Red Hat
Monthly
Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via configparser.write() to smuggle arbitrary keys and values into the resulting INI-style configuration file by embedding carriage return (\r) characters. All CPython versions are listed as affected per the NVD CPE wildcard, and any Python application that writes attacker-influenced data to config files via configparser is a candidate target. No public exploit has been identified at time of analysis; CVSS 4.0 scores this at 4.1 (Medium) with high privilege requirements and specific attack conditions.
Heap use-after-free in ImageMagick's meta coder allows remote attackers to crash the process by submitting a specially crafted image file that triggers a memory allocation failure, causing a single byte write to a stale (freed) pointer. Affected versions are ImageMagick before 7.1.2-15 and 6.9.13-40, as well as Magick.NET NuGet wrapper packages before 14.10.3. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 6.3 with AC:H and AT:P reflects that reliable exploitation requires specific memory allocation failure conditions rather than straightforward request-and-crash triggering.
Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database engine by submitting crafted SQL statements that mishandle the internal t_set_push routine. The flaw carries availability-only impact (CVSS 7.5, A:H) with no confidentiality or integrity loss. EPSS is low (0.15%, 4th percentile), there is no public exploit identified at time of analysis, and it is not listed in CISA KEV - so risk is theoretical rather than actively exploited.
Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_try_in_loop SQL optimizer component. No public exploit identified at time of analysis, though SSVC indicates a proof-of-concept exists in the referenced GitHub issue. The flaw is tagged as SQLi-class (CWE-89) but the demonstrated impact is availability-only, with no confidentiality or integrity loss per the CVSS vector.
Denial of service in OpenLink Virtuoso Open Source Edition v7.2.11 allows remote attackers to crash the database engine by submitting crafted SQL statements that mishandle column predicate processing inside the sqlo_tb_col_preds query optimizer component. CVSS 7.5 reflects high availability impact with no authentication required, though no public exploit identified at time of analysis and the issue is tracked only as an upstream GitHub bug report.
Denial of service in OpenLink Virtuoso Open-Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that mishandle the sqlo_key_part_best query-optimizer routine. The flaw carries no confidentiality or integrity impact (availability-only, CVSS 7.5) and there is no public exploit identified at time of analysis; EPSS is low at 0.15% (4th percentile), and it is not listed in CISA KEV. The only public reference is the upstream GitHub issue (#1222) tracking the crash.
Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sslr_qst_get component. The flaw is classified under CWE-89 (SQL injection class) but the documented impact is availability-only with no confidentiality or integrity loss per the CVSS vector. No public exploit identified at time of analysis, and the issue is tracked only via an upstream GitHub issue (#1229) rather than a tagged fixed release.
Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments through a dependency confusion attack in the project's Dockerfile. Because flashinfer-jit-cache was pulled via --extra-index-url with UV_INDEX_STRATEGY=unsafe-best-match while the name remained unregistered on PyPI, any attacker who claimed the name on PyPI with a higher version would have their code executed as root during every Docker build. No public exploit identified at time of analysis, but the supply-chain primitive is well understood and trivially weaponizable.
DNS rebinding against the Glances XML-RPC server (`glances -s`) allows a network-adjacent or remote attacker to exfiltrate the full system monitoring dataset - including process command lines that routinely contain secrets - from a victim's browser without any authentication. The `GlancesXMLRPCHandler` in `glances/server.py` accepts arbitrary HTTP `Host` headers without validation, an omission that persists while the REST/WebUI server received an equivalent fix (TrustedHostMiddleware, v4.5.2) and the MCP server was protected since v4.5.1. No active exploitation is confirmed (not in CISA KEV), but a detailed proof-of-concept is published in the vendor's GitHub security advisory GHSA-w856-8p3r-p338 and the attack is materially amplified by the companion CORS wildcard issue CVE-2026-46608.
Infinite loop denial-of-service in pypdf prior to 6.13.1 allows an attacker to hang any process that merges a crafted PDF containing cyclic article/thread structures. The vulnerability exists in the `_add_articles_thread()` method of `_writer.py`, which traversed PDF article bead linked-list structures without cycle detection, permitting a self-referential `/N` (Next) pointer chain to create an irrecoverable loop. No public exploit code or CISA KEV listing exists at time of analysis, but the upstream PR diff publicly discloses the precise triggering structure, lowering the bar for exploitation against vulnerable merge pipelines.
Path traversal in Keras 3.14.0 exposes local file systems to arbitrary file and directory creation when processing maliciously crafted model files. The DiskIOStore.make method constructs directory paths from user-supplied layer names without sanitizing directory traversal sequences (..); since only forward slashes are blocked, embedding .. components in a layer name allows escape from the intended temporary working directory during model save or load operations. No active exploitation (CISA KEV) and no public proof-of-concept has been identified at time of analysis; however, EPSS data was not provided, leaving probabilistic exploitation likelihood unquantified.
Credential theft in Red Hat OpenShift Container Platform's Windows Machine Config Operator (WMCO) allows adjacent-network attackers to intercept SSH sessions to Windows worker nodes and steal WICD and kubelet bootstrap credentials. WMCO fails to verify the remote SSH host key when configuring Windows nodes, enabling a man-in-the-middle attacker positioned on the cluster network to capture credentials sufficient to assume Windows node identities. No public exploit identified at time of analysis, and the issue is not in CISA KEV.
Privilege escalation in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows a compromised Windows worker node holding WICD credentials to obtain a cluster-administrator client certificate. The WICD CSR auto-approver checks for the system:wicd-nodes organization but fails to reject additional organization values such as system:masters, enabling full cluster takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Use-after-free in libexpat before 2.8.2 arises from the `doCdataSection` function omitting `beforeHandler`/`afterHandler` depth-tracking calls for `XML_TOK_DATA_CHARS` tokens during CDATA section parsing - an incomplete fix for the related CVE-2026-50219. When a policy violation occurs during handler callback invocation in this code path, the parser's internal call-depth counter becomes inconsistent, enabling a use-after-free condition. An attacker supplying specially crafted XML to any libexpat-consuming application may trigger limited memory corruption, information disclosure, or availability impact under high-complexity conditions; no public exploit is identified at time of analysis and no CISA KEV listing exists.
Integer overflow in the xmlwf utility bundled with libexpat before 2.8.2 enables heap corruption via XML documents containing an excessive number of NOTATION declarations in a DOCTYPE block. The flaw in endDoctypeDecl allows a crafted XML file to wrap a signed integer counter, producing an undersized heap allocation that can be overflowed with high confidentiality and integrity impact. No confirmed active exploitation (not in CISA KEV) and no public exploit code have been identified at time of analysis; vendor-released patch is available in libexpat 2.8.2.
Integer overflow in libexpat's xmlwf tool allows an attacker supplying a crafted XML file with an excessively long DOCTYPE system identifier to trigger a heap buffer overflow via the resolveSystemId function. All libexpat versions before 2.8.2 are affected; the root cause is an unchecked size_t arithmetic operation - both the addition of string lengths and the subsequent multiplication by sizeof(XML_Char) - before a malloc call. No public exploit has been identified at time of analysis, and exploitation requires local access under high-complexity conditions per the CVSS:3.1/AV:L/AC:H vector.
Integer overflow in libexpat's XML_ParseBuffer function allows potential heap corruption leading to high-confidentiality and high-integrity impact in all libexpat versions before 2.8.2. The overflow occurs because XML_ParseBuffer lacked a bounds check on the byte index accumulator that was already present in the sibling XML_Parse function - a defensive guard omitted asymmetrically between two code paths. Any application that routes XML input through XML_ParseBuffer (a common pattern in incremental parsing) is exposed. No public exploit has been identified at time of analysis and no KEV listing exists, but the high C and I CVSS impact ratings reflect the potential for code execution via heap corruption.
Integer overflow in libexpat's getAttributeId routine exposes any application embedding libexpat before version 2.8.2 to memory corruption with high confidentiality and integrity impact when parsing specially crafted XML documents. The flaw occurs when an internal counter traversing the attribute ID table reaches INT_MAX and wraps, producing an invalid index that can corrupt adjacent heap memory. No public exploit has been identified at time of analysis, and CISA has not listed this in the KEV catalog, but a vendor-released patch is available in libexpat 2.8.2 and upgrade is the recommended remediation.
Integer overflow in libexpat's storeAtts() function before version 2.8.2 allows heap buffer corruption during XML namespace attribute processing. When an XML document contains namespace-qualified attributes whose prefix name or local-part name approaches or exceeds INT_MAX bytes, the combined expanded-name length calculation wraps to a small integer, causing allocation of an undersized heap buffer followed by an out-of-bounds write during the memcpy phase. The vendor CVSS scores this 6.9 with High confidentiality and integrity impact; no public exploit has been identified at time of analysis and the CVE is not listed in the CISA KEV catalog.
Heap out-of-bounds read in ImageMagick's PCD image decoder (versions prior to 7.1.2-15 and 6.9.13-40) allows unauthenticated network-reachable attackers to cause denial of service and disclose a single adjacent heap byte by supplying a crafted PCD file to an image-processing endpoint. The vulnerability is rooted in the PCD coder's DecodeImage loop and requires high attack complexity (AC:H) with specific attack prerequisites (AT:P), meaning the target application must actively process attacker-supplied PCD files. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis, though .NET bindings via Magick.NET NuGet packages are also affected and carry a separate fix version.
Integer overflow in ImageMagick's PSB/PSD v2 RLE decoder (ReadPSDChannelRLE in coders/psd.c) causes a heap out-of-bounds read exclusively on 32-bit builds, enabling information disclosure or process crash when processing attacker-controlled PSB files. Affected versions span ImageMagick below 7.1.2-15 and 6.9.x below 6.9.13-40, with corresponding Magick.NET NuGet packages below 14.10.3 also confirmed vulnerable. No public exploit code has been identified at time of analysis and no CISA KEV listing exists; the CVSS 4.0 score of 6.3 with AC:H and AT:P reflects that exploitation is constrained to 32-bit deployments processing untrusted PSB input.
Regular expression denial of service in vLLM versions 0.6.3 through 0.8.x exposes three distinct attack surfaces - the LoRA utility module, the phi4mini tool parser, and the OpenAI-compatible chat endpoint - to catastrophic regex backtracking, causing severe CPU exhaustion and service-wide denial of service. Authenticated API consumers can submit crafted inputs with deeply nested or repeated structures (e.g., `((((a|)+)+)+)`) to trigger unbounded processing in Python's backtracking NFA regex engine. No public exploit identified at time of analysis, though the GHSA advisory discloses the exact vulnerable patterns and example malicious inputs, substantially lowering the reproduction barrier for anyone with API access.
The Kubernetes Ingress NGINX provider in Traefik v3.7.0-ea.1 through v3.7.4 fails open when BasicAuth or DigestAuth cannot be installed because the referenced auth-secret is unresolvable, silently publishing the intended-to-be-protected backend route without any authentication middleware to unauthenticated network clients. Operators who explicitly configure auth via nginx.ingress.kubernetes.io/auth-type and auth-secret annotations are left with a live, fully accessible backend route while Traefik logs a single controller-level error and routes traffic normally - a direct violation of the declared security intent. A detailed proof-of-concept covering eight distinct secret-failure scenarios was developed by the reporter and confirmed on both current master and v3.7.1; no public release of exploit code is confirmed and no CISA KEV listing exists at time of analysis.
Denial of service in the concurrent-ruby gem (versions through 1.3.6) allows attackers to cause CPU exhaustion and permanent thread hangs by forcing an externally-derived numeric value stored in a Concurrent::AtomicReference to become Float::NAN. Because Ruby evaluates Float::NAN == Float::NAN as false, any subsequent call to AtomicReference#update livelocks - endlessly re-running the caller's block and pinning a CPU core, as the included reporter PoC demonstrates (over 1.9 million spin iterations in 250 ms). Publicly available exploit code exists; there is no public exploit identified as being used in active attacks, and the issue is not listed in CISA KEV.
Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.
Server-Side Request Forgery in AWX's GitHub webhook integration (Red Hat Ansible Automation Platform 2) enables a remote attacker possessing a job template's webhook_key to redirect PAT-bearing status callbacks to an attacker-controlled endpoint, exfiltrating the configured GitHub Personal Access Token. The attack exploits AWX's failure to validate that the pull_request.statuses_url field in an incoming webhook payload points to a legitimate GitHub API domain before using it as a POST target. No public exploit is identified at time of analysis, but successful exploitation yields persistent GitHub repository access through the stolen PAT, extending the blast radius well beyond the AWX system itself.
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.
Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.
Heap out-of-bounds write in OpenEXR 3.4.0 through 3.4.11 lets an attacker who supplies a crafted HTJ2K-compressed EXR file trigger memory corruption during decoding, via an integer overflow in the HTJ2K decoder ht_undo_impl(). Any application that decodes untrusted EXR images using the affected OpenEXRCore library is at risk, with potential for memory corruption and possible code execution. No public exploit has been identified at time of analysis; EPSS risk is low (0.17%, 7th percentile) and CISA SSVC rates exploitation as none.
Stored XSS in Coturn's web-admin HTTPS interface (all versions prior to 4.11.0) allows a TURN-level attacker to inject persistent JavaScript that executes in an authenticated administrator's browser when they view the session list. The attack is staged via a crafted USERNAME value in a TURN Allocate request, bridging the TURN protocol surface into the web-admin UI context. In anonymous deployments (--no-auth), no TURN credentials are required for the injection phase, broadening the exposure; in authenticated deployments the attacker must hold valid TURN credentials. No public exploit has been identified and this vulnerability is not listed in CISA KEV.
Backend routing bypass in http-proxy-middleware allows unauthenticated external attackers to redirect HTTP requests to unintended backends by sending a crafted Host header that acts as a superstring of a configured host+path router key. The vulnerable substring matching logic (`hostAndPath.indexOf(key) > -1` in `src/router.ts`) affects npm package versions 0.16.0 through 3.0.5 and 4.0.0 through v4.0.0-beta.5, enabling bypass of tenant isolation, backend segmentation, or access-control boundaries enforced through proxy routing rules. Publicly available exploit code exists in the GitHub Security Advisory GHSA-64mm-vxmg-q3vj, with vendor-confirmed fixes released as versions 3.0.6 and 4.1.0.
{signal} for abort support), the polluted prototype value flows into worker_threads.Worker and the attacker's exported function is invoked with every legitimate caller's task data. Publicly available exploit code exists (full PoC in the GHSA advisory), but no public exploit identified at time of analysis as in-the-wild abuse and the CVE is not in CISA KEV.
Strimzi Kafka Operator versions 1.0.0 and earlier provision the Entity Operator ServiceAccount with combined RBAC rights for both the Topic Operator and User Operator regardless of which sub-operators are actually enabled in the Kafka custom resource, violating the principle of least privilege. When only one of the two sub-operators is deployed, the overly permissive ServiceAccount can access KafkaUser custom resources and namespace Secrets (when the User Operator is absent) or KafkaTopic custom resources (when the Topic Operator is absent). No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the High confidentiality impact (C:H) due to potential Secret access elevates the urgency of patching.
Cross-namespace privilege escalation in Strimzi Kafka Operator versions up to 1.0.0 allows tenants with namespace-scoped Kafka custom resource creation rights to read and write Secrets in any namespace where the Cluster Operator has been granted permissions. By abusing the documented `watchedNamespace` field within `Kafka.spec.entityOperator`, an attacker mints a token for the entity operator ServiceAccount in their own namespace and gains full CRUD on Secrets in the target namespace. No public exploit identified at time of analysis, but the attack is mechanically straightforward in any multi-tenant Strimzi deployment.
Path traversal in libzypp's .repo file processing enables low-privileged network-accessible attackers to write content into arbitrary directories on the host filesystem beyond the intended zypp cache boundary. Affected versions span the 17.x series before 17.38.13 and the 16.x series before 16.22.19, covering systems running SUSE Linux Enterprise and openSUSE derivatives that use zypper as their package manager. The primary real-world impact is disk exhaustion across unexpected filesystem paths, causing a denial of service; no confidentiality impact is attributed in the CVSS assessment. No public exploit or CISA KEV listing has been identified at time of analysis.
Sensitive information disclosure in Node.js (versions 26.3.0, 24.16.0, and 22.22.3) leaks embedded proxy credentials when a CONNECT tunnel connection fails, because the full proxy URL - including username and password - is included verbatim in the resulting tunnel error message rather than being redacted. Anyone able to read those error strings (application logs, error responses, monitoring/telemetry pipelines) can recover the proxy authentication secret. This is a Medium-rated, post-disclosure security-release fix (fixed in v26.3.1); there is no public exploit identified at time of analysis and EPSS is low at 0.38% (30th percentile).
TLS SNI context matching in Node.js performs case-sensitive hostname comparison, enabling network-accessible low-privileged attackers to bypass intended server-side TLS context selection by varying the casing of the SNI hostname in a ClientHello message. Affected versions prior to 26.3.1 may serve an incorrect TLS certificate or context when a client sends an SNI value with unexpected casing (e.g., 'EXAMPLE.COM' versus 'example.com'), yielding limited confidentiality and integrity impacts in multi-hostname deployments. No public exploit code or active exploitation has been identified; the fix shipped as part of the Node.js June 2026 coordinated security release alongside ten other CVEs.
Denial of service in Node.js HTTP/2 lets a remote peer exhaust process memory by driving unbounded growth of the connection's originSet, the structure that tracks origins advertised via HTTP/2 ORIGIN frames. It affects the 22.x, 24.x and 26.x release lines up to and including Node 22.22.3, 24.16.0 and 26.3.0, and is fixed in the June 2026 security release (26.3.1). There is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.51%), but availability impact is rated High.
Hostname validation bypass in Node.js (versions 22.22.3, 24.16.0, and 26.3.0) lets attackers smuggle embedded NUL bytes through the dns and net subsystems, truncating a hostname after the NUL so that application-level allowlists, SNI checks, or destination filters validate one host while the runtime resolves or connects to another. The Node.js project rates this specific issue Medium and shipped the fix in its June 2026 security release; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.28%, 20th percentile), and it is not in CISA KEV. Note a significant signal conflict: the aggregate input score of CVSS 9.8 with an 'Authentication Bypass' tag is far above the vendor's own Medium rating for this CVE and appears to be an inflated pre-NVD auto-score.
Resource exhaustion in joserfc (versions 1.3.4-1.6.5) is possible because the RFC7797 unencoded-payload (b64=false) JWS code path skips the configured JWSRegistry.max_payload_length check, while the standard compact and flattened JSON paths correctly raise ExceededSizeError. Remotely submitted, cryptographically valid b64=false JWS tokens with arbitrarily large payloads are deserialized without size enforcement, consuming memory or CPU on the verifying server. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; a vendor-released fix is available in version 1.6.7.
Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.
HTTP response header injection in undici's cookie parser exposes proxy, middleware, and SSR framework applications to session fixation, open redirect, and cache poisoning. The `parseSetCookie`, `parseCookie`, and `getSetCookies` functions incorrectly percent-decode cookie values using `qsUnescape`, converting encoded sequences such as `%0D%0A` into literal CRLF bytes in violation of RFC 6265 §5.4, which prescribes no such decoding. Any application that fetches from an attacker-controlled upstream and forwards the parsed cookie value into a downstream response header is exploitable; no public exploit has been identified at time of analysis, and patched releases v6.26.0, v7.28.0, and v8.5.0 are available.
Denial-of-service in the undici WebSocket client (Node.js HTTP/WebSocket library) version 8.1.0 through versions prior to 8.5.0 allows a malicious or compromised WebSocket server to exhaust client memory by streaming many small fragmented frames that individually pass the per-frame maxPayloadSize check but cumulatively bypass any size limit. The flaw is a regression introduced in the 8.1.0 line; no public exploit identified at time of analysis. Impact is limited to availability (process crash via memory exhaustion) with no confidentiality or integrity consequence per the CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H vector.
Insufficient authorization in the Katello ContentUploadsController within Red Hat Satellite 6 permits authenticated users holding only the edit_products permission to query content metadata for repositories belonging to products they have no rights to manage. The flaw, rooted in a missing ActiveRecord scope on repository lookup, allows cross-product content-existence enumeration via the content-upload API - but explicitly does not permit modification, import, or publication of content. No public exploit exists and the vulnerability is not listed in CISA KEV; risk is bounded by the authentication requirement and the limited read-only impact.
OpenStack Horizon before 25.7.4 embeds project names unsanitized into generated OpenStack RC shell scripts, enabling OS command injection when a victim user downloads and sources that script locally. An attacker with sufficient privileges to create or control a project name can insert shell metacharacters (e.g., backtick sequences, command substitution syntax) that execute arbitrary commands in the victim's local shell environment upon RC file execution. No public exploit code or CISA KEV listing exists at time of analysis, though the underlying CWE-78 class is well-understood; notably, the OpenStack project itself characterizes this as a security hardening opportunity rather than a traditional vulnerability, reflecting a disputed severity framing.
Heap buffer over-read in NGINX Plus and NGINX Open Source's ngx_http_charset_module exposes limited worker process memory or triggers a worker restart when remote unauthenticated attackers send crafted requests against a non-default charset conversion configuration. Exploitation requires both a specific dual-directive configuration (source_charset utf-8 alongside a differing charset directive such as koi8-r in the same location block) and content-dependent conditions outside the attacker's direct control, reflected in the CVSS AC:H rating. No public exploit code exists and this CVE does not appear in the CISA KEV catalog; the vendor F5 has published advisory K000161585 with patched version guidance.
Heap memory address leakage in vLLM's Anthropic API router and speech-to-text WebSocket paths exposes the same ASLR-bypass primitive previously fixed in CVE-2026-22778. Five exception-handling sites across `vllm/entrypoints/anthropic/api_router.py`, `vllm/entrypoints/anthropic/serving.py`, and `vllm/entrypoints/speech_to_text/realtime/connection.py` echo raw `str(e)` output - including PIL BytesIO object repr strings containing heap addresses - directly to unauthenticated callers. A proof-of-concept is referenced in the advisory, and when chained with the parent CVE's libopenjp2 heap overflow, this leak reduces ASLR entropy from approximately 4 billion candidates to 8, enabling RCE; no public exploit identified at time of analysis for this CVE in isolation.
Temperature parameter validation in vLLM (pip/vllm ≤ 0.23.0) can be bypassed by supplying NaN or positive Infinity as the temperature value, because Python's IEEE 754 float comparison operators silently return False for these inputs, allowing the values to propagate unchecked into GPU CUDA sampling kernels. The invalid inputs trigger undefined behavior or fatal CUDA errors that crash the inference worker process, dropping all in-flight requests and degrading service for every concurrent user sharing that worker. No public exploit has been identified at time of analysis, though the trigger condition is fully disclosed in the published GHSA-7h4p-rffg-7823 advisory and is trivially reproducible from that description alone.
Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Universal Cross-Site Scripting (UXSS) in the Views component of Google Chrome on Linux (prior to 149.0.7827.155) enables an attacker who has already compromised the renderer process to inject arbitrary scripts or HTML across security origins via a crafted HTML page, breaking Chrome's same-origin policy isolation. This is a post-renderer-compromise escalation step in a multi-stage attack chain, Linux-platform specific, requiring prior renderer RCE as a prerequisite. No public exploit code has been identified at time of analysis; EPSS sits at 0.29% (21st percentile), and CISA SSVC assesses exploitation status as none with partial technical impact.
Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)
Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Heap corruption in Google Chrome's Digital Credentials component (versions prior to 149.0.7827.155) allows remote attackers to trigger a use-after-free condition by enticing a user to visit a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates this issue as Critical severity, and Google has released a patched stable-channel build; no public exploit identified at time of analysis and EPSS sits at 0.31% (23rd percentile), indicating low predicted near-term exploitation pressure despite the high CVSS of 8.8.
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Server-Side Request Forgery in Pydantic AI (versions 1.56.0-1.101.0, 2.0.0b1, 2.0.0b2) allows unauthenticated network attackers to bypass the cloud-metadata IP blocklist by encoding metadata service addresses (e.g., 169.254.169.254) in IPv6 transition forms - specifically IPv4-compatible IPv6, NAT64 RFC 8215 local-use prefixes, operator-chosen NAT64 prefixes, and ISATAP - that the prior remediation (CVE-2026-46678) failed to decode, enabling retrieval of cloud IAM short-term credentials. Exploitation is constrained by two simultaneous prerequisites: the application must use the non-default `force_download='allow-local'` mode and must operate on a network that routes the affected IPv6 transition forms (e.g., IPv6-only or dual-stack-with-NAT64 Kubernetes clusters). This is the third iteration in an escalating bypass chain (CVE-2026-25580 → CVE-2026-46678 → CVE-2026-48782), and no public exploit has been identified at time of analysis.
Arbitrary file deletion in evolution-data-server's addressbook file backend exposes host filesystem to manipulation by a Flatpak application with D-Bus access. The vulnerability exploits split validation logic: a crafted URI embedding directory traversal sequences (e.g., '../') is accepted without sufficient sanitization during contact creation or modification, but when the same URI is later processed at deletion time, a second, less restrictive check fails to catch the traversal - allowing files outside the intended addressbook directory to be removed. Critically, deletion of Flatpak override files could be leveraged to silently weaken sandbox restrictions for subsequent application runs. No public exploit has been identified at time of analysis.
Path manipulation in the LangGraph Python SDK (langgraph-sdk) version 0.3.14 and earlier lets caller-supplied identifier values containing URL-special characters redirect an HTTP request to a different resource — or resource type — than the SDK call intended. When applications forward untrusted, unvalidated identifiers into SDK methods and rely on upstream URL-prefix authorization, an attacker can reach, modify, or delete resources outside their authorization scope. There is no public exploit identified at time of analysis and EPSS is low (0.22%), but CVSS is rated 9.1 due to high confidentiality and integrity impact.
Unsafe deserialization in LangGraph SQLite Checkpoint's JsonPlusSerializer (versions 4.1.0 and prior) allows arbitrary Python object reconstruction from checkpoint payloads stored in a SQLite backing store, enabling code execution at checkpoint load time. Affected deployments are those where an unauthorized party can modify checkpoint bytes at rest - a high-privilege prerequisite (PR:H, AV:A per CVSS) that already implies a significant prior compromise. This is explicitly framed as a defense-in-depth concern: the issue escalates an existing 'checkpoint-store write access' incident into full application runtime code execution. No public exploit code or CISA KEV listing has been identified at time of analysis.
Command injection in openSUSE/SUSE wicked DHCP client before 0.6.79 allows attackers operating a rogue DHCP server on the victim's local network segment to execute arbitrary commands by embedding single-quoted shell metacharacters in DHCP option strings, which are written unsanitized to /run/wicked/leaseinfo.* files and later consumed by netconfig. The CVSS 8.8 (AV:A) rating reflects adjacent-network exposure without authentication. No public exploit identified at time of analysis.
Resource-accounting bypass in OpenStack Nova (compute service) lets an authenticated tenant create an instance whose scheduler hint data is not properly stripped, resulting in a running VM that has no corresponding Placement allocation. Because the instance consumes real host CPU/RAM/disk that the Placement service never accounted for, an attacker with ordinary project credentials can quietly over-subscribe a compute host and degrade availability for co-located tenants. SSVC lists exploitation as proof-of-concept (no public exploit identified as weaponized) with partial technical impact; EPSS is low at 0.26% (17th percentile).
Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.
Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.
Uncontrolled resource consumption in pypdf versions before 6.12.2 allows any attacker who can cause an application to call `extract_text()` on a crafted PDF to trigger unbounded memory growth, resulting in denial of service. The vulnerability arises specifically during form XObject traversal: a PDF containing a self-referencing XObject resource dictionary causes the extraction code to recurse infinitely without cycle detection. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.
Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via configparser.write() to smuggle arbitrary keys and values into the resulting INI-style configuration file by embedding carriage return (\r) characters. All CPython versions are listed as affected per the NVD CPE wildcard, and any Python application that writes attacker-influenced data to config files via configparser is a candidate target. No public exploit has been identified at time of analysis; CVSS 4.0 scores this at 4.1 (Medium) with high privilege requirements and specific attack conditions.
Heap use-after-free in ImageMagick's meta coder allows remote attackers to crash the process by submitting a specially crafted image file that triggers a memory allocation failure, causing a single byte write to a stale (freed) pointer. Affected versions are ImageMagick before 7.1.2-15 and 6.9.13-40, as well as Magick.NET NuGet wrapper packages before 14.10.3. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 6.3 with AC:H and AT:P reflects that reliable exploitation requires specific memory allocation failure conditions rather than straightforward request-and-crash triggering.
Denial of service in OpenLink Virtuoso Open Source Edition 7.2.11 lets attackers crash the database engine by submitting crafted SQL statements that mishandle the internal t_set_push routine. The flaw carries availability-only impact (CVSS 7.5, A:H) with no confidentiality or integrity loss. EPSS is low (0.15%, 4th percentile), there is no public exploit identified at time of analysis, and it is not listed in CISA KEV - so risk is theoretical rather than actively exploited.
Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sqlo_try_in_loop SQL optimizer component. No public exploit identified at time of analysis, though SSVC indicates a proof-of-concept exists in the referenced GitHub issue. The flaw is tagged as SQLi-class (CWE-89) but the demonstrated impact is availability-only, with no confidentiality or integrity loss per the CVSS vector.
Denial of service in OpenLink Virtuoso Open Source Edition v7.2.11 allows remote attackers to crash the database engine by submitting crafted SQL statements that mishandle column predicate processing inside the sqlo_tb_col_preds query optimizer component. CVSS 7.5 reflects high availability impact with no authentication required, though no public exploit identified at time of analysis and the issue is tracked only as an upstream GitHub bug report.
Denial of service in OpenLink Virtuoso Open-Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that mishandle the sqlo_key_part_best query-optimizer routine. The flaw carries no confidentiality or integrity impact (availability-only, CVSS 7.5) and there is no public exploit identified at time of analysis; EPSS is low at 0.15% (4th percentile), and it is not listed in CISA KEV. The only public reference is the upstream GitHub issue (#1222) tracking the crash.
Denial of service in OpenLink Virtuoso OpenSource v7.2.11 allows remote attackers to crash the database server by submitting crafted SQL statements that trigger a fault in the sslr_qst_get component. The flaw is classified under CWE-89 (SQL injection class) but the documented impact is availability-only with no confidentiality or integrity loss per the CVSS vector. No public exploit identified at time of analysis, and the issue is tracked only via an upstream GitHub issue (#1229) rather than a tagged fixed release.
Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments through a dependency confusion attack in the project's Dockerfile. Because flashinfer-jit-cache was pulled via --extra-index-url with UV_INDEX_STRATEGY=unsafe-best-match while the name remained unregistered on PyPI, any attacker who claimed the name on PyPI with a higher version would have their code executed as root during every Docker build. No public exploit identified at time of analysis, but the supply-chain primitive is well understood and trivially weaponizable.
DNS rebinding against the Glances XML-RPC server (`glances -s`) allows a network-adjacent or remote attacker to exfiltrate the full system monitoring dataset - including process command lines that routinely contain secrets - from a victim's browser without any authentication. The `GlancesXMLRPCHandler` in `glances/server.py` accepts arbitrary HTTP `Host` headers without validation, an omission that persists while the REST/WebUI server received an equivalent fix (TrustedHostMiddleware, v4.5.2) and the MCP server was protected since v4.5.1. No active exploitation is confirmed (not in CISA KEV), but a detailed proof-of-concept is published in the vendor's GitHub security advisory GHSA-w856-8p3r-p338 and the attack is materially amplified by the companion CORS wildcard issue CVE-2026-46608.
Infinite loop denial-of-service in pypdf prior to 6.13.1 allows an attacker to hang any process that merges a crafted PDF containing cyclic article/thread structures. The vulnerability exists in the `_add_articles_thread()` method of `_writer.py`, which traversed PDF article bead linked-list structures without cycle detection, permitting a self-referential `/N` (Next) pointer chain to create an irrecoverable loop. No public exploit code or CISA KEV listing exists at time of analysis, but the upstream PR diff publicly discloses the precise triggering structure, lowering the bar for exploitation against vulnerable merge pipelines.
Path traversal in Keras 3.14.0 exposes local file systems to arbitrary file and directory creation when processing maliciously crafted model files. The DiskIOStore.make method constructs directory paths from user-supplied layer names without sanitizing directory traversal sequences (..); since only forward slashes are blocked, embedding .. components in a layer name allows escape from the intended temporary working directory during model save or load operations. No active exploitation (CISA KEV) and no public proof-of-concept has been identified at time of analysis; however, EPSS data was not provided, leaving probabilistic exploitation likelihood unquantified.
Credential theft in Red Hat OpenShift Container Platform's Windows Machine Config Operator (WMCO) allows adjacent-network attackers to intercept SSH sessions to Windows worker nodes and steal WICD and kubelet bootstrap credentials. WMCO fails to verify the remote SSH host key when configuring Windows nodes, enabling a man-in-the-middle attacker positioned on the cluster network to capture credentials sufficient to assume Windows node identities. No public exploit identified at time of analysis, and the issue is not in CISA KEV.
Privilege escalation in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform allows a compromised Windows worker node holding WICD credentials to obtain a cluster-administrator client certificate. The WICD CSR auto-approver checks for the system:wicd-nodes organization but fails to reject additional organization values such as system:masters, enabling full cluster takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Use-after-free in libexpat before 2.8.2 arises from the `doCdataSection` function omitting `beforeHandler`/`afterHandler` depth-tracking calls for `XML_TOK_DATA_CHARS` tokens during CDATA section parsing - an incomplete fix for the related CVE-2026-50219. When a policy violation occurs during handler callback invocation in this code path, the parser's internal call-depth counter becomes inconsistent, enabling a use-after-free condition. An attacker supplying specially crafted XML to any libexpat-consuming application may trigger limited memory corruption, information disclosure, or availability impact under high-complexity conditions; no public exploit is identified at time of analysis and no CISA KEV listing exists.
Integer overflow in the xmlwf utility bundled with libexpat before 2.8.2 enables heap corruption via XML documents containing an excessive number of NOTATION declarations in a DOCTYPE block. The flaw in endDoctypeDecl allows a crafted XML file to wrap a signed integer counter, producing an undersized heap allocation that can be overflowed with high confidentiality and integrity impact. No confirmed active exploitation (not in CISA KEV) and no public exploit code have been identified at time of analysis; vendor-released patch is available in libexpat 2.8.2.
Integer overflow in libexpat's xmlwf tool allows an attacker supplying a crafted XML file with an excessively long DOCTYPE system identifier to trigger a heap buffer overflow via the resolveSystemId function. All libexpat versions before 2.8.2 are affected; the root cause is an unchecked size_t arithmetic operation - both the addition of string lengths and the subsequent multiplication by sizeof(XML_Char) - before a malloc call. No public exploit has been identified at time of analysis, and exploitation requires local access under high-complexity conditions per the CVSS:3.1/AV:L/AC:H vector.
Integer overflow in libexpat's XML_ParseBuffer function allows potential heap corruption leading to high-confidentiality and high-integrity impact in all libexpat versions before 2.8.2. The overflow occurs because XML_ParseBuffer lacked a bounds check on the byte index accumulator that was already present in the sibling XML_Parse function - a defensive guard omitted asymmetrically between two code paths. Any application that routes XML input through XML_ParseBuffer (a common pattern in incremental parsing) is exposed. No public exploit has been identified at time of analysis and no KEV listing exists, but the high C and I CVSS impact ratings reflect the potential for code execution via heap corruption.
Integer overflow in libexpat's getAttributeId routine exposes any application embedding libexpat before version 2.8.2 to memory corruption with high confidentiality and integrity impact when parsing specially crafted XML documents. The flaw occurs when an internal counter traversing the attribute ID table reaches INT_MAX and wraps, producing an invalid index that can corrupt adjacent heap memory. No public exploit has been identified at time of analysis, and CISA has not listed this in the KEV catalog, but a vendor-released patch is available in libexpat 2.8.2 and upgrade is the recommended remediation.
Integer overflow in libexpat's storeAtts() function before version 2.8.2 allows heap buffer corruption during XML namespace attribute processing. When an XML document contains namespace-qualified attributes whose prefix name or local-part name approaches or exceeds INT_MAX bytes, the combined expanded-name length calculation wraps to a small integer, causing allocation of an undersized heap buffer followed by an out-of-bounds write during the memcpy phase. The vendor CVSS scores this 6.9 with High confidentiality and integrity impact; no public exploit has been identified at time of analysis and the CVE is not listed in the CISA KEV catalog.
Heap out-of-bounds read in ImageMagick's PCD image decoder (versions prior to 7.1.2-15 and 6.9.13-40) allows unauthenticated network-reachable attackers to cause denial of service and disclose a single adjacent heap byte by supplying a crafted PCD file to an image-processing endpoint. The vulnerability is rooted in the PCD coder's DecodeImage loop and requires high attack complexity (AC:H) with specific attack prerequisites (AT:P), meaning the target application must actively process attacker-supplied PCD files. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis, though .NET bindings via Magick.NET NuGet packages are also affected and carry a separate fix version.
Integer overflow in ImageMagick's PSB/PSD v2 RLE decoder (ReadPSDChannelRLE in coders/psd.c) causes a heap out-of-bounds read exclusively on 32-bit builds, enabling information disclosure or process crash when processing attacker-controlled PSB files. Affected versions span ImageMagick below 7.1.2-15 and 6.9.x below 6.9.13-40, with corresponding Magick.NET NuGet packages below 14.10.3 also confirmed vulnerable. No public exploit code has been identified at time of analysis and no CISA KEV listing exists; the CVSS 4.0 score of 6.3 with AC:H and AT:P reflects that exploitation is constrained to 32-bit deployments processing untrusted PSB input.
Regular expression denial of service in vLLM versions 0.6.3 through 0.8.x exposes three distinct attack surfaces - the LoRA utility module, the phi4mini tool parser, and the OpenAI-compatible chat endpoint - to catastrophic regex backtracking, causing severe CPU exhaustion and service-wide denial of service. Authenticated API consumers can submit crafted inputs with deeply nested or repeated structures (e.g., `((((a|)+)+)+)`) to trigger unbounded processing in Python's backtracking NFA regex engine. No public exploit identified at time of analysis, though the GHSA advisory discloses the exact vulnerable patterns and example malicious inputs, substantially lowering the reproduction barrier for anyone with API access.
The Kubernetes Ingress NGINX provider in Traefik v3.7.0-ea.1 through v3.7.4 fails open when BasicAuth or DigestAuth cannot be installed because the referenced auth-secret is unresolvable, silently publishing the intended-to-be-protected backend route without any authentication middleware to unauthenticated network clients. Operators who explicitly configure auth via nginx.ingress.kubernetes.io/auth-type and auth-secret annotations are left with a live, fully accessible backend route while Traefik logs a single controller-level error and routes traffic normally - a direct violation of the declared security intent. A detailed proof-of-concept covering eight distinct secret-failure scenarios was developed by the reporter and confirmed on both current master and v3.7.1; no public release of exploit code is confirmed and no CISA KEV listing exists at time of analysis.
Denial of service in the concurrent-ruby gem (versions through 1.3.6) allows attackers to cause CPU exhaustion and permanent thread hangs by forcing an externally-derived numeric value stored in a Concurrent::AtomicReference to become Float::NAN. Because Ruby evaluates Float::NAN == Float::NAN as false, any subsequent call to AtomicReference#update livelocks - endlessly re-running the caller's block and pinning a CPU core, as the included reporter PoC demonstrates (over 1.9 million spin iterations in 250 ms). Publicly available exploit code exists; there is no public exploit identified as being used in active attacks, and the issue is not listed in CISA KEV.
Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.
Server-Side Request Forgery in AWX's GitHub webhook integration (Red Hat Ansible Automation Platform 2) enables a remote attacker possessing a job template's webhook_key to redirect PAT-bearing status callbacks to an attacker-controlled endpoint, exfiltrating the configured GitHub Personal Access Token. The attack exploits AWX's failure to validate that the pull_request.statuses_url field in an incoming webhook payload points to a legitimate GitHub API domain before using it as a POST target. No public exploit is identified at time of analysis, but successful exploitation yields persistent GitHub repository access through the stolen PAT, extending the blast radius well beyond the AWX system itself.
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.
Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.
Heap out-of-bounds write in OpenEXR 3.4.0 through 3.4.11 lets an attacker who supplies a crafted HTJ2K-compressed EXR file trigger memory corruption during decoding, via an integer overflow in the HTJ2K decoder ht_undo_impl(). Any application that decodes untrusted EXR images using the affected OpenEXRCore library is at risk, with potential for memory corruption and possible code execution. No public exploit has been identified at time of analysis; EPSS risk is low (0.17%, 7th percentile) and CISA SSVC rates exploitation as none.
Stored XSS in Coturn's web-admin HTTPS interface (all versions prior to 4.11.0) allows a TURN-level attacker to inject persistent JavaScript that executes in an authenticated administrator's browser when they view the session list. The attack is staged via a crafted USERNAME value in a TURN Allocate request, bridging the TURN protocol surface into the web-admin UI context. In anonymous deployments (--no-auth), no TURN credentials are required for the injection phase, broadening the exposure; in authenticated deployments the attacker must hold valid TURN credentials. No public exploit has been identified and this vulnerability is not listed in CISA KEV.
Backend routing bypass in http-proxy-middleware allows unauthenticated external attackers to redirect HTTP requests to unintended backends by sending a crafted Host header that acts as a superstring of a configured host+path router key. The vulnerable substring matching logic (`hostAndPath.indexOf(key) > -1` in `src/router.ts`) affects npm package versions 0.16.0 through 3.0.5 and 4.0.0 through v4.0.0-beta.5, enabling bypass of tenant isolation, backend segmentation, or access-control boundaries enforced through proxy routing rules. Publicly available exploit code exists in the GitHub Security Advisory GHSA-64mm-vxmg-q3vj, with vendor-confirmed fixes released as versions 3.0.6 and 4.1.0.
{signal} for abort support), the polluted prototype value flows into worker_threads.Worker and the attacker's exported function is invoked with every legitimate caller's task data. Publicly available exploit code exists (full PoC in the GHSA advisory), but no public exploit identified at time of analysis as in-the-wild abuse and the CVE is not in CISA KEV.
Strimzi Kafka Operator versions 1.0.0 and earlier provision the Entity Operator ServiceAccount with combined RBAC rights for both the Topic Operator and User Operator regardless of which sub-operators are actually enabled in the Kafka custom resource, violating the principle of least privilege. When only one of the two sub-operators is deployed, the overly permissive ServiceAccount can access KafkaUser custom resources and namespace Secrets (when the User Operator is absent) or KafkaTopic custom resources (when the Topic Operator is absent). No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the High confidentiality impact (C:H) due to potential Secret access elevates the urgency of patching.
Cross-namespace privilege escalation in Strimzi Kafka Operator versions up to 1.0.0 allows tenants with namespace-scoped Kafka custom resource creation rights to read and write Secrets in any namespace where the Cluster Operator has been granted permissions. By abusing the documented `watchedNamespace` field within `Kafka.spec.entityOperator`, an attacker mints a token for the entity operator ServiceAccount in their own namespace and gains full CRUD on Secrets in the target namespace. No public exploit identified at time of analysis, but the attack is mechanically straightforward in any multi-tenant Strimzi deployment.
Path traversal in libzypp's .repo file processing enables low-privileged network-accessible attackers to write content into arbitrary directories on the host filesystem beyond the intended zypp cache boundary. Affected versions span the 17.x series before 17.38.13 and the 16.x series before 16.22.19, covering systems running SUSE Linux Enterprise and openSUSE derivatives that use zypper as their package manager. The primary real-world impact is disk exhaustion across unexpected filesystem paths, causing a denial of service; no confidentiality impact is attributed in the CVSS assessment. No public exploit or CISA KEV listing has been identified at time of analysis.
Sensitive information disclosure in Node.js (versions 26.3.0, 24.16.0, and 22.22.3) leaks embedded proxy credentials when a CONNECT tunnel connection fails, because the full proxy URL - including username and password - is included verbatim in the resulting tunnel error message rather than being redacted. Anyone able to read those error strings (application logs, error responses, monitoring/telemetry pipelines) can recover the proxy authentication secret. This is a Medium-rated, post-disclosure security-release fix (fixed in v26.3.1); there is no public exploit identified at time of analysis and EPSS is low at 0.38% (30th percentile).
TLS SNI context matching in Node.js performs case-sensitive hostname comparison, enabling network-accessible low-privileged attackers to bypass intended server-side TLS context selection by varying the casing of the SNI hostname in a ClientHello message. Affected versions prior to 26.3.1 may serve an incorrect TLS certificate or context when a client sends an SNI value with unexpected casing (e.g., 'EXAMPLE.COM' versus 'example.com'), yielding limited confidentiality and integrity impacts in multi-hostname deployments. No public exploit code or active exploitation has been identified; the fix shipped as part of the Node.js June 2026 coordinated security release alongside ten other CVEs.
Denial of service in Node.js HTTP/2 lets a remote peer exhaust process memory by driving unbounded growth of the connection's originSet, the structure that tracks origins advertised via HTTP/2 ORIGIN frames. It affects the 22.x, 24.x and 26.x release lines up to and including Node 22.22.3, 24.16.0 and 26.3.0, and is fixed in the June 2026 security release (26.3.1). There is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.51%), but availability impact is rated High.
Hostname validation bypass in Node.js (versions 22.22.3, 24.16.0, and 26.3.0) lets attackers smuggle embedded NUL bytes through the dns and net subsystems, truncating a hostname after the NUL so that application-level allowlists, SNI checks, or destination filters validate one host while the runtime resolves or connects to another. The Node.js project rates this specific issue Medium and shipped the fix in its June 2026 security release; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.28%, 20th percentile), and it is not in CISA KEV. Note a significant signal conflict: the aggregate input score of CVSS 9.8 with an 'Authentication Bypass' tag is far above the vendor's own Medium rating for this CVE and appears to be an inflated pre-NVD auto-score.
Resource exhaustion in joserfc (versions 1.3.4-1.6.5) is possible because the RFC7797 unencoded-payload (b64=false) JWS code path skips the configured JWSRegistry.max_payload_length check, while the standard compact and flattened JSON paths correctly raise ExceededSizeError. Remotely submitted, cryptographically valid b64=false JWS tokens with arbitrarily large payloads are deserialized without size enforcement, consuming memory or CPU on the verifying server. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; a vendor-released fix is available in version 1.6.7.
Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.
HTTP response header injection in undici's cookie parser exposes proxy, middleware, and SSR framework applications to session fixation, open redirect, and cache poisoning. The `parseSetCookie`, `parseCookie`, and `getSetCookies` functions incorrectly percent-decode cookie values using `qsUnescape`, converting encoded sequences such as `%0D%0A` into literal CRLF bytes in violation of RFC 6265 §5.4, which prescribes no such decoding. Any application that fetches from an attacker-controlled upstream and forwards the parsed cookie value into a downstream response header is exploitable; no public exploit has been identified at time of analysis, and patched releases v6.26.0, v7.28.0, and v8.5.0 are available.
Denial-of-service in the undici WebSocket client (Node.js HTTP/WebSocket library) version 8.1.0 through versions prior to 8.5.0 allows a malicious or compromised WebSocket server to exhaust client memory by streaming many small fragmented frames that individually pass the per-frame maxPayloadSize check but cumulatively bypass any size limit. The flaw is a regression introduced in the 8.1.0 line; no public exploit identified at time of analysis. Impact is limited to availability (process crash via memory exhaustion) with no confidentiality or integrity consequence per the CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H vector.
Insufficient authorization in the Katello ContentUploadsController within Red Hat Satellite 6 permits authenticated users holding only the edit_products permission to query content metadata for repositories belonging to products they have no rights to manage. The flaw, rooted in a missing ActiveRecord scope on repository lookup, allows cross-product content-existence enumeration via the content-upload API - but explicitly does not permit modification, import, or publication of content. No public exploit exists and the vulnerability is not listed in CISA KEV; risk is bounded by the authentication requirement and the limited read-only impact.
OpenStack Horizon before 25.7.4 embeds project names unsanitized into generated OpenStack RC shell scripts, enabling OS command injection when a victim user downloads and sources that script locally. An attacker with sufficient privileges to create or control a project name can insert shell metacharacters (e.g., backtick sequences, command substitution syntax) that execute arbitrary commands in the victim's local shell environment upon RC file execution. No public exploit code or CISA KEV listing exists at time of analysis, though the underlying CWE-78 class is well-understood; notably, the OpenStack project itself characterizes this as a security hardening opportunity rather than a traditional vulnerability, reflecting a disputed severity framing.
Heap buffer over-read in NGINX Plus and NGINX Open Source's ngx_http_charset_module exposes limited worker process memory or triggers a worker restart when remote unauthenticated attackers send crafted requests against a non-default charset conversion configuration. Exploitation requires both a specific dual-directive configuration (source_charset utf-8 alongside a differing charset directive such as koi8-r in the same location block) and content-dependent conditions outside the attacker's direct control, reflected in the CVSS AC:H rating. No public exploit code exists and this CVE does not appear in the CISA KEV catalog; the vendor F5 has published advisory K000161585 with patched version guidance.
Heap memory address leakage in vLLM's Anthropic API router and speech-to-text WebSocket paths exposes the same ASLR-bypass primitive previously fixed in CVE-2026-22778. Five exception-handling sites across `vllm/entrypoints/anthropic/api_router.py`, `vllm/entrypoints/anthropic/serving.py`, and `vllm/entrypoints/speech_to_text/realtime/connection.py` echo raw `str(e)` output - including PIL BytesIO object repr strings containing heap addresses - directly to unauthenticated callers. A proof-of-concept is referenced in the advisory, and when chained with the parent CVE's libopenjp2 heap overflow, this leak reduces ASLR entropy from approximately 4 billion candidates to 8, enabling RCE; no public exploit identified at time of analysis for this CVE in isolation.
Temperature parameter validation in vLLM (pip/vllm ≤ 0.23.0) can be bypassed by supplying NaN or positive Infinity as the temperature value, because Python's IEEE 754 float comparison operators silently return False for these inputs, allowing the values to propagate unchecked into GPU CUDA sampling kernels. The invalid inputs trigger undefined behavior or fatal CUDA errors that crash the inference worker process, dropping all in-flight requests and degrading service for every concurrent user sharing that worker. No public exploit has been identified at time of analysis, though the trigger condition is fully disclosed in the published GHSA-7h4p-rffg-7823 advisory and is trivially reproducible from that description alone.
Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Universal Cross-Site Scripting (UXSS) in the Views component of Google Chrome on Linux (prior to 149.0.7827.155) enables an attacker who has already compromised the renderer process to inject arbitrary scripts or HTML across security origins via a crafted HTML page, breaking Chrome's same-origin policy isolation. This is a post-renderer-compromise escalation step in a multi-stage attack chain, Linux-platform specific, requiring prior renderer RCE as a prerequisite. No public exploit code has been identified at time of analysis; EPSS sits at 0.29% (21st percentile), and CISA SSVC assesses exploitation status as none with partial technical impact.
Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)
Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Heap corruption in Google Chrome's Digital Credentials component (versions prior to 149.0.7827.155) allows remote attackers to trigger a use-after-free condition by enticing a user to visit a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates this issue as Critical severity, and Google has released a patched stable-channel build; no public exploit identified at time of analysis and EPSS sits at 0.31% (23rd percentile), indicating low predicted near-term exploitation pressure despite the high CVSS of 8.8.
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Server-Side Request Forgery in Pydantic AI (versions 1.56.0-1.101.0, 2.0.0b1, 2.0.0b2) allows unauthenticated network attackers to bypass the cloud-metadata IP blocklist by encoding metadata service addresses (e.g., 169.254.169.254) in IPv6 transition forms - specifically IPv4-compatible IPv6, NAT64 RFC 8215 local-use prefixes, operator-chosen NAT64 prefixes, and ISATAP - that the prior remediation (CVE-2026-46678) failed to decode, enabling retrieval of cloud IAM short-term credentials. Exploitation is constrained by two simultaneous prerequisites: the application must use the non-default `force_download='allow-local'` mode and must operate on a network that routes the affected IPv6 transition forms (e.g., IPv6-only or dual-stack-with-NAT64 Kubernetes clusters). This is the third iteration in an escalating bypass chain (CVE-2026-25580 → CVE-2026-46678 → CVE-2026-48782), and no public exploit has been identified at time of analysis.
Arbitrary file deletion in evolution-data-server's addressbook file backend exposes host filesystem to manipulation by a Flatpak application with D-Bus access. The vulnerability exploits split validation logic: a crafted URI embedding directory traversal sequences (e.g., '../') is accepted without sufficient sanitization during contact creation or modification, but when the same URI is later processed at deletion time, a second, less restrictive check fails to catch the traversal - allowing files outside the intended addressbook directory to be removed. Critically, deletion of Flatpak override files could be leveraged to silently weaken sandbox restrictions for subsequent application runs. No public exploit has been identified at time of analysis.
Path manipulation in the LangGraph Python SDK (langgraph-sdk) version 0.3.14 and earlier lets caller-supplied identifier values containing URL-special characters redirect an HTTP request to a different resource — or resource type — than the SDK call intended. When applications forward untrusted, unvalidated identifiers into SDK methods and rely on upstream URL-prefix authorization, an attacker can reach, modify, or delete resources outside their authorization scope. There is no public exploit identified at time of analysis and EPSS is low (0.22%), but CVSS is rated 9.1 due to high confidentiality and integrity impact.
Unsafe deserialization in LangGraph SQLite Checkpoint's JsonPlusSerializer (versions 4.1.0 and prior) allows arbitrary Python object reconstruction from checkpoint payloads stored in a SQLite backing store, enabling code execution at checkpoint load time. Affected deployments are those where an unauthorized party can modify checkpoint bytes at rest - a high-privilege prerequisite (PR:H, AV:A per CVSS) that already implies a significant prior compromise. This is explicitly framed as a defense-in-depth concern: the issue escalates an existing 'checkpoint-store write access' incident into full application runtime code execution. No public exploit code or CISA KEV listing has been identified at time of analysis.
Command injection in openSUSE/SUSE wicked DHCP client before 0.6.79 allows attackers operating a rogue DHCP server on the victim's local network segment to execute arbitrary commands by embedding single-quoted shell metacharacters in DHCP option strings, which are written unsanitized to /run/wicked/leaseinfo.* files and later consumed by netconfig. The CVSS 8.8 (AV:A) rating reflects adjacent-network exposure without authentication. No public exploit identified at time of analysis.
Resource-accounting bypass in OpenStack Nova (compute service) lets an authenticated tenant create an instance whose scheduler hint data is not properly stripped, resulting in a running VM that has no corresponding Placement allocation. Because the instance consumes real host CPU/RAM/disk that the Placement service never accounted for, an attacker with ordinary project credentials can quietly over-subscribe a compute host and degrade availability for co-located tenants. SSVC lists exploitation as proof-of-concept (no public exploit identified as weaponized) with partial technical impact; EPSS is low at 0.26% (17th percentile).
Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.
Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.
Uncontrolled resource consumption in pypdf versions before 6.12.2 allows any attacker who can cause an application to call `extract_text()` on a crafted PDF to trigger unbounded memory growth, resulting in denial of service. The vulnerability arises specifically during form XObject traversal: a PDF containing a self-referencing XObject resource dictionary causes the extraction code to recurse infinitely without cycle detection. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.