Red Hat
Monthly
Unvalidated chown in Samba's pam_winbind module allows a local user with narrow sudo delegation to transfer ownership of the root filesystem directory to a system account, causing system-wide denial of service on Red Hat Enterprise Linux 6 through 10. When mkhomedir is enabled and a system account has its home directory set to '/', any PAM-triggered authentication event run as that account via sudo invokes the chown without path sanitization. The resulting ownership change breaks SSH, sudo, and package-manager functionality, though the 0555 permissions on RHEL prevent write access escalation, confining the impact to high-severity availability loss. No public exploit or CISA KEV listing is identified at time of analysis.
Remote code execution in the Argo CD repo-server component (as shipped in Red Hat OpenShift GitOps and the argoproj argo-helm chart) allows an unauthenticated attacker with network access to the repo-server to run arbitrary code and, under certain conditions, poison cached manifests to push malicious Kubernetes resources into managed clusters, enabling full cluster takeover. The root cause is missing authentication (CWE-306) on a critical internal service that the default Helm chart left network-exposed. There is no public exploit identified at time of analysis, but detailed third-party technical research (Synacktiv) and press coverage exist, and the flaw was reported unpatched at disclosure.
Credential disclosure in GitLab Enterprise Edition allows an authenticated maintainer-role user to retrieve another user's stored credentials through insufficient authorization controls. All GitLab EE versions from 9.5 through the patched releases (18.11.7, 19.0.4, and 19.1.2) are affected, representing a broad historical exposure window spanning multiple major releases. No public exploit identified at time of analysis; the vulnerability was disclosed via HackerOne responsible disclosure (report 3720483), and GitLab has issued patched versions.
ReDoS vulnerability in the guardrails-detectors component of Red Hat OpenShift AI enables adjacent-network attackers to submit specially crafted regular expressions to the public detection API, triggering catastrophic backtracking that pins a worker process at 100% CPU indefinitely. The availability impact extends beyond the component itself - the entire guardrails-mediated LLM pipeline is rendered non-functional. No public exploit identified at time of analysis, but exploitation requires no authentication and trivial effort from an adjacent network position.
HTTP request smuggling in OpenVPN Access Server 2.7.2 through 3.1.0 enables remote unauthenticated attackers to inject or manipulate backend requests when the Access Server is deployed behind a reverse proxy. The server incorrectly accepts bare line-feed (LF-only, without carriage return) characters inside HTTP header values, creating a parsing discrepancy between the front-end proxy and the Access Server backend - the hallmark of CWE-444. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS 4.0 score of 6.9 with integrity impact on both the vulnerable and subsequent systems indicates meaningful risk in typical enterprise VPN gateway deployments fronted by load balancers or reverse proxies.
Cross-site scripting in Jastow - the JSP implementation layer embedded within Red Hat JBoss Enterprise Application Platform alongside Undertow - allows unauthenticated remote attackers to inject and execute malicious scripts when a specific combination of configurations permits unescaped characters to pass through URL processing. Affected deployments span JBoss EAP 7, EAP 8, the Expansion Pack, and linked products such as Red Hat Single Sign-On 7 that share this component. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Attribute encryption in the 389-ds-base LDBM backend exposes a cryptographic design flaw affecting Red Hat Directory Server 11, 12, and 13 across all supported RHEL releases (6 through 10). The LDBM backend applies a static, hardcoded initialization vector (IV) for both AES-CBC and 3DES-CBC encryption of directory attribute values, meaning that two entries storing identical plaintext for an encrypted attribute will always produce identical ciphertext blocks - a classic ciphertext equality oracle. An attacker with privileged filesystem-level read access to the LDBM database files can exploit this to determine whether any two encrypted attribute values are identical, leaking relational information about the directory without recovering plaintext. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. Per the confirmed CVSS vector (PR:N), no authentication is required; no public exploit code or CISA KEV listing has been identified at time of analysis.
Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.
Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4. Because ad_gpo_extract_smb_components() fails to sanitize '..' sequences in the gPCFileSysPath LDAP attribute (CWE-23), an actor holding AD GPO management rights can force an SSSD-enrolled host to write attacker-controlled files outside the GPO cache as root, injecting Kerberos configuration to bypass authentication. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user with write access to any subtree to inject a malicious sudoRole object and gain root-level sudo on every SSSD-enrolled host. The flaw exists because, when ldap_sudo_search_base is left unset, SSSD searches the entire directory tree for sudoRole objects, trusting rules planted anywhere in the DIT. Rated CVSS 8.8 by Red Hat and reported against RHEL 6 through 10 and OpenShift Container Platform 4; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.
NULL pointer dereference in the error handler of gstavdemux.c within gstreamer1-libav can crash the GStreamer pipeline process when it encounters a malformed or crafted media stream during AV demuxing. The flaw resides specifically in error recovery logic - the code path meant to handle failures itself dereferences a NULL pointer, producing a denial-of-service condition in any application relying on this plugin for media playback or processing. No public exploit code or active exploitation has been identified at time of analysis; this appears to be a stability/reliability bug reported through Ubuntu's vendor channel.
Keycloak's OIDC broker incorrectly applies the email_verified claim from the id_token to whichever email address is returned by the userinfo endpoint, even when those two sources disagree. An attacker who controls or compromises an upstream OIDC identity provider can exploit this desynchronization - configured with trustEmail=true - to mark an arbitrary, attacker-chosen email address as verified in Keycloak's database. The practical consequence is bypassing email verification workflows or triggering account linkage/takeover in applications that trust the email_verified flag from Keycloak for identity decisions. No public exploit code exists and no CISA KEV listing applies at time of analysis.
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.
Arbitrary code execution in keras-team/keras 3.14.0 lets remote attackers run OS-level commands by supplying a malicious serialized `Lambda` layer that is deserialized without an active `SafeModeScope`. The root cause is `_raise_for_lambda_deserialization()` treating a `None` `safe_mode` (the default when `from_config()` runs outside a `SafeModeScope`) as if it were an explicit `False`, so the safe-mode guard is skipped and attacker-controlled `marshal` bytecode executes. SSVC rates technical impact as total with a proof-of-concept available; EPSS is modest at 0.40% (32nd percentile), and the flaw is not in CISA KEV.
webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.
Cross-site request forgery in webpack-dev-server 5.2.5 and earlier allows any website visited by a developer to silently invoke two unauthenticated state-changing endpoints - `/webpack-dev-server/open-editor` and `/webpack-dev-server/invalidate` - via simple browser-initiated GET requests that carry no CSRF protection. An attacker controlling a web page visited during an active dev session can open arbitrary local files in the developer's editor (including files outside the project root) and trigger repeated forced recompilations that degrade workstation performance. No public exploit has been identified at time of analysis, and exploitation is confined to developer workstations rather than production infrastructure.
Unauthorized child group disclosure in Red Hat Build of Keycloak's Fine-Grained Admin Permissions v2 (FGAP v2) exposes group names, paths, and custom attributes to delegated administrators who lack direct authorization over those child groups. When FGAP v2 is enabled and a delegated admin queries child groups through a parent group endpoint, the system omits the required per-permission filter, returning records that should be outside the caller's scope. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, placing it in the category of a low-severity information disclosure risk that is nonetheless significant in multi-tenant IAM environments where group attribute confidentiality matters.
Keycloak's ClientResource admin API component, when Fine-Grained Admin Permissions v2 (FGAP v2) is enabled, permits a delegated administrator to attach or detach hidden client scopes that fall outside their authorized management boundary. By injecting unauthorized scopes into client configurations, an attacker can manipulate the contents of OAuth2/OIDC security tokens issued to end-users, causing downstream applications to grant privilege levels beyond what the original access policy intended. No public exploit is identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the token-injection impact class carries meaningful risk in federated identity deployments.
Keycloak's Fine-Grained Admin Permissions v2 (FGAP v2) fails to enforce group-level authorization when a restricted administrator queries role-to-group assignments, exposing group names and custom attributes beyond the admin's intended scope. Restricted admins holding only role-view permission can enumerate all groups assigned to that role, bypassing the group-level access controls that FGAP v2 is designed to enforce. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog; however, the EPSS risk is compounded in deployments where group attributes carry sensitive operational metadata.
Two off-by-one errors in FreeIPA's ipa-otpd daemon expose RHEL 6 through 10 deployments configured with an external OAuth2/OIDC Identity Provider to out-of-bounds memory access during the device authorization flow. An attacker who controls or can man-in-the-middle the configured IdP endpoint can serve an oversized authorization response, triggering CWE-787 writes or reads one byte past a fixed-size buffer boundary. The most probable outcome is denial of service of the ipa-otpd daemon; no public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog.
Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 (Medium) reflects the constrained exploitation path, though VPN service disruption carries meaningful operational impact for affected operators.
Memory leak in OpenVPN (pre-2.7.5) allows network-accessible unauthenticated attackers to exhaust server memory, resulting in high availability impact and denial of service. The flaw, classified CWE-401, requires specific attack prerequisites (CVSS 4.0 AT:P) and passive client interaction (UI:P), meaning it is not trivially exploitable against all default deployments. No active exploitation has been confirmed in CISA KEV and no public exploit code has been identified at time of analysis; vendor patch v2.7.5 is available.
Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.
SQL injection in the Wikimedia Foundation's MediaWiki Cargo Extension exposes wiki deployments to unauthenticated database read and write operations across all versions prior to 1.43.9, 1.44.6, and 1.45.4. The Cargo extension's core function - accepting user-supplied query parameters to construct database queries - makes this a structurally sensitive attack surface, as improper neutralization of SQL special elements allows crafted input to escape intended query boundaries. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the PR:N/AC:L/AT:N CVSS 4.0 vector confirms exploitation requires no authentication or special preconditions against default-accessible Cargo query endpoints.
Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).
Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.
Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.
Denial of service in ClamAV's 7z archive scanner allows a remote, unauthenticated attacker to crash the scanning process by submitting a crafted 7z file, resulting in an out-of-bounds heap write (CWE-120). Because ClamAV is commonly deployed inline on mail gateways and upload-scanning pipelines, a single malicious attachment can be delivered without any interaction or credentials. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though Cisco (ClamAV's maintainer) rates confidentiality/integrity impact as none and availability as high.
Denial of service in ClamAV's FSG file format parser allows an unauthenticated remote attacker to crash the scanning engine, and potentially achieve broader memory-corruption impact, by submitting a crafted FSG-compressed portable executable to be scanned. The flaw stems from an out-of-bounds buffer write during FSG decompression, affecting any deployment that scans attacker-supplied files. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-authentication, no-interaction nature (CVSS 7.5) makes it a meaningful availability risk for mail/file-scanning gateways.
Denial of service in ClamAV's PE (Portable Executable) file format parser lets an unauthenticated, remote attacker crash the scanning engine by submitting a crafted PE file for scanning, triggering an out-of-bounds buffer write (CWE-120). Reported by Cisco PSIRT (ClamAV's maintainer), the flaw carries CVSS 7.5 with an availability-only impact; the advisory notes memory corruption could 'possibly' enable expanded impacts beyond DoS. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Arbitrary HDF5 file read in Keras up to 3.13.2 enables information disclosure when a victim loads a crafted model file, representing an incomplete patch for the prior CVE-2026-1669. The flaw lies in two specific code paths - `H5IOStore._verify_dataset()` and `file_editor.py` - which omit the `dataset.is_virtual` check, allowing a malicious HDF5 Virtual Dataset (VDS) to silently redirect reads to attacker-specified paths on the local filesystem. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the attack surface is realistic in ML supply chain and model-sharing contexts.
Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; NVIDIA is the reporting source via its product-security advisory 5850.
Stack exhaustion via multiple unbounded alloca() calls in the PulseAudio protocol server on Red Hat Enterprise Linux 8, 9, and 10 allows a local low-privileged attacker to crash the audio daemon, resulting in denial of service. The root cause (CWE-770) is the absence of size validation on attacker-controlled protocol parameters before passing them to alloca(), a stack-based allocator with no OS-enforced ceiling. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Denial-of-service via NULL pointer dereference in PipeWire's RAOP (Remote Audio Output Protocol) module affects Red Hat Enterprise Linux 8, 9, and 10. The RAOP module fails to enforce an upper bound on Content-Length values in incoming requests and does not validate the return value of pw_array_add(); when a sufficiently large Content-Length triggers an allocation failure, the unchecked NULL return causes a crash of the PipeWire daemon, resulting in complete loss of audio services. No special authentication is required from the adjacent network, and no public exploit or CISA KEV listing has been identified at time of analysis.
Stored cross-site scripting in Eclipse Open VSX Registry (versions 0.1.0 through before 1.0.2) allows an attacker who self-registers a publisher account to upload a VSIX containing malicious HTML that the /vscode/unpkg/ endpoint serves inline as text/html within the open-vsx.org origin, with no Content-Security-Policy or Content-Disposition: attachment header. When a logged-in victim is lured to the resulting URL, the script runs in the registry's origin and can steal session tokens, mint Personal Access Tokens, and publish trojanized extension versions - turning a single XSS into a supply-chain compromise of VS Code, VSCodium, Cursor, and Windsurf users. No public exploit is identified at time of analysis and EPSS risk is low (0.17%), but the downstream blast radius is severe.
Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.
Sandbox escape in Google Chrome on macOS before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox through a crafted HTML page. The root cause is insufficient policy enforcement in Chrome's macOS sandbox (CWE-693). No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile); Google's own Chromium security team rated the severity 'Low', which conflicts sharply with the CVSS 9.6 assigned by NVD.
PostgreSQL Anonymizer's anon.hash() function exposes its internal salt to masked database users through an offline brute-force attack, undermining the core pseudonymization guarantee of the extension. Masked roles - the primary consumer of this extension - can call anon.hash() with arbitrary seed inputs and accumulate (seed, hash_output) pairs to deduce the salt offline, after which all pseudonymized values in the database become reversible. No active exploitation or public proof-of-concept has been identified; a vendor-confirmed fix is available in version 3.1.2.
Privilege escalation in Red Hat Build of Keycloak's Identity Provider mapper component allows a restricted administrator with IdP management permissions to silently assign the built-in realm-admin role to themselves or other accounts by creating a Hardcoded Role mapper. This bypasses the authorization boundary intended to confine limited administrators within their delegated scope, resulting in full realm takeover. No public exploit code or CISA KEV listing exists at time of analysis; however, the impact is severe in multi-tenant or delegated-administration deployments where IdP management is granted to semi-trusted parties.
Unauthorized user profile disclosure in Red Hat Build of Keycloak allows low-privileged administrative users to bypass Fine-Grained Admin Permission (FGAPv2) restrictions and access complete user profiles they should only be permitted to search. An admin scoped exclusively to user-search rights can invoke the 'brute-force-user' endpoint to retrieve sensitive profile data and security metadata, circumventing the intended view-permission gate on that code path. No public exploit has been identified and the flaw is not listed in CISA KEV, but its network-accessible, low-complexity nature makes it straightforward to abuse within any Keycloak deployment that has activated FGAPv2 permission delegation.
Server-Side Request Forgery (SSRF) in Foreman's HTTP proxy controller within Red Hat Satellite 6 allows high-privileged attackers to redirect internal HTTP requests to cloud metadata endpoints on AWS, GCP, and Azure environments. By manipulating HTTP parameters in the http_proxies_controller or http_proxy configuration files, an attacker can cause the Foreman server to issue forged requests to internal metadata services (e.g., AWS IMDS at 169.254.169.254), potentially harvesting IAM role credentials, access tokens, and environment configuration secrets. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists, but the confidentiality impact is high given the value of cloud metadata credentials.
{}' brace groups to the expand() function, whose recursion is exponential in the number of such groups. Because brace-expansion is a near-ubiquitous transitive dependency (notably via minimatch/glob), any application that feeds untrusted input to expand() directly or indirectly is exposed. No public exploit was identified at time of analysis, though the CVSS 4.0 threat metric (E:P) indicates proof-of-concept maturity; the issue is not in CISA KEV.
Use-after-free in the SSSD PAM responder crashes the authentication daemon when a local attacker manipulates YubiKey or smartcard contents during an authentication attempt on Red Hat Enterprise Linux 6 through 10. The primary realized impact is a denial of service - the PAM responder crash disrupts all authentication - but the underlying memory corruption also presents a difficult-to-exploit privilege escalation path. No public exploit code exists at time of analysis, and the CVSS vector (AV:L/AC:H/PR:H) reflects a tightly constrained local attack requiring high privileges and significant complexity, limiting realistic blast radius to insider-threat and physical-access scenarios.
Denial of service in libarchive's RAR5 reader allows remote attackers to crash applications that decompress untrusted RAR5 archives via a double-free (CWE-415) of the stale filtered_buf pointer. Reported by Red Hat and affecting libarchive as shipped across Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images, the flaw is triggered purely by parsing a malicious archive entry. No public exploit has been identified and the issue is not in CISA KEV; impact is limited to availability (CVSS 7.5, A:H only) with no code execution or data exposure claimed.
Arbitrary file disclosure in NLTK 3.9.4 lets remote attackers read any file accessible to the Python process by passing percent-encoded path-traversal sequences (e.g. ..%2f) into nltk.data.load() or nltk.data.find(). The flaw is an incomplete fix for GitHub Issue #3504: the _UNSAFE_NO_PROTOCOL_RE guard only matches literal ../ while url2pathname() decodes the encoded form after the check runs, so the validation is bypassed. No public exploit identified at time of analysis, though it was reported through a huntr.com bounty; it is not listed in CISA KEV and no EPSS score was supplied.
Insufficient data exists to characterize CVE-2026-13606. The sole intelligence signal is a vendor report attributed to Ubuntu, indicating this vulnerability affects a package or component within the Ubuntu ecosystem. No description, CVSS score, vector, CWE classification, or additional references are available - a complete technical characterization is not possible from the provided data.
Heap use-after-free read in libblkid (util-linux) enables unauthenticated local attackers to crash udisks or leak root-process heap data by presenting a crafted block device image during nested partition probing. BSD, Minix, Solaris x86, and UnixWare partition table parsers cache raw pointers into a dynamically allocated partition array; when subsequent partition additions trigger array reallocation, those pointers become stale and dereference freed memory. Because udev and udisks invoke libblkid automatically as root on block-device hot-plug events, USB insertion alone is sufficient to trigger the flaw without any user interaction or authentication. No public exploit identified at time of analysis.
Path traversal in ANTLR4 up to 4.13.2 exposes arbitrary file read via the tokenVocab grammar option handler. The vulnerable function getImportedVocabFile in TokenVocabParser.java fails to sanitize user-controlled grammar option values, allowing an attacker to supply a crafted .g4 grammar file that causes the tool to read files outside the intended working directory. A publicly available proof-of-concept exploit exists (GitHub issue reference), and no vendor patch has been released - the vendor did not respond to disclosure. No active exploitation is confirmed in CISA KEV, but the CVSS 4.0 E:P flag confirms exploit code is public.
Code injection in ANTLR4's Grammar Action Block Handler allows remote attackers to execute arbitrary code by supplying a crafted grammar file processed by the tool. All versions up to and including 4.13.2 are affected via the OutputFile.java code generation pathway. A public proof-of-concept exploit exists on GitHub (no KEV listing), though the vendor has not acknowledged or patched the issue, leaving users without an official fix.
Denial of service in Apache Kerby allows remote attackers to crash a Kerby client or service by delivering a deeply nested ASN1 structure that exhausts JVM stack depth and triggers an unhandled StackOverflowException. All versions prior to 2.1.2 are affected. No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack primitive (malformed Kerberos ASN1 message) requires no authentication and is trivially constructible, making this a realistic operational risk for any internet- or network-exposed Kerby deployment.
Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Use-after-free memory corruption in Google Chrome's Payments component on Android (prior to 149.0.7827.201) enables a local attacker with physical access to the device to trigger heap corruption, yielding high impact across confidentiality, integrity, and availability. The physical-access requirement (CVSS AV:P) substantially constrains the exploitable population to scenarios such as unattended or stolen devices. No public exploit identified at time of analysis, and no CISA KEV listing exists, indicating this has not been observed in active exploitation campaigns.
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.
Arbitrary command execution in Vim's bundled zip plugin (autoload/zip.vim) affects builds from 9.1.1784 up to the 9.2.0678 fix on systems where the plugin falls back to PowerShell for archive operations. When browsing, reading, extracting, updating or deleting zip entries, the plugin quotes archive entry names for the shell but not for PowerShell, so a crafted entry name escapes the string context and runs attacker-supplied commands with the privileges of the user who merely opened or viewed the archive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded to Windows/PowerShell-fallback deployments and requires user interaction.
Out-of-bounds heap read in Vim 9.2.0320-9.2.0678 allows a crafted undo or swap file to disclose adjacent heap memory or crash the editor when a victim opens it. The flaw resides in the text property (textprop) subsystem: a maliciously encoded virtual-text property with an oversized tp_text_offset is converted directly to a heap pointer without bounds validation in both the undo-restoration path (um_goto_line) and the display path (get_text_props). The CVSS 4.0 score of 6.8 (Medium) reflects local-only exploitation requiring active user interaction; no public exploit is confirmed at time of analysis, though the fix commit includes detailed test scaffolding constituting a near-complete attack blueprint.
Zone-transfer authentication bypass in NLnet Labs NSD allows unauthorized secondaries to obtain full zone contents without presenting the required TLS client certificate. Although a provide-xfr rule specifies a tls-auth-name (mandating client-certificate authentication), NSD only enforces this on the dedicated tls-auth-port; requests arriving over plain TCP on the regular port or over TLS on the regular tls-port are served when the remaining provide-xfr conditions match, defeating mutual-TLS access control. Reported by NLnet Labs with CVSS 4.0 8.2; no public exploit identified at time of analysis and not listed in CISA KEV.
Stack buffer overflow in NSD 4.14.0 (NLnet Labs authoritative DNS server) allows a party able to introduce zone data to overwrite up to 111 attacker-controlled bytes on the stack when a specially crafted APL resource record - carrying an adflength larger than the address family permits - is serialized as the zone is written to disk. Per the CVSS 4.0 vector (PR:L), exploitation requires low privileges and yields high integrity and availability impact, consistent with memory corruption leading to crash or potential code execution. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote denial-of-service in NLnet Labs NSD (authoritative DNS name server) version 4.13.0 and later allows an unauthenticated attacker to crash the server process by exploiting a heap use-after-free in the TLS error-logging path. By sending a DNS query over a DNS-over-TLS (DoT) connection and closing the socket before reading the response, an attacker triggers the freed-memory access trivially; no public exploit identified at time of analysis, and the issue is not in CISA KEV. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity exposure.
Heap overflow in NLnet Labs NSD allows a malicious or compromised zone primary to corrupt memory on a secondary (slave) NSD instance by sending an AXFR transfer containing a crafted SVCB resource record. An rdata size of 65512 causes a uint16_t length variable used for RR allocation to wrap (total size exceeds 65535), producing an undersized buffer and a controlled out-of-bounds write of up to 65509 bytes - an RCE-class primitive (CWE-190 integer overflow leading to heap overflow). No public exploit identified at time of analysis, but the controlled write and remote network vector (CVSS 4.0 base 8.7) make this a high-priority patch for any operator running NSD as a secondary.
Denial of service in the shell-quote Node.js library (versions prior to 1.8.5) lets remote attackers stall the single-threaded event loop by passing an attacker-controlled string into any code path that calls parse(). The flaw is purely algorithmic - parse() builds its token list with Array.prototype.concat as a reduce accumulator, giving O(n^2) behavior so even a small payload of plain space-separated words causes disproportionate CPU consumption. There is no public exploit identified at time of analysis and no KEV listing; impact is to availability only with no code execution or data disclosure despite the misleading 'RCE' source tag.
Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome browser bugs of this class are historically high-value targets. Exploitation requires user interaction (loading a malicious page) but no authentication.
Heap corruption in Google Chrome's Web Authentication (WebAuthn) component affects all desktop builds prior to 149.0.7827.197, where a use-after-free (CWE-416) can be triggered by a malicious browser extension. An attacker who first convinces a victim to install a crafted extension can reach the freed object and potentially achieve code execution. Rated High by Chromium with a CVSS 7.5; there is no public exploit identified at time of analysis and CISA SSVC marks exploitation as none.
Renderer-side heap corruption in Google Chrome's FileSystem component (versions prior to 149.0.7827.197) lets a remote attacker who lures a victim to a crafted HTML page trigger a use-after-free, potentially leading to arbitrary code execution within the renderer. Rated High severity by Chromium with a CVSS of 8.8; no public exploit identified at time of analysis, and CISA's SSVC framework currently records exploitation status as 'none'. EPSS data was not provided, but the user-interaction requirement (visiting a page) is the only meaningful barrier, making this a routine but real browser-patch priority.
Heap corruption via use-after-free in Google Chrome's Digital Credentials component on macOS allows a remote attacker to potentially execute code by luring a victim to a crafted HTML page, affecting Chrome builds prior to 149.0.7827.197. The flaw was reported internally by Google's Chrome team, and per CISA's SSVC framework exploitation is currently 'none', so this is no public exploit identified at time of analysis despite a high (8.8) CVSS score requiring user interaction. EPSS data was not provided, but the absence of KEV listing and no observed exploitation point to risk driven by Chrome's massive install base rather than confirmed in-the-wild abuse.
Sandbox escape in Google Chrome's DevTools component (versions prior to 149.0.7827.197) lets an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page that triggers a race condition. Rated High by Chromium with a scope-changing CVSS 8.3, it requires a prior renderer compromise plus user interaction, and there is no public exploit identified at time of analysis. SSVC lists exploitation as none, indicating no observed in-the-wild use despite the total technical impact.
Site isolation bypass in Google Chrome's Navigation component allows an attacker who has already compromised the renderer process to escape Chrome's cross-origin containment boundary via a crafted HTML page, affecting all Chrome versions prior to 149.0.7827.197. The vulnerability stems from insufficient input validation (CWE-20) in the Navigation subsystem, which fails to properly enforce site isolation when navigations are initiated from a compromised renderer. No public exploit code has been identified and CISA SSVC confirms no known active exploitation at time of analysis, though the prerequisite of renderer compromise makes this a meaningful second-stage escalation primitive.
Uninitialized GPU memory use in Google Chrome prior to 149.0.7827.197 enables a second-stage attacker who has already compromised the renderer process to read sensitive data from GPU process memory via a crafted HTML page. Classified as CWE-457 (Use of Uninitialized Variable), the flaw creates an information disclosure path within Chrome's multi-process architecture. No public exploit exists, CISA has not listed this in KEV, and SSVC rates exploitation as none - but the C:H confidentiality impact rating reflects meaningful data exposure if an attacker successfully chains this with a renderer exploit.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.197 stems from a use-after-free condition in the Autofill component, letting a remote attacker run arbitrary code in the renderer when a victim opens a malicious web page. Chromium rates the flaw Critical and CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, tempered by the requirement that the user load attacker-controlled content. There is no public exploit identified at time of analysis, and SSVC records exploitation status as none, but the 'total' technical impact makes prompt patching important.
Remote code execution in Google Chrome's Blink rendering engine (InterestGroups component, part of the Privacy Sandbox/Protected Audience ad-auction API) affects all desktop versions prior to 149.0.7827.197. A crafted HTML page triggers an out-of-bounds read and write that a remote attacker can leverage to execute arbitrary code in the renderer; Chromium rates this Critical and assigns CVSS 8.8. There is no public exploit identified at time of analysis, but a vendor patch is already available, making prompt updating the priority.
Sandbox escape in Google Chrome on Android before 149.0.7827.197 stems from a use-after-free in the WebGL graphics subsystem, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Rated Critical by Chromium with a CVSS 9.6 reflecting scope change and total compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though Google has shipped a fix.
Cross-origin credential leakage in libcurl (curl 7.10.6 through 8.20.0) causes the HTTP Digest 'Authorization:' header computed for one origin (hostA) to be wrongly reused on a subsequent transfer to a different origin (hostB) when an application reuses the same easy handle. This exposes Digest authentication credentials to an unintended, potentially attacker-controlled host, and is tracked as an Information Disclosure issue (EUVD-2026-41501). No public exploit identified at time of analysis; EPSS is low at 0.25% (16th percentile) and it is not in CISA KEV, so this is a latent credential-exposure bug rather than a demonstrated mass-exploitation threat.
SSH host-key verification bypass in curl/libcurl (versions through 8.20.0) lets a network man-in-the-middle silently impersonate an SFTP/SCP server when a user invokes curl with a schemeless URL plus '--proto-default sftp' (or scp). In this specific invocation the command-line tool layer misidentifies the scheme and skips setting CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS, while libcurl still honors CURLOPT_DEFAULT_PROTOCOL and completes the connection, so curl connects to an unverified host without any error. Tagged an Authentication Bypass; EPSS is low (0.21%, 11th percentile) and no public exploit was identified at time of analysis.
TLS certificate-trust confusion in libcurl (curl 8.17.0 through 8.20.0) lets a reused pooled connection retain trust in the native platform CA store even after the application reconfigures the same easy handle to use custom CA material for a later transfer. An attacker positioned to intercept traffic could present a certificate valid under the native store - which the application intended to no longer trust - to silently intercept or spoof the connection. Rated CVSS 9.1, but EPSS is only 0.20% (9th percentile) and there is no public exploit identified at time of analysis, reflecting the narrow application-usage prerequisite rather than a broadly weaponizable flaw.
Use-after-free in libcurl's HTTP/2 stream-dependency handling affects a wide range of curl releases (7.88.0 through 8.20.0) when an application sets CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() before curl_easy_cleanup(); the reset frees an internal priority structure that cleanup later re-accesses. Despite the NVD 9.8 CVSS rating, the flaw is only reachable through a specific application-controlled API call sequence rather than remote attacker input, and is tagged Information Disclosure. No public exploit identified at time of analysis, EPSS is low (0.21%, 11th percentile), and it is not listed in CISA KEV.
Remote denial of service in curl and libcurl (versions 8.18.0 through 8.20.0) lets a malicious or compromised HTTP/3 server indefinitely stall a connecting client. The flaw lives in curl's QUIC UDP receive path, where zero-length UDP datagrams are discarded before they are counted against the per-call packet budget, so a peer that streams a continuous flood of empty datagrams keeps the receive loop spinning without ever making progress. There is no public exploit identified at time of analysis, EPSS risk is low (0.28%, 20th percentile), and impact is availability-only (no data compromise).
Denial of service in curl 8.16.0 through 8.20.0 lets a malicious WebSocket server exhaust all client memory by flooding it with rapid, sequential PING frames. Because curl auto-responds to PINGs by default and imposes no upper bound on memory buffered for unacknowledged frames, the queue of pending PONG responses grows unbounded until the process is OOM-killed. EPSS is low (0.21%, 11th percentile) and there is no public exploit identified at time of analysis, consistent with an availability-only issue affecting the subset of deployments that actually use curl's WebSocket support.
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL dereference of "old" filters before change() Like pointed out by Sashiko [1], since commit ed76f5edccc9 ("net: sched: protect filter_chain list with filter_chain_lock mutex") TC filters are added to a shared block and published to datapath before their ->change() function is called. This is a problem for cls_fw: an invalid filter created with the "old" method can still classify some packets before it is destroyed by the validation logic added by Xiang. Therefore, insisting with repeated runs of the following script: > -A 4.3.2.1 -B 1.2.3.4 -t udp "dp=1234" -q & > action skbedit mark 65536 continue can still make fw_classify() hit the WARN_ON() in [2]: WARNING: ./include/net/pkt_cls.h:88 at fw_classify+0x244/0x250 [cls_fw], CPU#18: mausezahn/1399 Modules linked in: cls_fw(E) act_skbedit(E) CPU: 18 UID: 0 PID: 1399 Comm: mausezahn Tainted: G E 7.0.0-rc6-virtme #17 PREEMPT(full) Tainted: [E]=UNSIGNED_MODULE Hardware name: Red Hat KVM, BIOS 1.16.3-2.el9 04/01/2014 RIP: 0010:fw_classify+0x244/0x250 [cls_fw] Code: 5c 49 c7 45 00 00 00 00 00 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 5b b8 ff ff ff ff 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 eb a0 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffd1b7026bf8a8 EFLAGS: 00010202 RAX: ffff8c5ac9c60800 RBX: ffff8c5ac99322c0 RCX: 0000000000000004 RDX: 0000000000000001 RSI: ffff8c5b74d7a000 RDI: ffff8c5ac8284f40 RBP: ffffd1b7026bf8d0 R08: 0000000000000000 R09: ffffd1b7026bf9b0 R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000010000 R13: ffffd1b7026bf930 R14: ffff8c5ac8284f40 R15: 0000000000000000 FS: 00007fca40c37740(0000) GS:ffff8c5b74d7a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fca40e822a0 CR3: 0000000005ca0001 CR4: 0000000000172ef0 Call Trace: <TASK> tcf_classify+0x17d/0x5c0 tc_run+0x9d/0x150 __dev_queue_xmit+0x2ab/0x14d0 ip_finish_output2+0x340/0x8f0 ip_output+0xa4/0x250 raw_sendmsg+0x147d/0x14b0 __sys_sendto+0x1cc/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x126/0xf80 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fca40e822ba Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 RSP: 002b:00007ffc248a42c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055ef233289d0 RCX: 00007fca40e822ba RDX: 000000000000001e RSI: 000055ef23328c30 RDI: 0000000000000003 RBP: 000055ef233289d0 R08: 00007ffc248a42d0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e R13: 00000000000186a0 R14: 0000000000000000 R15: 00007fca41043000 </TASK> irq event stamp: 1045778 hardirqs last enabled at (1045784): [<ffffffff864ec042>] __up_console_sem+0x52/0x60 hardirqs last disabled at (1045789): [<ffffffff864ec027>] __up_console_sem+0x37/0x60 softirqs last enabled at (1045426): [<ffffffff874d48c7>] __alloc_skb+0x207/0x260 softirqs last disabled at (1045434): [<ffffffff874fe8f8>] __dev_queue_xmit+0x78/0x14d0 Then, because of the value in the packet's mark, dereference on 'q->handle' with NULL 'q' occurs: BUG: kernel NULL pointer dereference, address: 0000000000000038 [...] RIP: 0010:fw_classify+0x1fe/0x250 [cls_fw] [...] Skip "old-style" classification on shared blocks, so that the NULL dereference is fixed and WARN_ON() is not hit anymore in the short lifetime of invalid cls_fw "old-style" filters. [1] https://sashiko.dev/#/patchset/2 ---truncated---
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable delivery.
Out-of-bounds read in ImageMagick's ConnectedComponentsImage() function allows local attackers to trigger access violations by supplying malformed connected-components artifact definitions via the CLI, leading to denial of service or potential arbitrary code execution. All ImageMagick releases before 7.1.2-19 are affected, as are Magick.NET NuGet packages before 14.12.0. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the RCE and information-disclosure tags warrant attention in environments that process untrusted image inputs through automated pipelines.
Memory exhaustion via unfreed heap allocations in ImageMagick before 7.1.2-15 enables remote denial of service against services that process untrusted images through the affected raw-pixel-data coders. The flaw (CWE-401) causes 160-byte objects to accumulate on the heap with each crafted image processed, progressively starving the host process of memory. No public exploit code has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects network reachability offset by high attack complexity and partial attack requirements, limiting realistic mass exploitation.
Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted tar archive opened in streaming mode (mode='r|'). The seek() routine fails to detect EOF and keeps requesting bufsize reads of empty data when a TarInfo header declares a size far larger than the actual stream, exhausting CPU on any Python service that parses untrusted tar streams. No public exploit identified at time of analysis, but the upstream fix and a reproducer test case are both published on GitHub.
Unvalidated chown in Samba's pam_winbind module allows a local user with narrow sudo delegation to transfer ownership of the root filesystem directory to a system account, causing system-wide denial of service on Red Hat Enterprise Linux 6 through 10. When mkhomedir is enabled and a system account has its home directory set to '/', any PAM-triggered authentication event run as that account via sudo invokes the chown without path sanitization. The resulting ownership change breaks SSH, sudo, and package-manager functionality, though the 0555 permissions on RHEL prevent write access escalation, confining the impact to high-severity availability loss. No public exploit or CISA KEV listing is identified at time of analysis.
Remote code execution in the Argo CD repo-server component (as shipped in Red Hat OpenShift GitOps and the argoproj argo-helm chart) allows an unauthenticated attacker with network access to the repo-server to run arbitrary code and, under certain conditions, poison cached manifests to push malicious Kubernetes resources into managed clusters, enabling full cluster takeover. The root cause is missing authentication (CWE-306) on a critical internal service that the default Helm chart left network-exposed. There is no public exploit identified at time of analysis, but detailed third-party technical research (Synacktiv) and press coverage exist, and the flaw was reported unpatched at disclosure.
Credential disclosure in GitLab Enterprise Edition allows an authenticated maintainer-role user to retrieve another user's stored credentials through insufficient authorization controls. All GitLab EE versions from 9.5 through the patched releases (18.11.7, 19.0.4, and 19.1.2) are affected, representing a broad historical exposure window spanning multiple major releases. No public exploit identified at time of analysis; the vulnerability was disclosed via HackerOne responsible disclosure (report 3720483), and GitLab has issued patched versions.
ReDoS vulnerability in the guardrails-detectors component of Red Hat OpenShift AI enables adjacent-network attackers to submit specially crafted regular expressions to the public detection API, triggering catastrophic backtracking that pins a worker process at 100% CPU indefinitely. The availability impact extends beyond the component itself - the entire guardrails-mediated LLM pipeline is rendered non-functional. No public exploit identified at time of analysis, but exploitation requires no authentication and trivial effort from an adjacent network position.
HTTP request smuggling in OpenVPN Access Server 2.7.2 through 3.1.0 enables remote unauthenticated attackers to inject or manipulate backend requests when the Access Server is deployed behind a reverse proxy. The server incorrectly accepts bare line-feed (LF-only, without carriage return) characters inside HTTP header values, creating a parsing discrepancy between the front-end proxy and the Access Server backend - the hallmark of CWE-444. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS 4.0 score of 6.9 with integrity impact on both the vulnerable and subsequent systems indicates meaningful risk in typical enterprise VPN gateway deployments fronted by load balancers or reverse proxies.
Cross-site scripting in Jastow - the JSP implementation layer embedded within Red Hat JBoss Enterprise Application Platform alongside Undertow - allows unauthenticated remote attackers to inject and execute malicious scripts when a specific combination of configurations permits unescaped characters to pass through URL processing. Affected deployments span JBoss EAP 7, EAP 8, the Expansion Pack, and linked products such as Red Hat Single Sign-On 7 that share this component. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Attribute encryption in the 389-ds-base LDBM backend exposes a cryptographic design flaw affecting Red Hat Directory Server 11, 12, and 13 across all supported RHEL releases (6 through 10). The LDBM backend applies a static, hardcoded initialization vector (IV) for both AES-CBC and 3DES-CBC encryption of directory attribute values, meaning that two entries storing identical plaintext for an encrypted attribute will always produce identical ciphertext blocks - a classic ciphertext equality oracle. An attacker with privileged filesystem-level read access to the LDBM database files can exploit this to determine whether any two encrypted attribute values are identical, leaking relational information about the directory without recovering plaintext. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. Per the confirmed CVSS vector (PR:N), no authentication is required; no public exploit code or CISA KEV listing has been identified at time of analysis.
Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.
Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4. Because ad_gpo_extract_smb_components() fails to sanitize '..' sequences in the gPCFileSysPath LDAP attribute (CWE-23), an actor holding AD GPO management rights can force an SSSD-enrolled host to write attacker-controlled files outside the GPO cache as root, injecting Kerberos configuration to bypass authentication. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user with write access to any subtree to inject a malicious sudoRole object and gain root-level sudo on every SSSD-enrolled host. The flaw exists because, when ldap_sudo_search_base is left unset, SSSD searches the entire directory tree for sudoRole objects, trusting rules planted anywhere in the DIT. Rated CVSS 8.8 by Red Hat and reported against RHEL 6 through 10 and OpenShift Container Platform 4; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.
NULL pointer dereference in the error handler of gstavdemux.c within gstreamer1-libav can crash the GStreamer pipeline process when it encounters a malformed or crafted media stream during AV demuxing. The flaw resides specifically in error recovery logic - the code path meant to handle failures itself dereferences a NULL pointer, producing a denial-of-service condition in any application relying on this plugin for media playback or processing. No public exploit code or active exploitation has been identified at time of analysis; this appears to be a stability/reliability bug reported through Ubuntu's vendor channel.
Keycloak's OIDC broker incorrectly applies the email_verified claim from the id_token to whichever email address is returned by the userinfo endpoint, even when those two sources disagree. An attacker who controls or compromises an upstream OIDC identity provider can exploit this desynchronization - configured with trustEmail=true - to mark an arbitrary, attacker-chosen email address as verified in Keycloak's database. The practical consequence is bypassing email verification workflows or triggering account linkage/takeover in applications that trust the email_verified flag from Keycloak for identity decisions. No public exploit code exists and no CISA KEV listing applies at time of analysis.
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.
Arbitrary code execution in keras-team/keras 3.14.0 lets remote attackers run OS-level commands by supplying a malicious serialized `Lambda` layer that is deserialized without an active `SafeModeScope`. The root cause is `_raise_for_lambda_deserialization()` treating a `None` `safe_mode` (the default when `from_config()` runs outside a `SafeModeScope`) as if it were an explicit `False`, so the safe-mode guard is skipped and attacker-controlled `marshal` bytecode executes. SSVC rates technical impact as total with a proof-of-concept available; EPSS is modest at 0.40% (32nd percentile), and the flaw is not in CISA KEV.
webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.
Cross-site request forgery in webpack-dev-server 5.2.5 and earlier allows any website visited by a developer to silently invoke two unauthenticated state-changing endpoints - `/webpack-dev-server/open-editor` and `/webpack-dev-server/invalidate` - via simple browser-initiated GET requests that carry no CSRF protection. An attacker controlling a web page visited during an active dev session can open arbitrary local files in the developer's editor (including files outside the project root) and trigger repeated forced recompilations that degrade workstation performance. No public exploit has been identified at time of analysis, and exploitation is confined to developer workstations rather than production infrastructure.
Unauthorized child group disclosure in Red Hat Build of Keycloak's Fine-Grained Admin Permissions v2 (FGAP v2) exposes group names, paths, and custom attributes to delegated administrators who lack direct authorization over those child groups. When FGAP v2 is enabled and a delegated admin queries child groups through a parent group endpoint, the system omits the required per-permission filter, returning records that should be outside the caller's scope. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, placing it in the category of a low-severity information disclosure risk that is nonetheless significant in multi-tenant IAM environments where group attribute confidentiality matters.
Keycloak's ClientResource admin API component, when Fine-Grained Admin Permissions v2 (FGAP v2) is enabled, permits a delegated administrator to attach or detach hidden client scopes that fall outside their authorized management boundary. By injecting unauthorized scopes into client configurations, an attacker can manipulate the contents of OAuth2/OIDC security tokens issued to end-users, causing downstream applications to grant privilege levels beyond what the original access policy intended. No public exploit is identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the token-injection impact class carries meaningful risk in federated identity deployments.
Keycloak's Fine-Grained Admin Permissions v2 (FGAP v2) fails to enforce group-level authorization when a restricted administrator queries role-to-group assignments, exposing group names and custom attributes beyond the admin's intended scope. Restricted admins holding only role-view permission can enumerate all groups assigned to that role, bypassing the group-level access controls that FGAP v2 is designed to enforce. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog; however, the EPSS risk is compounded in deployments where group attributes carry sensitive operational metadata.
Two off-by-one errors in FreeIPA's ipa-otpd daemon expose RHEL 6 through 10 deployments configured with an external OAuth2/OIDC Identity Provider to out-of-bounds memory access during the device authorization flow. An attacker who controls or can man-in-the-middle the configured IdP endpoint can serve an oversized authorization response, triggering CWE-787 writes or reads one byte past a fixed-size buffer boundary. The most probable outcome is denial of service of the ipa-otpd daemon; no public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog.
Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 (Medium) reflects the constrained exploitation path, though VPN service disruption carries meaningful operational impact for affected operators.
Memory leak in OpenVPN (pre-2.7.5) allows network-accessible unauthenticated attackers to exhaust server memory, resulting in high availability impact and denial of service. The flaw, classified CWE-401, requires specific attack prerequisites (CVSS 4.0 AT:P) and passive client interaction (UI:P), meaning it is not trivially exploitable against all default deployments. No active exploitation has been confirmed in CISA KEV and no public exploit code has been identified at time of analysis; vendor patch v2.7.5 is available.
Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.
SQL injection in the Wikimedia Foundation's MediaWiki Cargo Extension exposes wiki deployments to unauthenticated database read and write operations across all versions prior to 1.43.9, 1.44.6, and 1.45.4. The Cargo extension's core function - accepting user-supplied query parameters to construct database queries - makes this a structurally sensitive attack surface, as improper neutralization of SQL special elements allows crafted input to escape intended query boundaries. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the PR:N/AC:L/AT:N CVSS 4.0 vector confirms exploitation requires no authentication or special preconditions against default-accessible Cargo query endpoints.
Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).
Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.
Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.
Denial of service in ClamAV's 7z archive scanner allows a remote, unauthenticated attacker to crash the scanning process by submitting a crafted 7z file, resulting in an out-of-bounds heap write (CWE-120). Because ClamAV is commonly deployed inline on mail gateways and upload-scanning pipelines, a single malicious attachment can be delivered without any interaction or credentials. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though Cisco (ClamAV's maintainer) rates confidentiality/integrity impact as none and availability as high.
Denial of service in ClamAV's FSG file format parser allows an unauthenticated remote attacker to crash the scanning engine, and potentially achieve broader memory-corruption impact, by submitting a crafted FSG-compressed portable executable to be scanned. The flaw stems from an out-of-bounds buffer write during FSG decompression, affecting any deployment that scans attacker-supplied files. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-authentication, no-interaction nature (CVSS 7.5) makes it a meaningful availability risk for mail/file-scanning gateways.
Denial of service in ClamAV's PE (Portable Executable) file format parser lets an unauthenticated, remote attacker crash the scanning engine by submitting a crafted PE file for scanning, triggering an out-of-bounds buffer write (CWE-120). Reported by Cisco PSIRT (ClamAV's maintainer), the flaw carries CVSS 7.5 with an availability-only impact; the advisory notes memory corruption could 'possibly' enable expanded impacts beyond DoS. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Arbitrary HDF5 file read in Keras up to 3.13.2 enables information disclosure when a victim loads a crafted model file, representing an incomplete patch for the prior CVE-2026-1669. The flaw lies in two specific code paths - `H5IOStore._verify_dataset()` and `file_editor.py` - which omit the `dataset.is_virtual` check, allowing a malicious HDF5 Virtual Dataset (VDS) to silently redirect reads to attacker-specified paths on the local filesystem. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the attack surface is realistic in ML supply chain and model-sharing contexts.
Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; NVIDIA is the reporting source via its product-security advisory 5850.
Stack exhaustion via multiple unbounded alloca() calls in the PulseAudio protocol server on Red Hat Enterprise Linux 8, 9, and 10 allows a local low-privileged attacker to crash the audio daemon, resulting in denial of service. The root cause (CWE-770) is the absence of size validation on attacker-controlled protocol parameters before passing them to alloca(), a stack-based allocator with no OS-enforced ceiling. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Denial-of-service via NULL pointer dereference in PipeWire's RAOP (Remote Audio Output Protocol) module affects Red Hat Enterprise Linux 8, 9, and 10. The RAOP module fails to enforce an upper bound on Content-Length values in incoming requests and does not validate the return value of pw_array_add(); when a sufficiently large Content-Length triggers an allocation failure, the unchecked NULL return causes a crash of the PipeWire daemon, resulting in complete loss of audio services. No special authentication is required from the adjacent network, and no public exploit or CISA KEV listing has been identified at time of analysis.
Stored cross-site scripting in Eclipse Open VSX Registry (versions 0.1.0 through before 1.0.2) allows an attacker who self-registers a publisher account to upload a VSIX containing malicious HTML that the /vscode/unpkg/ endpoint serves inline as text/html within the open-vsx.org origin, with no Content-Security-Policy or Content-Disposition: attachment header. When a logged-in victim is lured to the resulting URL, the script runs in the registry's origin and can steal session tokens, mint Personal Access Tokens, and publish trojanized extension versions - turning a single XSS into a supply-chain compromise of VS Code, VSCodium, Cursor, and Windsurf users. No public exploit is identified at time of analysis and EPSS risk is low (0.17%), but the downstream blast radius is severe.
Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.
Sandbox escape in Google Chrome on macOS before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox through a crafted HTML page. The root cause is insufficient policy enforcement in Chrome's macOS sandbox (CWE-693). No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile); Google's own Chromium security team rated the severity 'Low', which conflicts sharply with the CVSS 9.6 assigned by NVD.
PostgreSQL Anonymizer's anon.hash() function exposes its internal salt to masked database users through an offline brute-force attack, undermining the core pseudonymization guarantee of the extension. Masked roles - the primary consumer of this extension - can call anon.hash() with arbitrary seed inputs and accumulate (seed, hash_output) pairs to deduce the salt offline, after which all pseudonymized values in the database become reversible. No active exploitation or public proof-of-concept has been identified; a vendor-confirmed fix is available in version 3.1.2.
Privilege escalation in Red Hat Build of Keycloak's Identity Provider mapper component allows a restricted administrator with IdP management permissions to silently assign the built-in realm-admin role to themselves or other accounts by creating a Hardcoded Role mapper. This bypasses the authorization boundary intended to confine limited administrators within their delegated scope, resulting in full realm takeover. No public exploit code or CISA KEV listing exists at time of analysis; however, the impact is severe in multi-tenant or delegated-administration deployments where IdP management is granted to semi-trusted parties.
Unauthorized user profile disclosure in Red Hat Build of Keycloak allows low-privileged administrative users to bypass Fine-Grained Admin Permission (FGAPv2) restrictions and access complete user profiles they should only be permitted to search. An admin scoped exclusively to user-search rights can invoke the 'brute-force-user' endpoint to retrieve sensitive profile data and security metadata, circumventing the intended view-permission gate on that code path. No public exploit has been identified and the flaw is not listed in CISA KEV, but its network-accessible, low-complexity nature makes it straightforward to abuse within any Keycloak deployment that has activated FGAPv2 permission delegation.
Server-Side Request Forgery (SSRF) in Foreman's HTTP proxy controller within Red Hat Satellite 6 allows high-privileged attackers to redirect internal HTTP requests to cloud metadata endpoints on AWS, GCP, and Azure environments. By manipulating HTTP parameters in the http_proxies_controller or http_proxy configuration files, an attacker can cause the Foreman server to issue forged requests to internal metadata services (e.g., AWS IMDS at 169.254.169.254), potentially harvesting IAM role credentials, access tokens, and environment configuration secrets. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists, but the confidentiality impact is high given the value of cloud metadata credentials.
{}' brace groups to the expand() function, whose recursion is exponential in the number of such groups. Because brace-expansion is a near-ubiquitous transitive dependency (notably via minimatch/glob), any application that feeds untrusted input to expand() directly or indirectly is exposed. No public exploit was identified at time of analysis, though the CVSS 4.0 threat metric (E:P) indicates proof-of-concept maturity; the issue is not in CISA KEV.
Use-after-free in the SSSD PAM responder crashes the authentication daemon when a local attacker manipulates YubiKey or smartcard contents during an authentication attempt on Red Hat Enterprise Linux 6 through 10. The primary realized impact is a denial of service - the PAM responder crash disrupts all authentication - but the underlying memory corruption also presents a difficult-to-exploit privilege escalation path. No public exploit code exists at time of analysis, and the CVSS vector (AV:L/AC:H/PR:H) reflects a tightly constrained local attack requiring high privileges and significant complexity, limiting realistic blast radius to insider-threat and physical-access scenarios.
Denial of service in libarchive's RAR5 reader allows remote attackers to crash applications that decompress untrusted RAR5 archives via a double-free (CWE-415) of the stale filtered_buf pointer. Reported by Red Hat and affecting libarchive as shipped across Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images, the flaw is triggered purely by parsing a malicious archive entry. No public exploit has been identified and the issue is not in CISA KEV; impact is limited to availability (CVSS 7.5, A:H only) with no code execution or data exposure claimed.
Arbitrary file disclosure in NLTK 3.9.4 lets remote attackers read any file accessible to the Python process by passing percent-encoded path-traversal sequences (e.g. ..%2f) into nltk.data.load() or nltk.data.find(). The flaw is an incomplete fix for GitHub Issue #3504: the _UNSAFE_NO_PROTOCOL_RE guard only matches literal ../ while url2pathname() decodes the encoded form after the check runs, so the validation is bypassed. No public exploit identified at time of analysis, though it was reported through a huntr.com bounty; it is not listed in CISA KEV and no EPSS score was supplied.
Insufficient data exists to characterize CVE-2026-13606. The sole intelligence signal is a vendor report attributed to Ubuntu, indicating this vulnerability affects a package or component within the Ubuntu ecosystem. No description, CVSS score, vector, CWE classification, or additional references are available - a complete technical characterization is not possible from the provided data.
Heap use-after-free read in libblkid (util-linux) enables unauthenticated local attackers to crash udisks or leak root-process heap data by presenting a crafted block device image during nested partition probing. BSD, Minix, Solaris x86, and UnixWare partition table parsers cache raw pointers into a dynamically allocated partition array; when subsequent partition additions trigger array reallocation, those pointers become stale and dereference freed memory. Because udev and udisks invoke libblkid automatically as root on block-device hot-plug events, USB insertion alone is sufficient to trigger the flaw without any user interaction or authentication. No public exploit identified at time of analysis.
Path traversal in ANTLR4 up to 4.13.2 exposes arbitrary file read via the tokenVocab grammar option handler. The vulnerable function getImportedVocabFile in TokenVocabParser.java fails to sanitize user-controlled grammar option values, allowing an attacker to supply a crafted .g4 grammar file that causes the tool to read files outside the intended working directory. A publicly available proof-of-concept exploit exists (GitHub issue reference), and no vendor patch has been released - the vendor did not respond to disclosure. No active exploitation is confirmed in CISA KEV, but the CVSS 4.0 E:P flag confirms exploit code is public.
Code injection in ANTLR4's Grammar Action Block Handler allows remote attackers to execute arbitrary code by supplying a crafted grammar file processed by the tool. All versions up to and including 4.13.2 are affected via the OutputFile.java code generation pathway. A public proof-of-concept exploit exists on GitHub (no KEV listing), though the vendor has not acknowledged or patched the issue, leaving users without an official fix.
Denial of service in Apache Kerby allows remote attackers to crash a Kerby client or service by delivering a deeply nested ASN1 structure that exhausts JVM stack depth and triggers an unhandled StackOverflowException. All versions prior to 2.1.2 are affected. No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack primitive (malformed Kerberos ASN1 message) requires no authentication and is trivially constructible, making this a realistic operational risk for any internet- or network-exposed Kerby deployment.
Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Use-after-free memory corruption in Google Chrome's Payments component on Android (prior to 149.0.7827.201) enables a local attacker with physical access to the device to trigger heap corruption, yielding high impact across confidentiality, integrity, and availability. The physical-access requirement (CVSS AV:P) substantially constrains the exploitable population to scenarios such as unattended or stolen devices. No public exploit identified at time of analysis, and no CISA KEV listing exists, indicating this has not been observed in active exploitation campaigns.
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.
Arbitrary command execution in Vim's bundled zip plugin (autoload/zip.vim) affects builds from 9.1.1784 up to the 9.2.0678 fix on systems where the plugin falls back to PowerShell for archive operations. When browsing, reading, extracting, updating or deleting zip entries, the plugin quotes archive entry names for the shell but not for PowerShell, so a crafted entry name escapes the string context and runs attacker-supplied commands with the privileges of the user who merely opened or viewed the archive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded to Windows/PowerShell-fallback deployments and requires user interaction.
Out-of-bounds heap read in Vim 9.2.0320-9.2.0678 allows a crafted undo or swap file to disclose adjacent heap memory or crash the editor when a victim opens it. The flaw resides in the text property (textprop) subsystem: a maliciously encoded virtual-text property with an oversized tp_text_offset is converted directly to a heap pointer without bounds validation in both the undo-restoration path (um_goto_line) and the display path (get_text_props). The CVSS 4.0 score of 6.8 (Medium) reflects local-only exploitation requiring active user interaction; no public exploit is confirmed at time of analysis, though the fix commit includes detailed test scaffolding constituting a near-complete attack blueprint.
Zone-transfer authentication bypass in NLnet Labs NSD allows unauthorized secondaries to obtain full zone contents without presenting the required TLS client certificate. Although a provide-xfr rule specifies a tls-auth-name (mandating client-certificate authentication), NSD only enforces this on the dedicated tls-auth-port; requests arriving over plain TCP on the regular port or over TLS on the regular tls-port are served when the remaining provide-xfr conditions match, defeating mutual-TLS access control. Reported by NLnet Labs with CVSS 4.0 8.2; no public exploit identified at time of analysis and not listed in CISA KEV.
Stack buffer overflow in NSD 4.14.0 (NLnet Labs authoritative DNS server) allows a party able to introduce zone data to overwrite up to 111 attacker-controlled bytes on the stack when a specially crafted APL resource record - carrying an adflength larger than the address family permits - is serialized as the zone is written to disk. Per the CVSS 4.0 vector (PR:L), exploitation requires low privileges and yields high integrity and availability impact, consistent with memory corruption leading to crash or potential code execution. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote denial-of-service in NLnet Labs NSD (authoritative DNS name server) version 4.13.0 and later allows an unauthenticated attacker to crash the server process by exploiting a heap use-after-free in the TLS error-logging path. By sending a DNS query over a DNS-over-TLS (DoT) connection and closing the socket before reading the response, an attacker triggers the freed-memory access trivially; no public exploit identified at time of analysis, and the issue is not in CISA KEV. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity exposure.
Heap overflow in NLnet Labs NSD allows a malicious or compromised zone primary to corrupt memory on a secondary (slave) NSD instance by sending an AXFR transfer containing a crafted SVCB resource record. An rdata size of 65512 causes a uint16_t length variable used for RR allocation to wrap (total size exceeds 65535), producing an undersized buffer and a controlled out-of-bounds write of up to 65509 bytes - an RCE-class primitive (CWE-190 integer overflow leading to heap overflow). No public exploit identified at time of analysis, but the controlled write and remote network vector (CVSS 4.0 base 8.7) make this a high-priority patch for any operator running NSD as a secondary.
Denial of service in the shell-quote Node.js library (versions prior to 1.8.5) lets remote attackers stall the single-threaded event loop by passing an attacker-controlled string into any code path that calls parse(). The flaw is purely algorithmic - parse() builds its token list with Array.prototype.concat as a reduce accumulator, giving O(n^2) behavior so even a small payload of plain space-separated words causes disproportionate CPU consumption. There is no public exploit identified at time of analysis and no KEV listing; impact is to availability only with no code execution or data disclosure despite the misleading 'RCE' source tag.
Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome browser bugs of this class are historically high-value targets. Exploitation requires user interaction (loading a malicious page) but no authentication.
Heap corruption in Google Chrome's Web Authentication (WebAuthn) component affects all desktop builds prior to 149.0.7827.197, where a use-after-free (CWE-416) can be triggered by a malicious browser extension. An attacker who first convinces a victim to install a crafted extension can reach the freed object and potentially achieve code execution. Rated High by Chromium with a CVSS 7.5; there is no public exploit identified at time of analysis and CISA SSVC marks exploitation as none.
Renderer-side heap corruption in Google Chrome's FileSystem component (versions prior to 149.0.7827.197) lets a remote attacker who lures a victim to a crafted HTML page trigger a use-after-free, potentially leading to arbitrary code execution within the renderer. Rated High severity by Chromium with a CVSS of 8.8; no public exploit identified at time of analysis, and CISA's SSVC framework currently records exploitation status as 'none'. EPSS data was not provided, but the user-interaction requirement (visiting a page) is the only meaningful barrier, making this a routine but real browser-patch priority.
Heap corruption via use-after-free in Google Chrome's Digital Credentials component on macOS allows a remote attacker to potentially execute code by luring a victim to a crafted HTML page, affecting Chrome builds prior to 149.0.7827.197. The flaw was reported internally by Google's Chrome team, and per CISA's SSVC framework exploitation is currently 'none', so this is no public exploit identified at time of analysis despite a high (8.8) CVSS score requiring user interaction. EPSS data was not provided, but the absence of KEV listing and no observed exploitation point to risk driven by Chrome's massive install base rather than confirmed in-the-wild abuse.
Sandbox escape in Google Chrome's DevTools component (versions prior to 149.0.7827.197) lets an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page that triggers a race condition. Rated High by Chromium with a scope-changing CVSS 8.3, it requires a prior renderer compromise plus user interaction, and there is no public exploit identified at time of analysis. SSVC lists exploitation as none, indicating no observed in-the-wild use despite the total technical impact.
Site isolation bypass in Google Chrome's Navigation component allows an attacker who has already compromised the renderer process to escape Chrome's cross-origin containment boundary via a crafted HTML page, affecting all Chrome versions prior to 149.0.7827.197. The vulnerability stems from insufficient input validation (CWE-20) in the Navigation subsystem, which fails to properly enforce site isolation when navigations are initiated from a compromised renderer. No public exploit code has been identified and CISA SSVC confirms no known active exploitation at time of analysis, though the prerequisite of renderer compromise makes this a meaningful second-stage escalation primitive.
Uninitialized GPU memory use in Google Chrome prior to 149.0.7827.197 enables a second-stage attacker who has already compromised the renderer process to read sensitive data from GPU process memory via a crafted HTML page. Classified as CWE-457 (Use of Uninitialized Variable), the flaw creates an information disclosure path within Chrome's multi-process architecture. No public exploit exists, CISA has not listed this in KEV, and SSVC rates exploitation as none - but the C:H confidentiality impact rating reflects meaningful data exposure if an attacker successfully chains this with a renderer exploit.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.197 stems from a use-after-free condition in the Autofill component, letting a remote attacker run arbitrary code in the renderer when a victim opens a malicious web page. Chromium rates the flaw Critical and CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, tempered by the requirement that the user load attacker-controlled content. There is no public exploit identified at time of analysis, and SSVC records exploitation status as none, but the 'total' technical impact makes prompt patching important.
Remote code execution in Google Chrome's Blink rendering engine (InterestGroups component, part of the Privacy Sandbox/Protected Audience ad-auction API) affects all desktop versions prior to 149.0.7827.197. A crafted HTML page triggers an out-of-bounds read and write that a remote attacker can leverage to execute arbitrary code in the renderer; Chromium rates this Critical and assigns CVSS 8.8. There is no public exploit identified at time of analysis, but a vendor patch is already available, making prompt updating the priority.
Sandbox escape in Google Chrome on Android before 149.0.7827.197 stems from a use-after-free in the WebGL graphics subsystem, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Rated Critical by Chromium with a CVSS 9.6 reflecting scope change and total compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though Google has shipped a fix.
Cross-origin credential leakage in libcurl (curl 7.10.6 through 8.20.0) causes the HTTP Digest 'Authorization:' header computed for one origin (hostA) to be wrongly reused on a subsequent transfer to a different origin (hostB) when an application reuses the same easy handle. This exposes Digest authentication credentials to an unintended, potentially attacker-controlled host, and is tracked as an Information Disclosure issue (EUVD-2026-41501). No public exploit identified at time of analysis; EPSS is low at 0.25% (16th percentile) and it is not in CISA KEV, so this is a latent credential-exposure bug rather than a demonstrated mass-exploitation threat.
SSH host-key verification bypass in curl/libcurl (versions through 8.20.0) lets a network man-in-the-middle silently impersonate an SFTP/SCP server when a user invokes curl with a schemeless URL plus '--proto-default sftp' (or scp). In this specific invocation the command-line tool layer misidentifies the scheme and skips setting CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS, while libcurl still honors CURLOPT_DEFAULT_PROTOCOL and completes the connection, so curl connects to an unverified host without any error. Tagged an Authentication Bypass; EPSS is low (0.21%, 11th percentile) and no public exploit was identified at time of analysis.
TLS certificate-trust confusion in libcurl (curl 8.17.0 through 8.20.0) lets a reused pooled connection retain trust in the native platform CA store even after the application reconfigures the same easy handle to use custom CA material for a later transfer. An attacker positioned to intercept traffic could present a certificate valid under the native store - which the application intended to no longer trust - to silently intercept or spoof the connection. Rated CVSS 9.1, but EPSS is only 0.20% (9th percentile) and there is no public exploit identified at time of analysis, reflecting the narrow application-usage prerequisite rather than a broadly weaponizable flaw.
Use-after-free in libcurl's HTTP/2 stream-dependency handling affects a wide range of curl releases (7.88.0 through 8.20.0) when an application sets CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() before curl_easy_cleanup(); the reset frees an internal priority structure that cleanup later re-accesses. Despite the NVD 9.8 CVSS rating, the flaw is only reachable through a specific application-controlled API call sequence rather than remote attacker input, and is tagged Information Disclosure. No public exploit identified at time of analysis, EPSS is low (0.21%, 11th percentile), and it is not listed in CISA KEV.
Remote denial of service in curl and libcurl (versions 8.18.0 through 8.20.0) lets a malicious or compromised HTTP/3 server indefinitely stall a connecting client. The flaw lives in curl's QUIC UDP receive path, where zero-length UDP datagrams are discarded before they are counted against the per-call packet budget, so a peer that streams a continuous flood of empty datagrams keeps the receive loop spinning without ever making progress. There is no public exploit identified at time of analysis, EPSS risk is low (0.28%, 20th percentile), and impact is availability-only (no data compromise).
Denial of service in curl 8.16.0 through 8.20.0 lets a malicious WebSocket server exhaust all client memory by flooding it with rapid, sequential PING frames. Because curl auto-responds to PINGs by default and imposes no upper bound on memory buffered for unacknowledged frames, the queue of pending PONG responses grows unbounded until the process is OOM-killed. EPSS is low (0.21%, 11th percentile) and there is no public exploit identified at time of analysis, consistent with an availability-only issue affecting the subset of deployments that actually use curl's WebSocket support.
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL dereference of "old" filters before change() Like pointed out by Sashiko [1], since commit ed76f5edccc9 ("net: sched: protect filter_chain list with filter_chain_lock mutex") TC filters are added to a shared block and published to datapath before their ->change() function is called. This is a problem for cls_fw: an invalid filter created with the "old" method can still classify some packets before it is destroyed by the validation logic added by Xiang. Therefore, insisting with repeated runs of the following script: > -A 4.3.2.1 -B 1.2.3.4 -t udp "dp=1234" -q & > action skbedit mark 65536 continue can still make fw_classify() hit the WARN_ON() in [2]: WARNING: ./include/net/pkt_cls.h:88 at fw_classify+0x244/0x250 [cls_fw], CPU#18: mausezahn/1399 Modules linked in: cls_fw(E) act_skbedit(E) CPU: 18 UID: 0 PID: 1399 Comm: mausezahn Tainted: G E 7.0.0-rc6-virtme #17 PREEMPT(full) Tainted: [E]=UNSIGNED_MODULE Hardware name: Red Hat KVM, BIOS 1.16.3-2.el9 04/01/2014 RIP: 0010:fw_classify+0x244/0x250 [cls_fw] Code: 5c 49 c7 45 00 00 00 00 00 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 5b b8 ff ff ff ff 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 eb a0 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffd1b7026bf8a8 EFLAGS: 00010202 RAX: ffff8c5ac9c60800 RBX: ffff8c5ac99322c0 RCX: 0000000000000004 RDX: 0000000000000001 RSI: ffff8c5b74d7a000 RDI: ffff8c5ac8284f40 RBP: ffffd1b7026bf8d0 R08: 0000000000000000 R09: ffffd1b7026bf9b0 R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000010000 R13: ffffd1b7026bf930 R14: ffff8c5ac8284f40 R15: 0000000000000000 FS: 00007fca40c37740(0000) GS:ffff8c5b74d7a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fca40e822a0 CR3: 0000000005ca0001 CR4: 0000000000172ef0 Call Trace: <TASK> tcf_classify+0x17d/0x5c0 tc_run+0x9d/0x150 __dev_queue_xmit+0x2ab/0x14d0 ip_finish_output2+0x340/0x8f0 ip_output+0xa4/0x250 raw_sendmsg+0x147d/0x14b0 __sys_sendto+0x1cc/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x126/0xf80 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fca40e822ba Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 RSP: 002b:00007ffc248a42c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055ef233289d0 RCX: 00007fca40e822ba RDX: 000000000000001e RSI: 000055ef23328c30 RDI: 0000000000000003 RBP: 000055ef233289d0 R08: 00007ffc248a42d0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e R13: 00000000000186a0 R14: 0000000000000000 R15: 00007fca41043000 </TASK> irq event stamp: 1045778 hardirqs last enabled at (1045784): [<ffffffff864ec042>] __up_console_sem+0x52/0x60 hardirqs last disabled at (1045789): [<ffffffff864ec027>] __up_console_sem+0x37/0x60 softirqs last enabled at (1045426): [<ffffffff874d48c7>] __alloc_skb+0x207/0x260 softirqs last disabled at (1045434): [<ffffffff874fe8f8>] __dev_queue_xmit+0x78/0x14d0 Then, because of the value in the packet's mark, dereference on 'q->handle' with NULL 'q' occurs: BUG: kernel NULL pointer dereference, address: 0000000000000038 [...] RIP: 0010:fw_classify+0x1fe/0x250 [cls_fw] [...] Skip "old-style" classification on shared blocks, so that the NULL dereference is fixed and WARN_ON() is not hit anymore in the short lifetime of invalid cls_fw "old-style" filters. [1] https://sashiko.dev/#/patchset/2 ---truncated---
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable delivery.
Out-of-bounds read in ImageMagick's ConnectedComponentsImage() function allows local attackers to trigger access violations by supplying malformed connected-components artifact definitions via the CLI, leading to denial of service or potential arbitrary code execution. All ImageMagick releases before 7.1.2-19 are affected, as are Magick.NET NuGet packages before 14.12.0. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the RCE and information-disclosure tags warrant attention in environments that process untrusted image inputs through automated pipelines.
Memory exhaustion via unfreed heap allocations in ImageMagick before 7.1.2-15 enables remote denial of service against services that process untrusted images through the affected raw-pixel-data coders. The flaw (CWE-401) causes 160-byte objects to accumulate on the heap with each crafted image processed, progressively starving the host process of memory. No public exploit code has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects network reachability offset by high attack complexity and partial attack requirements, limiting realistic mass exploitation.
Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted tar archive opened in streaming mode (mode='r|'). The seek() routine fails to detect EOF and keeps requesting bufsize reads of empty data when a TarInfo header declares a size far larger than the actual stream, exhausting CPU on any Python service that parses untrusted tar streams. No public exploit identified at time of analysis, but the upstream fix and a reproducer test case are both published on GitHub.