in 4.21.0; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (9th percentile).
Authorization bypass in Apache Camel's camel-elasticsearch-rest-client component allows unauthenticated remote attackers to override Elasticsearch query operations by injecting HTTP headers. Because the component uses unprefixed header constants ('SEARCH_QUERY', 'OPERATION', 'INDEX_NAME', 'INDEX_SETTINGS', 'ID') that are not blocked by Camel's inbound HttpHeaderFilterStrategy - which filters only 'Camel'-prefixed names - any HTTP client reaching a Camel route that fronts an elasticsearch-rest-client producer can substitute their own query body, operation type, or target index. Practical outcomes include full index enumeration via match_all, targeted document deletion, and field-level data exfiltration. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the attack requires no credentials and is trivially reproducible from the description alone.
Argument injection and directory traversal in Apache Camel's camel-docling component (4.15.0 before 4.18.3) let attackers who can influence the CamelDoclingCustomArguments or path-bearing exchange headers inject unintended docling CLI flags and traversal-laden path values into the externally executed docling tool. Because the original DoclingProducer validation relied on a flag denylist and only rejected literal '../' sequences, crafted arguments could reach the subprocess and resolve files outside the intended directory, yielding high confidentiality and integrity impact but no OS command injection (ProcessBuilder uses the list form, so no shell interprets the values). There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; EPSS is low (0.79%, 52nd percentile).
Improper input validation (CWE-20) in the camel-aws2-sns component of Apache Camel stems from a missing inbound HeaderFilterStrategy rule on Sns2HeaderFilterStrategy, mirroring the flaw fixed in the sibling camel-aws2-sqs component (CVE-2026-46456). However, camel-aws2-sns is producer-only - Sns2Endpoint throws UnsupportedOperationException on createConsumer - so no externally-supplied SNS message attributes are ever mapped inbound into a Camel Exchange, leaving the missing filter rule unreachable by any attacker. Despite the NVD CVSS 9.8 rating, the vendor explicitly classifies this as a defense-in-depth alignment with no known exploit path, and EPSS scores it at just 0.16% (6th percentile); no public exploit identified at time of analysis.
Camel-internal control header injection in the Apache Camel AWS2-SQS component (camel-aws2-sqs) lets any principal holding sqs:SendMessage on a consumed SQS queue override downstream producer behaviour in a route. Because Sqs2HeaderFilterStrategy defined only an outbound filter and no inbound filter, DefaultHeaderFilterStrategy copied sender-supplied attributes such as CamelHttpUri, CamelFileName and CamelSqlQuery verbatim into the Exchange, so an attacker can redirect HTTP producers, rename files or override SQL queries. This is a design flaw with no public exploit identified at time of analysis; EPSS is low (0.16%, 6th percentile) and it is not on CISA KEV.
Server-side request forgery and secret disclosure in the Apache Camel camel-iggy consumer (versions 4.17.0-4.18.2 and 4.19.0-4.20.x) allow an actor able to publish to a consumed Iggy stream to inject Camel control headers such as CamelHttpUri into the Exchange. When the consumer feeds a downstream HTTP producer, the attacker redirects the server-side request to internal services or cloud metadata endpoints, and because the producer resolves Camel property placeholders on the attacker-controlled URI, environment variables, application properties, and vault secrets are exfiltrated. No public exploit identified at time of analysis, and EPSS is low (0.15%), but the confidentiality impact is rated High.
Server-side request forgery and secret disclosure in Apache Camel's camel-atmosphere-websocket component allow a remote attacker to hijack downstream server-side HTTP requests by injecting Camel control headers as WebSocket query parameters. Affecting Camel 4.0.0-4.14.7, 4.15.0-4.18.2 and 4.19.0-4.20.x, the flaw lets an attacker set CamelHttpUri to redirect internal HTTP calls (e.g., to cloud metadata endpoints) and force resolution of Camel property placeholders, leaking environment variables, application properties and vault secrets. Where the WebSocket endpoint is exposed without authentication the issue is unauthenticated (CVSS 7.5); there is no public exploit identified at time of analysis and EPSS is low (0.24%).
Header injection in Apache Camel's camel-salesforce component allows any HTTP client to override SOQL queries, SOSL searches, Salesforce object targets, and Apex REST endpoints by setting non-Camel-prefixed Exchange headers that the framework's HttpHeaderFilterStrategy fails to block. Routes that bridge an HTTP consumer (such as platform-http) into a salesforce: producer are the attack surface; when that HTTP consumer is unauthenticated, exploitation requires zero attacker credentials. All injected operations execute under the configured Salesforce integration user's permissions, which are typically broad, enabling unauthorized data exfiltration or destructive CRUD and Apex calls across the organization's Salesforce instance. No public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Header injection in Apache Camel's camel-kafka component allows HTTP clients to redirect Kafka messages to arbitrary topics in routes that bridge an HTTP consumer into a Kafka producer. The kafka.OVERRIDE_TOPIC, kafka.OVERRIDE_TIMESTAMP, and kafka.PARTITION_KEY Exchange header constants used non-CamelKafka-prefixed names, causing them to bypass HttpHeaderFilterStrategy - which blocks only the Camel/camel namespace - while remaining readable by KafkaProducer.evaluateTopic() as authoritative control directives. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but when the HTTP ingress is unauthenticated the attack requires only a standard HTTP client and a known Kafka topic name.
Header injection in Apache Camel's camel-irc component enables unauthenticated HTTP clients to redirect outgoing IRC messages to attacker-chosen channels or users by supplying non-Camel-prefixed headers (e.g., irc.sendTo) that Camel's HttpHeaderFilterStrategy fails to block. Affected versions span 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x; fixes are available in 4.14.8, 4.18.3, and 4.21.0. No public exploit code or CISA KEV listing exists at time of analysis, but the attack requires no credentials when the bridging HTTP consumer is unauthenticated, making it trivially reproducible against any qualifying deployment.
Routing header injection in Apache Camel's camel-dapr component allows any actor with publish access to a subscribed Dapr Pub/Sub topic to redirect or exfiltrate re-published messages to an arbitrary Dapr Pub/Sub component and topic. The flaw exists in routes that both consume and republish via Dapr - specifically, DaprPubSubConsumer blindly copies attacker-controlled CloudEvent fields (pub/sub-name and topic) into producer-direction routing headers (CamelDaprPubSubName and CamelDaprTopic), which DaprConfigurationOptionsProxy then prefers over the route's configured endpoint destination. No public exploit code or CISA KEV listing exists at time of analysis, but exploitation is mechanically straightforward for any publisher on the subscribed topic.
Authorization bypass in Apache Camel's camel-jira component (versions 4.0.0 through pre-4.21.0) allows unauthenticated HTTP clients - in routes that bridge an HTTP consumer to a jira: producer - to drive arbitrary JIRA issue operations using the endpoint's configured service-account credentials, including deleting or transitioning issues, creating issues in unauthorized projects, modifying fields, and manipulating watchers. The root cause is that JIRA control header constants (IssueKey, ProjectKey, IssueTransitionId, linkType, and others) use non-Camel-prefixed string values, bypassing the HttpHeaderFilterStrategy which only guards the 'Camel/'/'camel' header namespace at the HTTP boundary. Fixes are confirmed in 4.14.8, 4.18.3, and 4.21.0; no public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Server-side request forgery in the Apache Camel camel-dns component lets any HTTP client control DNS lookups when a route bridges an HTTP consumer (e.g. platform-http) into a dns: producer. Because the dns.server, dns.name, dns.domain, dns.type, dns.class and term headers lack the Camel/camel prefix, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so an attacker can point the resolver at an attacker-controlled DNS server and enumerate internal hostnames. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2 and 4.19.0-4.20.x; no public exploit identified at time of analysis, and EPSS is low (0.15%), but SSVC rates the flaw automatable with total technical impact.
Unauthenticated NoSQL operation hijacking in Apache Camel's camel-mongodb-gridfs component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) lets a remote HTTP client override the intended GridFS operation and inject MongoDB query documents. When a route bridges an HTTP consumer such as platform-http into a mongodb-gridfs: producer that has no explicit operation set (the default), the raw gridfs.operation, gridfs.objectid and gridfs.metadata headers pass through the HTTP header filter because they lack the Camel/camel prefix, allowing an attacker to turn an intended upload into remove, listAll, or findOne and to inject NoSQL operators. There is no public exploit identified at time of analysis and EPSS is low (0.16%), but CVSS is 9.8 and SSVC rates technical impact as total and automatable.
Server-side request forgery and parameter/field injection in the Apache Camel camel-solr component (versions 4.0.0 through 4.14.7, 4.15.0 through 4.18.2, and 4.19.0 through 4.20.x) allow remote attackers to hijack Solr requests issued by a Camel route. Because the SolrParam. and SolrField. header prefixes lack the Camel/camel namespace, HttpHeaderFilterStrategy does not strip them at the HTTP boundary, so any client hitting a route that bridges an HTTP consumer (e.g. platform-http) into a solr: producer can inject arbitrary Solr parameters - notably shards or stream.url to force the Solr server into attacker-chosen outbound requests (internal services, cloud metadata endpoints), or qt to reach admin handlers - and inject arbitrary indexed-document fields. Rated CVSS 9.1; there is no public exploit identified at time of analysis and EPSS is low (0.18%), but SSVC marks the flaw as automatable with total technical impact.
Server-side request forgery and secret disclosure in Apache Camel's camel-vertx-websocket component (versions 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x) let a WebSocket client inject Camel-internal control headers such as CamelHttpUri because inbound query/path parameters are copied into the Exchange header map without a HeaderFilterStrategy. In routes that bridge the WebSocket consumer into a downstream HTTP producer, an attacker can redirect the server-side HTTP request to internal services or cloud metadata endpoints, and because the HTTP producer resolves Camel property placeholders on the attacker-supplied URI, environment variables, application properties, and vault secrets are resolved and exfiltrated. When the WebSocket endpoint is exposed without authentication (PR:N per CVSS), this is reachable by an unauthenticated remote attacker; there is no public exploit identified at time of analysis, and EPSS is low at 0.24%.
Local privilege escalation in Unity Parsec for Windows (all builds through v2026-05-04.0) lets an unprivileged local user coerce an instance of parsecd.exe to run as NT AUTHORITY\SYSTEM while honoring a user-controlled AppData environment variable, allowing the attacker to redirect the privileged process to resources under their control and gain SYSTEM. The flaw is a CWE-648 misuse of privileged APIs; publicly available exploit code exists (a dedicated CVE GitHub repository and a researcher write-up), and it is fixed in Parsec for Windows 150-104a. It is not listed in CISA KEV and no EPSS score was supplied, so there is no evidence of widespread active exploitation.
Security feature bypass in Microsoft Edge for Android exposes high-confidentiality data to unauthenticated network attackers who can induce user interaction. The vulnerability stems from improper access control (CWE-284) in the Chromium-based mobile browser, allowing an attacker to circumvent a security boundary and access protected information without credentials. No active exploitation is confirmed (CISA KEV absent, temporal metric E:U), and a vendor patch is available via MSRC, making this a patch-priority item rather than an emergency response.
Information disclosure in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based attackers to expose sensitive browser data through a use-after-resource condition (CWE-672). Exploitation requires user interaction and high attack complexity, but the changed scope (S:C) indicates the flaw breaches browser isolation boundaries, yielding high confidentiality impact. No public exploit or active exploitation has been identified at time of analysis; vendor patch is available from Microsoft MSRC.
Spoofing in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 allows a remote unauthenticated attacker to present deceptive browser UI to a victim user, resulting in high-confidentiality-impact information disclosure. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms exploitation is network-delivered and requires only a single user interaction, consistent with a classic UI-spoofing or URL-spoofing class of flaw. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; a vendor-released patch is available.
Insufficient UI warning of dangerous operations in Microsoft Edge (Chromium-based) before version 150.0.4078.48 enables network-based spoofing attacks against users who interact with adversary-controlled content. Per the CVSS vector (PR:N, UI:R), an unauthenticated remote attacker can exploit this flaw without any privileges, but requires the victim to interact with the browser during the attack. No public exploit identified at time of analysis; the Medium CVSS score of 4.3 and confidentiality-only impact (C:L) reflect a bounded but real risk primarily useful for phishing, credential harvesting, or identity spoofing scenarios.
Cross-site scripting in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based spoofing attacks against users who interact with attacker-controlled content. The flaw stems from improper input neutralization during web page generation (CWE-79), allowing injected scripts to execute within the browser's context and manipulate rendered content. No public exploit code or active exploitation has been identified at time of analysis, and Microsoft has released a patch addressing the issue.
Absolute path traversal in Microsoft Edge for Android (Chromium-based) prior to version 150.0.4078.48 enables local, unauthenticated information disclosure by allowing crafted paths to escape the application's intended directory scope. The CVSS vector (AV:L/C:H/I:N/A:N) confirms the impact is limited to confidentiality loss on the local device, with no integrity or availability consequences. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Cross-site scripting in Microsoft Edge (Chromium-based) before version 150.0.4078.48 lets a remote attacker trick a victim into rendering attacker-controlled script that spoofs UI or content over the network. Because the CVSS scope is changed (S:C) and user interaction is required (UI:R), a lured user visiting or interacting with a malicious page can be deceived into trusting forged content, undermining browser security-context integrity. Reported by Microsoft with a vendor patch available; EPSS is low (0.28%, 20th percentile) and no public exploit identified at time of analysis.
Information disclosure in Microsoft Edge for Android (Chromium-based) allows a network-based attacker to expose a victim's private personal information, but only after luring the user into interacting with attacker-controlled content (UI:R). The flaw carries a CVSS 7.1 rating driven by high confidentiality impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor patch is available via Microsoft's MSRC update guide.
Information disclosure in Microsoft Edge for Android allows a remote unauthenticated attacker to exfiltrate private personal information over the network when a victim interacts with attacker-controlled content. The flaw carries a CVSS 7.1 with high confidentiality impact and stems from private data being exposed to an unauthorized actor (CWE-359); Microsoft has released a fix. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Security-feature bypass in Microsoft Edge (Chromium-based) stems from a type-confusion (CWE-843) flaw that a remote, unauthenticated attacker can trigger over the network to defeat a browser security boundary. Microsoft has published a fix via its Update Guide (CVE-2026-58295), and the issue carries a CVSS 8.3 with a scope change reflecting the crossed trust boundary. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthorized, remote attacker can trigger to run arbitrary code. Exploitation requires the victim to interact with attacker-controlled web content, and the CVSS 3.1 vector marks high attack complexity (AC:H) despite requiring no privileges (PR:N). Microsoft has released a fix; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Remote code execution in Microsoft Edge (Chromium-based) before version 150.0.4078.48 lets an unauthorized attacker run arbitrary code when a victim is lured to interact with attacker-controlled content, stemming from external control of a file name or path (CWE-73). The flaw is network-reachable but non-trivial to exploit, requiring user interaction and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patched build, and EPSS estimates a low 0.53% exploitation probability with SSVC reporting no observed exploitation.
Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated attacker run code on a victim's machine when the user is lured into interacting with attacker-controlled web content. The flaw stems from improper input validation (CWE-20) and, per its CVSS scope-change metric, is consistent with a renderer/sandbox boundary escape. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a fix.
Remote code execution in Microsoft Edge (Chromium-based) stems from a type confusion flaw (CWE-843) that an unauthorized attacker can trigger over the network to run arbitrary code, provided the victim interacts with attacker-controlled web content. Microsoft self-reported and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (AC:H) and required user interaction (UI:R) temper an otherwise network-reachable, unauthenticated attack surface.
Remote code execution in Microsoft Edge (Chromium-based) before 150.0.4078.48 allows an unauthenticated attacker to run arbitrary code when a victim is lured to a malicious web page, via a type-confusion flaw (CWE-843) in the browser engine. The CVSS:3.1 score is 8.3 with a scope change (S:C), indicating a likely sandbox/renderer boundary escape, though exploitation carries high attack complexity and requires user interaction. There is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none, with EPSS at 0.53% (41st percentile).
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthenticated, network-based attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact — typically by visiting a malicious or compromised web page — and the CVSS 3.1 score of 8.3 reflects high attack complexity plus a scope change consistent with a renderer sandbox escape. There is no public exploit identified at time of analysis and no CISA KEV listing, though the underlying Chromium engine origin (tags reference Google) means a shared upstream root cause across Chromium browsers is likely.
Spoofing in Microsoft Edge (Chromium-based) lets a remote, unauthenticated attacker misrepresent trusted UI or content to a victim by abusing improper access control (CWE-284), per Microsoft's own advisory (MSRC CVE-2026-58286). The high CVSS 8.1 is driven by a scope-changed impact (S:C) with high integrity effect, though the AC:H rating signals the attack is not trivially reliable. Currently there is no public exploit identified at time of analysis and no CISA KEV listing, so this is a proactively-patched issue rather than one under active exploitation.
Remote code execution in Microsoft Edge (Chromium-based) via a type-confusion flaw (CWE-843) lets an unauthorized attacker run arbitrary code when a victim is lured to malicious web content. The CVSS 3.1 base score is 8.3 with a scope change, reflecting a likely renderer-to-sandbox impact, but exploitation requires user interaction and has high attack complexity. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available via Microsoft's MSRC update guide.
Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to break out of the browser's security boundary and run arbitrary code when a victim is lured to malicious web content. Rooted in an improper authorization flaw (CWE-285) with a scope-changing CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C), exploitation requires user interaction and high attack complexity. No public exploit identified at time of analysis, and it is not listed in CISA KEV, so exploitation is currently theoretical rather than observed.
Server-side request forgery in Microsoft Edge (Chromium-based) versions before 150.0.4078.48 enables unauthenticated remote attackers to perform network spoofing by inducing the browser to issue forged requests on behalf of a victim. The attack requires user interaction - a victim must visit or interact with attacker-controlled content - after which the browser can be coerced into making unauthorized requests that manipulate resource integrity or availability. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; a vendor-released patch is available.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that an unauthorized network attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact with attacker-controlled content (UI:R) and involves high attack complexity (AC:H), so a user must be lured to a malicious or compromised page. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a fix.
Information disclosure in Microsoft Edge (Chromium-based) lets a remote attacker read sensitive data by abusing improper symbolic/link resolution (CWE-59) when a victim interacts with attacker-controlled content. Exploitation requires user interaction (UI:R) but no authentication (PR:N), and the scope-changed impact (S:C) indicates data is exposed beyond the browser's own security boundary. Microsoft has released a fix; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory-corruption bug (CWE-416) that an unauthorized attacker can trigger over the network to run arbitrary code in the browser's context. Exploitation requires the victim to interact with attacker-controlled web content and the CVSS vector flags high attack complexity, so successful attacks are not trivial. There is no public exploit identified at time of analysis and no CISA KEV listing, but a vendor patch is available from Microsoft.
Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that lets an unauthenticated attacker run arbitrary code when a victim visits a malicious web page. All Edge Chromium versions prior to the vendor-patched build are affected, and the CVSS 3.1 base score is 8.8 (High). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires user interaction such as browsing to attacker-controlled content.
Spoofing in Microsoft Edge (Chromium-based) arises from a cross-site scripting (CWE-79) flaw that lets a network-based, unauthenticated attacker inject script into a generated web page, producing a convincing spoofed browser context after the victim interacts with malicious content. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R, C:L/I:H) reflects a high-integrity spoofing impact gated only by user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.
Remote code execution in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to run arbitrary code by luring a victim to a malicious web page that triggers an integer overflow (CWE-190). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R) indicates network-based exploitation requiring user interaction, with high confidentiality, integrity, and availability impact. Microsoft has released a fix; no public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV.
UI misrepresentation in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based spoofing attacks against users who interact with attacker-controlled web content. The browser fails to accurately present critical security information - such as origin indicators, security status, or authentication prompts - allowing an unauthenticated remote attacker to deceive victims into believing they are interacting with a trusted source. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and a vendor patch is available.
Relative path traversal in Microsoft Edge for Android (Chromium-based) before version 150.0.4078.48 permits a local, unprivileged attacker to read sensitive files outside the application's intended directory scope, achieving high confidentiality impact with minor integrity exposure. The flaw (CWE-23) stems from insufficient sanitization of relative path sequences in Edge's Android file-handling logic. No public exploit code or active exploitation has been identified at time of analysis, though a vendor patch is available and should be prioritized given the high confidentiality impact rating.
Remote code execution in Microsoft Edge for Android (Chromium-based) arises from a time-of-check to time-of-use (TOCTOU) race condition that an unauthenticated network attacker can win to run arbitrary code, though success requires the victim to interact (UI:R) and the timing window makes exploitation high-complexity. Microsoft (self-reported) has shipped an official fix, and the temporal signals (E:U, RC:C) indicate no public exploit identified at time of analysis despite confirmed technical validity. The flaw is credited to Microsoft/Google collaboration and tagged as an authentication-bypass-class issue.