Information Disclosure

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 prior to patching allow authenticated users to disclose shared draft topic titles via specially crafted inline onebox requests that reference the shared drafts category. An attacker with valid Discourse credentials can enumerate and read draft titles not intended for their access, violating information confidentiality. The vulnerability has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0; EPSS and KEV data indicate no current active exploitation, though the fix is available and should be deployed promptly given the low barrier to exploitation.

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0 leak read receipt metadata (who read staff-only posts and when) to non-staff users who should not have access to that information. While no post content is exposed, the metadata disclosure violates intended access controls. Patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Discourse chat user search functionality discloses channel membership information to authenticated users without proper authorization checks, allowing users to infer private channel membership across versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-rc1, affecting community administrators and organizations relying on channel privacy. The vulnerability requires authenticated access but carries low confidentiality impact (CVSS 4.3); patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Discourse moderators can export CSV data from admin-restricted reports in versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-beta, circumventing role-based access controls and exposing sensitive operational data intended exclusively for administrators. The vulnerability requires authenticated moderator access but carries low confidentiality impact (CVSS 5.3). Vendor-released patches are available in Discourse 2026.1.3, 2026.2.2, and 2026.3.0.

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0 leak Stripe API keys across sites in multisite cluster deployments due to improper credential isolation in the discourse-subscriptions plugin, allowing authenticated users with UI access on one site to view payment credentials belonging to other sites within the same cluster. CVSS 2.0 reflects low severity (information disclosure only, requires authentication and user interaction), but the exposure of payment processor credentials carries material business risk. Patches are available in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Deserialization of untrusted data in NVIDIA BioNeMo Framework enables local attackers to execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction. EPSS data not available; no public exploit identified at time of analysis. Affects NVIDIA BioNeMo Framework, a platform for AI-driven drug discovery and biomolecular research.

Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE.

Command injection in NVIDIA Jetson Linux initrd allows physical attackers to execute arbitrary code with elevated privileges across Jetson Xavier, Orin, and Thor series devices. An attacker with physical access can inject malicious command-line arguments during boot without authentication (CVSS:3.1/AV:P/AC:L/PR:N), leading to complete system compromise including root-level code execution, denial of service, and data exfiltration. EPSS data not available; no public exploit identified at time of analysis, though the low attack complexity (AC:L) and physical-only requirement (AV:P) suggest exploitation is straightforward for adversaries with device access.

Information disclosure in NVIDIA Jetson Linux affects Xavier, Orin, and Thor series devices due to the nvluks trusted application remaining enabled in initrd. A local attacker with physical access and low-level privileges can exploit this to read sensitive data from the device, as confirmed by CWE-501 (CLS: Malicious Code Not Included in Executable) indicating improper access control to privileged components. CVSS 5.2 reflects the high confidentiality impact but requires physical attack vector and authenticated access; no public exploit or CISA KEV status reported.

NVIDIA Jetson system initialization flaw allows authenticated remote attackers to exploit insecure default machine IDs, enabling cross-device information disclosure of encrypted data and tampering. Affects JetPack on Xavier and Orin series devices. CVSS 8.3 (High) with network attack vector and low complexity. EPSS data not available; no confirmed active exploitation (CISA KEV status not present). The vulnerability enables attackers with low-level privileges to compromise multiple devices sharing identical default machine identifiers, undermining cryptographic protections and system integrity across the device fleet.

PAGI::Middleware::Session::Store::Cookie through version 0.001003 generates cryptographically weak initialization vectors (IVs) for session cookie encryption by falling back to Perl's built-in rand() function when /dev/urandom is unavailable, particularly affecting Windows systems. This predictable IV generation enables attackers to decrypt and tamper with session data stored in cookies, compromising session confidentiality and integrity. No active exploitation has been confirmed, but the vulnerability affects all deployments on systems lacking /dev/urandom access.

Arbitrary file overwrite in UXGROUP LLC Voice Recorder v10.0 allows remote attackers to overwrite critical internal files through the file import mechanism, enabling arbitrary code execution or sensitive information exposure. No CVSS score, EPSS data, or KEV status was available at analysis time; exploitation likelihood cannot be quantified from standard metrics, but the presence of publicly documented vulnerability research suggests active security scrutiny.

JWT token forgery in appsup-dart/jose library (versions prior to 0.3.5+1) enables remote attackers to bypass authentication by embedding attacker-controlled public keys in JOSE headers. The library incorrectly accepts header-supplied 'jwk' parameters as trusted verification keys without validating they exist in the application's trusted keystore, allowing unauthenticated attackers to sign arbitrary tokens with their own key pairs. EPSS data not available; no public exploit identified at time of analysis, though exploitation requires only standard JWT manipulation tools.

Heap out-of-bounds read in PJSIP's VP9 RTP unpacketizer allows remote attackers to read memory beyond allocated buffer boundaries by sending crafted VP9 Scalability Structure data, potentially disclosing sensitive information. PJSIP versions prior to 2.17 are affected. The vulnerability requires network access but no authentication, authentication complexity, or user interaction, with CVSS score of 6.9 indicating moderate severity driven by availability impact. Vendor-released patch available in version 2.17.

GraphQL query complexity validator in Parse Server allows remote denial-of-service via crafted queries with binary fan-out fragment spreads, blocking the Node.js event loop for seconds with a single unauthenticated request. Parse Server versions prior to 8.6.68 and 9.7.0-alpha.12 are affected when requestComplexity.graphQLDepth or requestComplexity.graphQLFields options are enabled. EPSS data not provided; no public exploit identified at time of analysis. CVSS 8.2 (High) reflects network-accessible attack with low complexity requiring no privileges, causing high availability impact.

Search Guard FLX versions 1.0.0 through 4.0.1 leak user credentials into audit logs when users authenticate through Kibana, exposing plaintext authentication material to any system administrator or user with log access. The vulnerability requires high-privilege access to exploit and affects only confidentiality, but the presence of credentials in audit logs creates a persistent information disclosure risk that persists across backup and archival systems.

Zscaler Client Connector on Windows contains an incorrect startup configuration that permits limited traffic to bypass inspection under rare circumstances, resulting in potential information disclosure and integrity compromise. The vulnerability affects all versions of the product and requires user interaction to exploit, with a CVSS score of 5.4 reflecting the combination of network-based attack vector, low complexity, and low impact on confidentiality and integrity. No evidence of active exploitation or public exploit code has been identified.

Brute-force attacks against OpenClaw webhook authentication allow unauthenticated remote attackers to forge Nextcloud Talk webhook events by exploiting missing rate limiting on shared secret validation. Affecting OpenClaw versions prior to 2026.3.28, attackers can repeatedly attempt authentication without throttling to compromise weak shared secrets and inject malicious webhook payloads. CVSS 9.8 critical severity reflects network-accessible attack surface requiring no authentication. No public exploit identified at time of analysis, though EPSS data not available. Vendor-released patch available via commit e403decb6e20091b5402780a7ccd2085f98aa3cd.

Out-of-bounds read in PowerDNS dnsdist allows unauthenticated remote attackers to trigger denial of service or potential information disclosure by sending a crafted DNS response packet when custom Lua code uses the newDNSPacketOverlay function to parse packets. CVSS 5.3 indicates moderate severity with network-accessible attack surface and no privilege or user interaction required.

Cross-Origin Resource Sharing (CORS) misconfiguration in PowerDNS dnsdist's internal webserver allows remote attackers to extract sensitive configuration information from the dashboard through a social engineering attack targeting authenticated administrators. An attacker can trick an admin into visiting a malicious website, which then leverages the misconfigured CORS policy to read dashboard API responses containing running configuration details. The vulnerability requires the internal webserver to be enabled (disabled by default) and user interaction, resulting in limited confidentiality impact with no integrity or availability risk.

Telegram bot token exposure in OpenClaw's media download error handling allows unauthenticated remote attackers to harvest sensitive API credentials through information disclosure. Versions prior to 2026.3.13 embed complete Telegram file URLs containing bot tokens in MediaFetchError exceptions, leaking credentials to application logs and error surfaces. With EPSS data unavailable and no CISA KEV listing, no public exploit identified at time of analysis, though the vulnerability requires minimal technical sophistication to exploit given the network-accessible attack vector and low complexity (CVSS:3.1/AV:N/AC:L/PR:N).

Command substitution in OpenClaw's node-host approval system allows authenticated attackers with low privileges to execute arbitrary local code by deceiving operators through mismatched approval displays. The system shows extracted shell payloads during approval but executes different argv commands, enabling wrapper-binary attacks where approved commands differ from executed commands. Authentication is required (PR:L) with high attack complexity (AC:H) and user interaction (UI:R). No public exploit identified at time of analysis, though the vulnerability class (CWE-451: UI Misrepresentation of Critical Information) indicates the technical mechanism is well-understood.

Business::OnlinePayment::StoredTransaction through version 0.01 uses cryptographically weak secret key generation based on MD5 hashing of a single rand() call, exposing encrypted credit card transaction data to key recovery attacks. The vulnerability affects Perl module users who rely on this library for payment processing, allowing attackers to potentially decrypt stored transaction records. No CVSS score was assigned, but the direct compromise of payment card encryption represents critical risk to financial data confidentiality.

Double free vulnerability in Nothings stb library (up to version 2.30) in the multi-frame GIF file handler function stbi__load_gif_main allows local authenticated attackers to cause information disclosure and memory corruption. Public exploit code is available. The vendor did not respond to early disclosure notification, leaving affected users without an official patch.

Unauthenticated attackers can directly access view PHP files in the Truebooker WordPress plugin (versions up to 1.1.4) to disclose sensitive information, such as user data or system configuration details exposed in those templates. The vulnerability requires only network access and no authentication, making it trivially exploitable via simple HTTP requests to exposed PHP files. No public exploit code or active exploitation has been confirmed at this time.

Local privilege escalation via hardcoded build path in vcpkg's OpenSSL binaries affects Windows users of the C/C++ package manager prior to version 3.6.1#3. The vulnerability allows authenticated local attackers with low privileges to achieve high confidentiality, integrity, and availability impact (CVSS 7.8) by exploiting the hardcoded openssldir path that references the original build machine. Upstream fix available (PR #50518, commit 5111afd); patched version 3.6.1#3 released. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE.

Sensitive system configuration data exposure in Gravity SMTP for WordPress (all versions ≤2.1.4) allows unauthenticated remote attackers to retrieve comprehensive server information via an unsecured REST API endpoint. The /wp-json/gravitysmtp/v1/tests/mock-data endpoint lacks authentication controls, exposing ~365 KB of JSON containing PHP version, database credentials structure, WordPress configuration, plugin/theme inventories, and configured API keys/tokens. EPSS data not provided; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the attack vector is trivial (CVSS AV:N/AC:L/PR:N).

PaperCut NG/MF embedded application on Konica Minolta multifunction devices transmits sensitive session data over an insecure communication channel, enabling session hijacking and potential credential theft or phishing attacks against end users. The vulnerability affects all versions of the embedded application and was discovered internally by PaperCut; no public exploit code or active exploitation has been confirmed at this time.

Arbitrary file overwrite in DeftPDF Document Translator v54.0 permits attackers to overwrite critical internal files through the file import mechanism, potentially enabling remote code execution or sensitive information exposure. The vulnerability affects DeftPDF Document Translator specifically at version 54.0 and is documented by academic researchers at Fudan University's security systems group. Attack complexity and authentication requirements cannot be definitively assessed due to missing CVSS vector data, though the file import process suggests user interaction may be required.

Arbitrary file overwrite in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 enables remote attackers to overwrite critical application files through a malicious file import process, resulting in remote code execution or information disclosure. No CVSS score, exploit code availability, or active exploitation status confirmed from available data.

Arbitrary file overwrite in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files during the file import process, enabling remote code execution or sensitive information exposure. The vulnerability affects the application's import functionality without requiring authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Arbitrary file overwrite in Funambol Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files during the file import process, enabling remote code execution or information disclosure. The vulnerability affects the cloud application and its associated mobile client. No CVSS score or official vendor patch has been assigned as of analysis time, though the reported impact (RCE/information exposure) is severe.

Arbitrary file overwrite in FLY is FUN Aviation Navigation v35.33 permits attackers to overwrite critical internal files through the file import process, enabling remote code execution or information disclosure. No CVSS score, CVE severity classification, or patch status has been established. The vulnerability affects a niche aviation navigation software product with limited public disclosure.

Arbitrary file overwrite in MaruNuri LLC v2.0.23 allows remote attackers to overwrite critical internal files during the file import process, enabling arbitrary code execution or information exposure. No CVSS score, exploit code availability, or active exploitation status is documented in available sources.

Arbitrary file overwrite in My Location Travel Timeline v11.80 by Squareapps LLC permits attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information disclosure. Attack vector and complexity details are not confirmed from available CVSS data, and active exploitation status is unconfirmed.

InfCode's terminal auto-execution module fails to properly validate PowerShell commands due to an ineffective blacklist and lack of semantic parsing, allowing attackers to bypass command filtering through syntax obfuscation. When a user imports a specially crafted file into the IDE, the Agent executes arbitrary PowerShell commands without user confirmation, leading to remote code execution or sensitive data exfiltration. No public exploit code or active exploitation has been confirmed at time of analysis.

Arbitrary file overwrite in PDF Reader App TA/UTAX Mobile Print v3.7.2.251001 allows remote attackers to overwrite critical internal files during the file import process, potentially leading to remote code execution or unauthorized information exposure. The vulnerability affects a mobile print utility with demonstrated proof-of-concept documentation available on GitHub, though CVSS scoring and formal vendor patch status remain unavailable at time of analysis.

Arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 enables remote attackers to overwrite critical internal files during the file import process, resulting in arbitrary code execution or information disclosure. No CVSS score, exploitation data, or vendor patch information is currently available; the vulnerability was disclosed via academic research channels rather than coordinated vendor notification.

Arbitrary file overwrite in InTouch Contacts & Caller ID APP v6.38.1 allows remote attackers to overwrite critical internal files through the file import process, enabling arbitrary code execution or sensitive information exposure. Affected versions are limited to 6.38.1; no CVSS score, EPSS, or active exploitation status (KEV) is available at this time, though the vulnerability chain to RCE presents material risk.

Arbitrary file overwrite in Zora: Post, Trade, Earn Crypto v2.60.0 enables attackers to overwrite critical internal files through the file import process, resulting in remote code execution or information exposure. The vulnerability affects the cryptocurrency trading application's file handling mechanism, allowing unauthenticated remote attackers to inject malicious content into system-critical files. No active exploitation has been confirmed at time of analysis, though the attack vector and impact severity warrant immediate investigation by affected users.

Improper certificate validation in Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.x allows unauthenticated attackers to intercept and manipulate traffic between Airflow and Databricks backends via man-in-the-middle attacks, potentially exfiltrating credentials and sensitive workflow data. The provider did not validate SSL/TLS certificates when establishing connections to Databricks, creating a critical trust boundary weakness. Vendor-released patch available in version 1.12.0; no public exploit code or active exploitation confirmed at time of analysis.

FreeRDP versions prior to 3.24.2 leak sensitive heap data to the screen during pixel rendering in remote desktop sessions, allowing unauthenticated remote attackers to obtain confidential information through a man-in-the-middle position or compromised RDP server. The vulnerability requires user interaction (UI:R) and involves out-of-bounds memory read (CWE-125), with CVSS 5.9 reflecting moderate confidentiality impact and low availability degradation. No public exploit code or active exploitation has been confirmed at time of analysis.

FreeRDP versions prior to 3.24.2 contain an integer overflow vulnerability in the progressive_decompress_tile_upgrade() function that allows unauthenticated remote attackers to cause a denial of service through CPU exhaustion. When processing malformed Remote Desktop Protocol (RDP) streams, a wrapped integer value (247) is incorrectly used as a bit-shift exponent, triggering undefined behavior and creating an approximately 80 billion iteration loop that consumes CPU resources. The vulnerability requires user interaction (UI:R) to trigger, and no public exploit code has been identified at the time of analysis.

Heap-buffer-overflow in FreeRDP's winpr_aligned_offset_recalloc() function allows local attackers with no privileges but requiring user interaction to trigger high-severity information disclosure and denial of service in versions prior to 3.24.2. The vulnerability involves a READ operation at 24 bytes before heap allocation boundaries (CWE-125: Out-of-bounds Read). Vendor-released patch version 3.24.2 available via GitHub commit a48dbde2c8. EPSS data not provided; no public exploit identified at time of analysis. Affects all FreeRDP installations below 3.24.2, tracked across 7 Debian releases.

Heap over-read in Botan C++ cryptography library versions 2.3.0 through 3.10.x allows remote, unauthenticated attackers to trigger crashes or undefined behavior during SM2 decryption. The vulnerability stems from insufficient length validation of authentication code (C3) values in SM2 ciphertexts, enabling reads of up to 31 bytes beyond allocated heap memory. With CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) and EPSS data not provided, this represents a remotely exploitable memory safety issue in a cryptographic primitive. No public exploit identified at time of analysis. Patched in version 3.11.0.

Botan cryptography library versions 3.0.0 through 3.10.x fail to verify OCSP response signatures during X.509 certificate path validation, allowing attackers to forge certificate status responses and potentially bypass revocation checks. This integrity bypass affects any application using Botan for TLS or certificate validation and requires network positioning but not authentication. The vulnerability was patched in version 3.11.0.

Botan cryptography library versions prior to 3.11.0 fail to properly validate X.509 certificate DNS name constraints due to case-sensitive comparison of the Common Name field, allowing attackers to present certificates with mixed-case Common Names that bypass name constraint restrictions and potentially establish unauthorized secure connections to restricted domains.

NanoMQ MQTT Broker versions prior to 0.24.8 can be remotely crashed via MQTT-over-WebSocket by sending a packet with a maliciously inflated Remaining Length field in the fixed header while providing a shorter actual payload, triggering an out-of-bounds read that causes denial of service. Authenticated attackers can exploit this condition over the WebSocket listener with low attack complexity. Vendor-released patch available in version 0.24.8.

Zebra cryptocurrency nodes prior to version 4.3.0 can be forced into consensus split by malicious miners who craft blocks containing V5 transactions with matching txids but invalid authorization data. The vulnerability stems from a cache lookup that used ZIP-244 txid (which excludes authorization data) to bypass full verification, allowing nodes to accept blocks with invalid signatures. While this does not enable invalid transaction acceptance, it isolates vulnerable nodes from the Zcash network, creating fork conditions exploitable for service disruption and potential double-spend scenarios against partitioned nodes. No public exploit code or CISA KEV listing exists, but the technical complexity is low for actors with mining capabilities. Affected products are zebrad and zebra-consensus Rust packages supporting Network Upgrade 5 (V5 transactions). Vendor-released patch: Zebra 4.3.0.

Node.js Permission Model enforcement in versions 20.x, 22.x, 24.x, and 25.x fails to validate read permissions for fs.realpathSync.native(), allowing local authenticated processes running under --permission with restricted --allow-fs-read to enumerate filesystem paths, check file existence, and resolve symlink targets outside permitted directories. This information disclosure vulnerability bypasses sandbox restrictions intentionally configured by administrators and affects multiple stable and current Node.js release series.

Denial of service in Node.js 20.x, 22.x, 24.x, and 25.x via predictable hash collisions in V8's string hashing mechanism allows unauthenticated remote attackers to degrade process performance by crafting requests with specially-crafted JSON payloads that trigger collision cascades in the internal string table. CVSS 5.9 (moderate severity, high attack complexity). No public exploit code or active exploitation confirmed at time of analysis.

Node.js versions 20.x, 22.x, 24.x, and 25.x use non-constant-time comparison for HMAC signature verification, allowing remote attackers to infer valid HMAC values through timing oracle attacks. The vulnerability leaks information proportional to matching bytes and requires high-resolution timing measurement capability, making exploitation feasible in controlled network conditions. CVSS 5.9 (confidentiality impact only); no public exploit identified at time of analysis.

Memory leak in Node.js HTTP/2 servers allows remote unauthenticated attackers to exhaust server memory by sending crafted WINDOW_UPDATE frames on stream 0 that exceed the maximum flow control window value. Affected versions include Node.js 20, 22, 24, and 25. While the server correctly responds with a GOAWAY frame, the Http2Session object fails to be cleaned up, leading to denial of service through resource exhaustion. No public exploit code identified at time of analysis.

Elevation of privilege in Symantec Data Loss Prevention Windows Endpoint allows authenticated local users to gain SYSTEM-level access and compromise protected resources. Affects all versions prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15. CVSS 7.8 (High) reflects the local attack vector but complete system compromise upon successful exploitation. No public exploit identified at time of analysis, though the CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) classification suggests potential DLL hijacking or similar trust boundary violations.

Information disclosure in Sulu admin API allows users with any Sulu Admin role to access contact sub-entities without explicit contact permissions, bypassing authorization controls. Affects Sulu versions prior to 2.6.22 and 3.0.x prior to 3.0.5. No CVSS or EPSS data available; no active exploitation confirmed, but the vulnerability enables unauthorized data exposure through a widely-accessible admin interface.

Parse Server LiveQuery leaks protected fields and authentication data across concurrent subscribers due to shared mutable object state. When multiple clients subscribe to the same class, race conditions in the sensitive data filter allow one subscriber's field filtering to affect other subscribers, exposing data that should remain protected or delivering incomplete objects to authorized clients. Deployments using LiveQuery with protected fields or afterEvent triggers face unauthorized information disclosure. Vendor-released patches are available for Parse Server 8 and 9. No public exploit identified at time of analysis, though the vulnerability is straightforward to trigger in affected configurations.

Hardcoded wildcard CORS headers (Access-Control-Allow-Origin: *) in the Model Context Protocol Java SDK transport layer enable cross-origin session hijacking, allowing attackers to extract session IDs from victim browsers and relay authenticated requests back to internal MCP servers. The vulnerability affects the HttpServletSseServerTransportProvider and HttpServletStreamableServerTransportProvider classes in mcp-core; no public exploit code has been identified, though the attack requires user interaction (victim visiting attacker-controlled page). CVSS 6.1 reflects the combination of network-accessible vector, low attack complexity, and cross-origin impact, though practical exploitation depends on MCP server deployment architecture.

Authentication credential theft in HAPI FHIR Core library allows network attackers to intercept Bearer tokens, Basic auth credentials, and API keys through malicious URL prefix matching. The vulnerable `ManagedWebAccessUtils.getServer()` method uses unsafe `String.startsWith()` checks without host boundary validation, causing credentials configured for `http://tx.fhir.org` to be dispatched to attacker-controlled domains like `http://tx.fhir.org.attacker.com` when HTTP redirects occur. Affects Maven packages `ca.uhn.hapi.fhir:org.hl7.fhir.core` and `ca.uhn.hapi.fhir:org.hl7.fhir.utilities`. CVSS 7.4 (High) reflects network attack vector with high attack complexity requiring redirect manipulation. EPSS data not available; no confirmed active exploitation (CISA KEV), but detailed proof-of-concept code demonstrates the exploit chain through both SimpleHTTPClient and OkHttp redirect paths.

Out-of-bounds heap read in OpenSC prior to version 0.27.0 allows local attackers with physical access to smart card interfaces to trigger information disclosure and potential denial of service via crafted X.509/SPKI input to the pkcs15_reader function. The vulnerability stems from sc_pkcs15_pubkey_from_spki_fields() allocating a zero-length buffer and reading one byte beyond its bounds. No public exploit code or active exploitation has been identified; patch is available in version 0.27.0.

Remote unauthenticated nginx service takeover in nginx-ui's MCP integration allows network attackers to create, modify, or delete nginx configuration files and trigger automatic reloads without authentication. The /mcp_message endpoint lacks authentication middleware while exposing the same MCP tool handlers as the protected /mcp endpoint, and the IP whitelist defaults to empty (allow-all). Attackers can inject malicious server blocks to intercept credentials, exfiltrate backend topology, or crash nginx with invalid configs. CVSS 9.8 (Critical) with network attack vector, no authentication required, and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though detailed proof-of-concept HTTP request provided in advisory.

Insecure Direct Object Reference (IDOR) in nginx-ui up to v2.3.3 allows authenticated low-privilege users to access, modify, and delete any resource across all user accounts, including plaintext DNS provider API tokens (Cloudflare, AWS Route53, Alibaba Cloud) and ACME private keys. The application's base Model struct lacks user_id fields, and all resource endpoints query by ID without ownership verification. CVSS 8.8 reflects scope change to external services—stolen Cloudflare tokens enable DNS hijacking and fraudulent certificate issuance. No public exploit identified at time of analysis, but trivial to execute via standard HTTP requests. Vendor-released patch: v2.3.4.

Gotenberg PDF conversion service versions 8.1.0-8.28.x allow unauthenticated arbitrary file disclosure through case-variant URI scheme bypass. A previous CVE-2024-21527 patch implemented a case-sensitive deny-list regex (^file:(?!//\/tmp/).*) to block file:// access, but attackers can bypass it using FILE://, File://, or other mixed-case variants. Chromium normalizes schemes to lowercase after the deny-list check, enabling reads of /etc/passwd, credentials, environment variables, and other container filesystem contents via both the URL conversion endpoint and HTML iframes. GHSA-jjwv-57xh-xr6r confirms patches in commits 06b2b2e and 8625a4e, with fixed release v8.29.0. No KEV listing or public exploit code identified at time of analysis, but proof-of-concept steps in the advisory enable trivial reproduction.

CrewAI's JSON loader tool fails to validate file paths before reading, allowing arbitrary local file access that exposes sensitive server files to attackers with network access to the application. The vulnerability enables information disclosure without authentication, affecting all versions of CrewAI that include the vulnerable JSON loader component. No active exploitation has been confirmed, but the straightforward nature of the attack (unsanitized file path input) makes this a practical concern for production deployments.

Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.

VirtIO Block device driver in virtio-win fails to properly release memory during device reset, enabling a use-after-free vulnerability that allows high-privileged local attackers to corrupt kernel memory and cause system instability or denial of service. Affected versions span Red Hat Enterprise Linux 8, 9, and 10; no public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available via GitHub PR.

Out-of-bounds read in BlueKitchen BTstack AVRCP Browsing Target GET_FOLDER_ITEMS handler allows paired Bluetooth Classic attackers to cause denial of service and corrupt attribute bitmap state through insufficient bounds validation on the attr_id parameter. Attack requires proximity (Bluetooth range) and an established pairing relationship. CVSS score of 2.1 reflects limited impact (no confidentiality loss, minor integrity and availability degradation) despite low attack complexity; no active exploitation reported at time of analysis.

BlueKitchen BTstack contains an out-of-bounds read vulnerability in AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby Bluetooth Classic attackers with a paired connection to trigger information disclosure and potential denial of service. The vulnerability requires an attacker within Bluetooth range to establish a paired connection and send specially crafted VENDOR_DEPENDENT responses, resulting in reads beyond packet boundaries. No public exploit code or active exploitation has been identified; vendor-released patch v1.8.1 is available.

BlueKitchen BTstack AVRCP Controller handlers read beyond buffer boundaries when processing specially crafted VENDOR_DEPENDENT responses, allowing nearby Bluetooth Classic attackers with a paired connection to trigger an out-of-bounds read that may crash resource-constrained devices. The vulnerability affects all versions prior to v1.8.1, has a CVSS score of 2.1 (very low severity) due to limited availability impact and requirement for paired connection plus user interaction, and no public exploit code or active exploitation has been identified.

ArthurFiorette steam-trader 2.1.1 exposes complete Steam account credentials through an unauthenticated API endpoint, enabling account takeover. Attackers can retrieve usernames, passwords, identity secrets, shared secrets, and session tokens via the /users endpoint without authentication (CVSS:3.1 AV:N/AC:L/PR:N). This critical vulnerability (CVSS 10.0) allows generation of valid Steam Guard 2FA codes and complete account hijacking. EPSS data unavailable, no CISA KEV listing, and critically: no patch exists as the repository is archived and unmaintained. Authentication bypass and information disclosure tags confirm trivial exploitation requiring only network access.

Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.

ESET Protect (on-premises) allows user enumeration through response timing analysis, enabling remote attackers to determine whether specific usernames exist in the system without authentication. This information disclosure vulnerability (CWE-204) exploits timing differences in authentication responses to distinguish valid users from invalid ones, potentially facilitating targeted attacks against known accounts.

Libsoup transmits sensitive session cookies in cleartext within HTTP CONNECT requests when establishing HTTPS tunnels through configured HTTP proxies, allowing network-positioned attackers or malicious proxies to intercept and hijack user sessions. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10 and carries a CVSS 5.9 score with high confidentiality impact; no public exploit code or confirmed active exploitation has been identified at the time of analysis.

Improper authorization in GitLab CE/EE Jira Connect integration allows authenticated users with minimal workspace permissions to steal installation credentials and impersonate the GitLab application. Affects versions 14.3 through 18.8.6, 18.9.0-18.9.2, and 18.10.0. Vendor-released patches available in versions 18.8.7, 18.9.3, and 18.10.1. High CVSS score (8.1) reflects significant confidentiality and integrity impact with low attack complexity. No public exploit identified at time of analysis, though detailed disclosure exists via HackerOne report.

Unauthenticated directory enumeration in MRCMS V3.1.2 allows remote attackers to list and discover directory contents through the /admin/file/list.do endpoint without credentials. The vulnerability stems from missing authentication controls and input validation in the file management module, enabling information disclosure that can facilitate reconnaissance for follow-on attacks.

Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.

Unauthenticated credential disclosure in ZTE ZXHN H188A routers (versions V6.0.10P2_TE and V6.0.10P3N3_TE) allows local network attackers to retrieve sensitive credentials including default administrator passwords, WLAN PSK, and PPPoE credentials via the wizard interface, with some cases enabling unauthenticated configuration changes. No CVSS or EPSS data is available, and KEV status is unconfirmed; however, a publicly available technical analysis exists on GitHub indicating detailed exploitation methodology.

Perl versions 5.9.4-5.40.3, 5.41.0-5.42.1, and 5.43.0-5.43.8 bundle a vulnerable version of Compress::Raw::Zlib that inherits multiple information-disclosure vulnerabilities from a vendored zlib library, including CVE-2026-27171. Affected users running these Perl versions can experience data exposure through the bundled compression module. Vendor patches are available in Perl 5.40.4, 5.42.2, and 5.43.9 via Compress::Raw::Zlib 2.221.

Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints via the `/api/files/export-content` endpoint. The vulnerability stems from insufficient URL validation in the `_download_image_to_temp()` function, enabling internal network reconnaissance, access to cloud instance metadata (AWS/GCP/Azure), and potential remote code execution through server-side exploitation chains. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patch available in commit 76a54f0 and version 2.2.0.

Unauthenticated file upload in parisneo/lollms versions ≤2.2.0 enables remote attackers to submit arbitrary files for text extraction without authentication via the `/api/files/extract-text` endpoint. The vulnerability (CWE-287: Improper Authentication) allows resource exhaustion DoS attacks and potential information disclosure, with CVSS 7.5 (High) reflecting network-accessible attack surface requiring no privileges. EPSS data not available; no public exploit identified at time of analysis, though the simplicity (AC:L, PR:N) suggests trivial exploitation once endpoint details are known.

Parse Server allows attackers with a valid authentication provider token and a single MFA recovery code or SMS one-time password to create multiple concurrent authenticated sessions, bypassing the single-use guarantee of MFA recovery codes and defeating session revocation. The vulnerability exploits a race condition in the authData login endpoint where concurrent requests can reuse the same MFA token before database synchronization occurs, enabling persistent unauthorized access even after legitimate session revocation.

Parse Server's verify password endpoint leaks MFA secrets and OAuth tokens to authenticated users, enabling multi-factor authentication bypass. Attackers who possess a valid user password can extract TOTP secrets and recovery codes from the unsanitized response, then generate valid MFA codes to defeat the second authentication factor. The vulnerability affects the npm package parse-server. No public exploit identified at time of analysis, though exploitation requires only password knowledge and standard API access.

Trino's Iceberg connector leaks AWS S3 access credentials through query JSON endpoints, allowing authenticated users with write privileges to extract static or temporary credentials used for object storage access. The vulnerability exposes credentials via the query visualization API (/ui/api/query/ and /v1/query/ endpoints) when users perform write or table maintenance operations. With a CVSS of 7.7 and EPSS data not provided, this represents a confirmed credential exposure issue requiring immediate attention for organizations using Iceberg REST catalog configurations with storage credentials. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated access.

Stripe PaymentIntent replay vulnerability in mppx payment handler allows attackers to bypass idempotency checks and consume resources by replaying captured Stripe credentials against new challenges without actual charges. The vulnerability affects mppx versions prior to 0.4.11, where the server failed to validate Stripe's Idempotent-Replayed response header during PaymentIntent creation, enabling unlimited resource consumption from a single valid payment credential.

A logic error in the mppx npm package (versions <0.4.11) allows remote attackers to close payment channels without committing funds by exploiting an off-by-one validation flaw in the tempo/session cooperative close handler. The handler incorrectly used '<' instead of '<=' when validating close voucher amounts against settled on-chain amounts, enabling attackers to submit vouchers exactly equal to settled amounts for free channel closure or griefing attacks. No active exploitation confirmed (CISA KEV), but publicly available patch and detailed advisory increase exploitation risk. CVSS 7.5 (High) reflects network-accessible, low-complexity attack requiring no authentication.

Credential exposure in OpenClaw gateway pairing mechanism allows remote attackers to extract and reuse long-lived shared gateway credentials embedded in pairing setup codes. Attackers who obtain QR codes or pairing tokens from chat logs, screenshots, or system logs can recover persistent gateway credentials intended for one-time use, enabling unauthorized gateway access without authentication. EPSS data not available; no public exploit identified at time of analysis. Affects OpenClaw versions prior to 2026.3.12.

Authorization bypass in OpenClaw gateway agent RPC enables authenticated operators with operator.write permission to escape workspace boundaries and execute arbitrary operations outside designated directories. Attackers supply malicious spawnedBy and workspaceDir parameters to perform file and exec operations from any process-accessible location. CVSS 8.7 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity. No public exploit identified at time of analysis, though EPSS data unavailable. VulnCheck identified this as an information disclosure vector affecting OpenClaw versions prior to 2026.3.11.

OpenClaw before 2026.2.17 stores session transcript JSONL files with overly permissive default file permissions, enabling local authenticated users to read transcript contents and extract sensitive information including secrets from tool output. The vulnerability requires local access and authenticated status on the system, affecting confidentiality of cached session data. No public exploit code or active exploitation has been confirmed, though the attack surface is high given the local nature and ease of file access.

BichitroGan ISP Billing Software 2025.3.20 contains an improper resource identifier control vulnerability in the settings/users-view endpoint that allows authenticated remote attackers to disclose sensitive information via manipulation of the ID parameter. The vulnerability has a CVSS score of 4.3 with publicly available exploit code; the vendor has not responded to disclosure attempts.

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.

Prompt injection in PromtEngineer localGPT allows unauthenticated remote attackers to manipulate LLM behavior via crafted inputs to the _route_using_overviews function. Publicly available exploit code exists (GitHub). The vulnerability affects all versions up to commit 4d41c7d17, with CVSS 7.3 indicating moderate confidentiality, integrity, and availability impact. EPSS data not available, but the combination of network-accessible attack vector, low complexity (AC:L), no authentication requirement (PR:N), and public POC elevates real-world risk for installations exposed to untrusted input.