{"resultsPerPage":205,"startIndex":0,"totalResults":205,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T01:24:29.961","vulnerabilities":[{"cve":{"id":"CVE-2022-32224","sourceIdentifier":"support@hackerone.com","published":"2022-12-05T22:15:10.397","lastModified":"2026-05-11T18:16:29.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE."},{"lang":"es","value":"Existe una posible escalada a la vulnerabilidad RCE cuando se utilizan columnas serializadas YAML en Active Record &lt; 7.0.3.1, &lt;6.1.6.1, &lt;6.0.5.1 y &lt;5.2.8.1, lo que podría permitir a un atacante, que puede manipular datos en la base de datos (a través de medios como la inyección SQL), la capacidad de escalar a un RCE."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*","versionEndExcluding":"5.2.8.1","matchCriteriaId":"49ED831D-395F-4B7C-8388-F5444C2791EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.5.1","matchCriteriaId":"C20A0930-5A11-441C-AD56-1605DA61A2EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.6.1","matchCriteriaId":"05750DC8-484A-4C65-91C2-400C4EFA839F"},{"vulnerable":true,"criteria":"cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.3.1","matchCriteriaId":"A3B8830F-EBB1-4EAC-A828-921F79D55765"}]}]}],"references":[{"url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U","source":"support@hackerone.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-53816","sourceIdentifier":"security-advisories@github.com","published":"2025-07-17T19:15:25.170","lastModified":"2026-05-11T18:16:30.910","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue."},{"lang":"es","value":"7-Zip es un archivador de archivos con una alta tasa de compresión. Los ceros escritos fuera del búfer de memoria en el controlador RAR5 pueden provocar corrupción de memoria y denegación de servicio en versiones de 7-Zip anteriores a la 25.0.0. La versión 25.0.0 contiene una solución para este problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*","versionEndExcluding":"25.00","matchCriteriaId":"309F5F49-CD93-4F51-B45D-F8E29B5C14E3"}]}]}],"references":[{"url":"https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2025/07/18/1","source":"security-advisories@github.com","tags":["Exploit","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2025/07/18/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00021.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-56513","sourceIdentifier":"cve@mitre.org","published":"2025-09-30T18:15:50.440","lastModified":"2026-05-11T16:17:27.477","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector. NOTE: the Supplier reports that the existence of an http://update.nicehash.com URL is a fabrication, and that there is no other use of HTTP (rather than HTTPS)."},{"lang":"es","value":"NiceHash QuickMiner 6.12.0 realiza actualizaciones de software sobre HTTP sin validar firmas digitales o comprobaciones de hash. Un atacante capaz de interceptar o redirigir tráfico a la URL de actualización puede secuestrar el proceso de actualización y entregar ejecutables arbitrarios que se ejecutan automáticamente, lo que resulta en una ejecución remota de código completa. Esto constituye un vector de ataque crítico a la cadena de suministro."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-494"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nicehash:quickminer:6.12.0:*:*:*:*:*:*:*","matchCriteriaId":"9C0D6F08-0846-47A7-AAE5-6788FAF2868B"}]}]}],"references":[{"url":"https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://medium.com/@princep49036142/hijacking-the-miner-zero-click-rce-in-nicehash-quickminer-cve-2025-56513-4a7190295e6c","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2025-13033","sourceIdentifier":"secalert@redhat.com","published":"2025-11-14T20:15:45.957","lastModified":"2026-05-11T13:16:10.037","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1286"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:15979","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3751","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-13033","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402179","source":"secalert@redhat.com"},{"url":"https://github.com/nodemailer/nodemailer","source":"secalert@redhat.com"},{"url":"https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626","source":"secalert@redhat.com"},{"url":"https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-0674","sourceIdentifier":"audit@patchstack.com","published":"2026-01-08T10:15:54.910","lastModified":"2026-05-11T14:16:30.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Campaign Monitor for WordPress: from n/a through 2.9.1."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/forms-for-campaign-monitor/vulnerability/wordpress-campaign-monitor-for-wordpress-plugin-2-9-0-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-2786","sourceIdentifier":"security@mozilla.org","published":"2026-02-24T14:16:27.053","lastModified":"2026-05-10T13:16:36.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8."},{"lang":"es","value":"Uso después de liberación en el componente del motor JavaScript. Esta vulnerabilidad afecta a Firefox &lt; 148, Firefox ESR &lt; 140.8, Thunderbird &lt; 148, y Thunderbird &lt; 140.8."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.8.0","matchCriteriaId":"7DA5BF3D-3278-43DD-9DD4-C78D7A2C1883"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"148.0","matchCriteriaId":"3D8676DB-4A12-41A0-A1A5-2DED97287973"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.8.0","matchCriteriaId":"73228A3D-A71B-497B-A5BA-412FFE9F6F37"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"148.0","matchCriteriaId":"C5EBE90D-1996-4578-B715-605B24E66C59"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013612","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21725","sourceIdentifier":"security@grafana.com","published":"2026-02-25T13:16:05.240","lastModified":"2026-05-10T14:16:47.727","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so.\n\nThis requires several very stringent conditions to be met:\n\n- The attacker must have admin access to the specific datasource prior to its first deletion.\n- Upon deletion, all steps within the attack must happen within the next 30 seconds and on the same pod of Grafana.\n- The attacker must delete the datasource, then someone must recreate it.\n- The new datasource must not have the attacker as an admin.\n- The new datasource must have the same UID as the prior datasource. These are randomised by default.\n- The datasource can now be re-deleted by the attacker.\n- Once 30 seconds are up, the attack is spent and cannot be repeated.\n- No datasource with any other UID can be attacked."},{"lang":"es","value":"Una vulnerabilidad de tipo \"time-of-create-to-time-of-use\" (TOCTOU) permite que las fuentes de datos recientemente eliminadas y luego recreadas sean re-eliminadas sin permiso para hacerlo.\n\nEsto requiere que se cumplan varias condiciones muy estrictas:\n\n- El atacante debe tener acceso de administrador a la fuente de datos específica antes de su primera eliminación.\n- Tras la eliminación, todos los pasos del ataque deben ocurrir dentro de los siguientes 30 segundos y en el mismo pod de Grafana.\n- El atacante debe eliminar la fuente de datos, luego alguien debe recrearla.\n- La nueva fuente de datos no debe tener al atacante como administrador.\n- La nueva fuente de datos debe tener el mismo UID que la fuente de datos anterior. Estos se aleatorizan por defecto.\n- La fuente de datos ahora puede ser re-eliminada por el atacante.\n- Una vez transcurridos 30 segundos, el ataque se agota y no puede repetirse.\n- Ninguna fuente de datos con cualquier otro UID puede ser atacada."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.6,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:-:*:*:enterprise:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"12.4.1","matchCriteriaId":"0B8EFF4D-5611-41A6-B555-4A7911C72824"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21725","source":"security@grafana.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20797","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-02-27T02:16:18.343","lastModified":"2026-05-10T14:16:46.757","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack based buffer overflow exists in an API route of XWEB Pro version\n 1.12.1 and prior, enabling unauthenticated attackers to cause stack \ncorruption and a termination of the program."},{"lang":"es","value":"Existe un desbordamiento de búfer basado en pila en una ruta de API de XWEB Pro versión 1.12.1 y anteriores, lo que permite a atacantes no autenticados causar corrupción de pila y la terminación del programa."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_300d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"BF93AA67-7ABF-45C8-8376-7A28F7D65464"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_300d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"AEA10B9B-531A-4775-B32D-AC743D696126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500d_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"088F312E-06DF-4B90-A478-A6B5A39DE0F0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500d_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"A524988E-E22F-4B0F-AEE6-46B3F103989C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:copeland:xweb_500b_pro_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.1","matchCriteriaId":"E13AD164-C82A-4D6C-84C0-83EB8B0A611C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:copeland:xweb_500b_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"1707F67B-6365-4065-812C-7CC596C6CFF1"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate","source":"ics-cert@hq.dhs.gov","tags":["Product"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2025-63912","sourceIdentifier":"cve@mitre.org","published":"2026-03-03T18:16:23.920","lastModified":"2026-05-10T13:16:35.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials."},{"lang":"es","value":"Cohesity TranZman Migration Appliance Release 4.0 Build 14614 se descubrió que utilizaba un algoritmo de criptografía débil para el cifrado de datos, permitiendo a los atacantes revertir trivialmente el cifrado y exponer las credenciales."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cohesity:tranzman:4.0:build14614:*:*:*:*:*:*","matchCriteriaId":"F4F9B91B-96B6-411A-A53D-FEB5665D1FCA"}]}]}],"references":[{"url":"https://gist.github.com/GregDurys/4c2765d76272cda64dfc78f7a75a9251","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/GregDurys/Cohesity-TranZman-CVEs","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-2590","sourceIdentifier":"security@devolutions.net","published":"2026-03-03T22:16:29.157","lastModified":"2026-05-10T13:16:35.887","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper\n enforcement of the Disable password saving in vaults setting in the \nconnection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, \npotentially exposing sensitive information to other users, by creating \nor editing certain connection types while password saving is disabled."},{"lang":"es","value":"Aplicación incorrecta de la configuración Deshabilitar el guardado de contraseñas en bóvedas en el componente de entrada de conexión en Devolutions Remote Desktop Manager 2025.3.30 y versiones anteriores permite a un usuario autenticado persistir credenciales en entradas de bóveda, exponiendo potencialmente información sensible a otros usuarios, al crear o editar ciertos tipos de conexión mientras el guardado de contraseñas está deshabilitado."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:windows:*:*","versionEndIncluding":"2025.3.30.0","matchCriteriaId":"7DE843BF-31DA-44EB-9ED5-4468B5DCC6C4"}]}]}],"references":[{"url":"https://devolutions.net/security/advisories/DEVO-2026-0005","source":"security@devolutions.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22723","sourceIdentifier":"security@vmware.com","published":"2026-03-05T21:16:14.610","lastModified":"2026-05-10T14:16:48.003","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0."},{"lang":"es","value":"Revocación inapropiada de tokens de usuario debido a un error de lógica en la implementación del endpoint de revocación de tokens en Cloudfoundry UAA v77.30.0 a v78.7.0 y en Cloudfoundry Deployment v48.7.0 a v54.10.0."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-640"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*","versionStartExcluding":"48.7.0","versionEndIncluding":"54.11.0","matchCriteriaId":"C829FC80-C988-46CB-BD70-D6EBAA93705A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:uaa-release:*:*:*:*:*:*:*:*","versionStartIncluding":"77.30.0","versionEndExcluding":"78.8.0","matchCriteriaId":"E19811F2-0608-4471-A951-2A51A8B8974D"}]}]}],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2026-22723-uaa-user-token-revocation/","source":"security@vmware.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-70060","sourceIdentifier":"cve@mitre.org","published":"2026-03-09T16:16:16.100","lastModified":"2026-05-10T13:16:35.433","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0."},{"lang":"es","value":"Un problema relacionado con CWE-79: Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web fue descubierto en YMFE yapi v1.12.0."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ymfe:yapi:1.12.0:*:*:*:*:*:*:*","matchCriteriaId":"59E2A1BB-F4BF-47CA-8EC9-59F40B8585BC"}]}]}],"references":[{"url":"https://gist.github.com/zcxlighthouse/b9dc0586016699397c476fda02abc0c7","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/YMFE","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/YMFE/yapi","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2025-70041","sourceIdentifier":"cve@mitre.org","published":"2026-03-11T21:16:13.330","lastModified":"2026-05-10T14:16:46.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master."},{"lang":"es","value":"Un problema relacionado con CWE-259: Uso de contraseña codificada fue descubierto en oslabs-beta ThermaKube master."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-259"}]}],"references":[{"url":"https://gist.github.com/zcxlighthouse/cbd6fd6ca486460573e0611ee547f763","source":"cve@mitre.org"},{"url":"https://github.com/oslabs-beta","source":"cve@mitre.org"},{"url":"https://github.com/oslabs-beta/ThermaKube","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-21668","sourceIdentifier":"support@hackerone.com","published":"2026-03-12T15:16:13.260","lastModified":"2026-05-10T14:16:46.907","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository."},{"lang":"es","value":"Una vulnerabilidad que permite a un usuario de dominio autenticado eludir restricciones y manipular archivos arbitrarios en un Repositorio de Copias de Seguridad."}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0.1402","versionEndExcluding":"12.3.2.4465","matchCriteriaId":"7C1376E5-9691-4087-B594-B03F061BE3C8"}]}]}],"references":[{"url":"https://www.veeam.com/kb4830","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21669","sourceIdentifier":"support@hackerone.com","published":"2026-03-12T15:16:13.383","lastModified":"2026-05-10T14:16:47.027","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server."},{"lang":"es","value":"Una vulnerabilidad que permite a un usuario de dominio autenticado realizar ejecución remota de código (RCE) en el servidor de copia de seguridad."}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0.496","versionEndExcluding":"13.0.1.2067","matchCriteriaId":"CC75F0C6-5BC3-4AD4-84C9-E0FFAB5EA980"}]}]}],"references":[{"url":"https://www.veeam.com/kb4831","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21670","sourceIdentifier":"support@hackerone.com","published":"2026-03-12T15:16:13.510","lastModified":"2026-05-10T13:16:35.610","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing a low-privileged user to extract saved SSH credentials."},{"lang":"es","value":"Una vulnerabilidad que permite a un usuario de bajo privilegio extraer credenciales SSH guardadas."}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0.496","versionEndIncluding":"13.0.1.1071","matchCriteriaId":"9F7C6B2B-8DFE-4FF7-A990-04BB209D5031"}]}]}],"references":[{"url":"https://www.veeam.com/kb4831","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21671","sourceIdentifier":"support@hackerone.com","published":"2026-03-12T15:16:13.630","lastModified":"2026-05-10T14:16:47.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication."},{"lang":"es","value":"Una vulnerabilidad que permite a un usuario autenticado con el rol de Administrador de Copias de Seguridad realizar ejecución remota de código (RCE) en implementaciones de alta disponibilidad (HA) de Veeam Backup &amp; Replication."}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0.496","versionEndIncluding":"13.0.1.1071","matchCriteriaId":"9F7C6B2B-8DFE-4FF7-A990-04BB209D5031"}]}]}],"references":[{"url":"https://www.veeam.com/kb4831","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21672","sourceIdentifier":"support@hackerone.com","published":"2026-03-12T17:16:35.633","lastModified":"2026-05-10T14:16:47.247","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers."},{"lang":"es","value":"Una vulnerabilidad que permite la escalada de privilegios local en servidores Veeam Backup &amp; Replication basados en Windows."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-538"}]}],"references":[{"url":"https://www.veeam.com/kb4830","source":"support@hackerone.com"},{"url":"https://www.veeam.com/kb4831","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-21708","sourceIdentifier":"support@hackerone.com","published":"2026-03-12T17:16:36.683","lastModified":"2026-05-10T13:16:35.747","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user."},{"lang":"es","value":"Una vulnerabilidad que permite a un Visor de Copias de Seguridad realizar ejecución remota de código (RCE) como el usuario postgres."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.veeam.com/kb4830","source":"support@hackerone.com"},{"url":"https://www.veeam.com/kb4831","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2025-13702","sourceIdentifier":"psirt@us.ibm.com","published":"2026-03-13T19:53:48.300","lastModified":"2026-05-10T14:16:45.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Sterling Partner Engagement Manager 6.2.3.0 hasta 6.2.3.5 y 6.2.4.0 hasta 6.2.4.2 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a un usuario autenticado incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista y lo que podría llevar a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.3.6","matchCriteriaId":"687DC91A-7A4C-4FF2-8E23-65C8CDC5F52D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.3.6","matchCriteriaId":"7D427503-5EF4-485A-8073-C6C0B5723C2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*","versionStartIncluding":"6.2.4","versionEndExcluding":"6.2.4.3","matchCriteriaId":"AB87CB0E-55B9-4C72-A592-C7E162A10C63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*","versionStartIncluding":"6.2.4","versionEndExcluding":"6.2.4.3","matchCriteriaId":"C07A609D-EF2B-423D-8006-B75E33C858D8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7263391","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4269","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-03-16T18:16:11.007","lastModified":"2026-05-11T14:34:12.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected.\n\nTo remediate this issue, customers should upgrade to version v0.1.13."},{"lang":"es","value":"Una verificación de propiedad de S3 faltante en el Kit de Inicio Bedrock AgentCore antes de la versión v0.1.13 puede permitir a un actor remoto inyectar código durante el proceso de compilación, lo que lleva a la ejecución de código en el tiempo de ejecución de AgentCore. Este problema solo afecta a los usuarios del Kit de Inicio Bedrock AgentCore antes de la versión v0.1.13 que compilan o han compilado el Kit después del 24 de septiembre de 2025. Cualquier usuario en una versión &gt;=v0.1.13, y cualquier usuario en versiones anteriores que compiló el kit antes del 24 de septiembre de 2025, no se ve afectado. Para remediar este problema, los clientes deben actualizar a la versión v0.1.13."}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-283"},{"lang":"en","value":"CWE-340"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:amazon:bedrock_agentcore_starter_toolkit:*:*:*:*:*:python:*:*","versionEndExcluding":"0.1.13","matchCriteriaId":"59D471CF-5B18-4CE5-851B-0487702B4D33"}]}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-008-AWS/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Vendor Advisory"]},{"url":"https://github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-0708","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-03-17T04:16:07.750","lastModified":"2026-05-11T17:14:50.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system."},{"lang":"es","value":"Se encontró un fallo en libucl. Un atacante remoto podría explotar esto al proporcionar una entrada de Universal Configuration Language (UCL) especialmente diseñada que contiene una clave con un byte nulo incrustado. Esto puede causar un fallo de segmentación (fallo SEGV) en la función 'ucl_object_emit' al analizar y emitir el objeto, lo que lleva a una denegación de servicio (DoS) para el sistema afectado."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vstakhov:libucl:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.4","matchCriteriaId":"C9FF5B7E-8AFB-438D-A407-EC4664ED380A"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-0708","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427770","source":"patrick@puiterwijk.org","tags":["Third Party Advisory","Issue Tracking"]},{"url":"https://github.com/vstakhov/libucl/issues/323","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Vendor Advisory","Exploit"]},{"url":"https://github.com/vstakhov/libucl/issues/323","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2025-62320","sourceIdentifier":"psirt@hcl.com","published":"2026-03-17T13:16:16.503","lastModified":"2026-05-11T14:18:40.947","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser."},{"lang":"es","value":"La Inyección HTML puede llevarse a cabo en el Producto cuando una aplicación web no verifica o limpia adecuadamente la entrada del usuario antes de mostrarla en una página web. Debido a esto, un atacante puede insertar código HTML no deseado en la página. Cuando el navegador carga la página, puede interactuar automáticamente con recursos externos incluidos en ese HTML, lo que puede causar solicitudes inesperadas desde el navegador del usuario."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"305B2D5D-64DB-40FC-9188-CCF3EA5764F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"10B800BE-C835-4E99-A05F-FF5B0C8556F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_audience_central:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"C3B128F6-5258-4CD7-9B8B-2EA82575046B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_audience_central:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"56033CC8-1562-481D-9781-68605E639D33"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_campaign:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"DBD704E0-EC17-40EF-B125-A3F7B2265C87"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_campaign:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"21A943C9-F93D-4385-9FA2-D7970FDF2CF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_centralised_offer_management:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"62BA1D1F-E3A6-4F78-98C8-C5BF4C28BB45"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_centralised_offer_management:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"122EAB2F-BB96-4954-93F9-82FB61D27A5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_contact_central:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"7CB92F37-C4B6-403B-A150-C9BCB094CD41"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_contact_central:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"A55CF519-0F7B-469D-96FE-D29DEDC35C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_interact:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"23118E78-677A-4E04-ABAA-7A301B45FFB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_interact:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"73B4E36F-D53D-4E3C-92DA-97151A2BCEDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_journey:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"A7802A1C-BE9A-45BB-81EE-C1836BB6933C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_journey:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"206F9793-8910-45B1-8249-B3F04B326AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_plan:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"7D193791-017A-4E65-A183-4780E3DE37AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_plan:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"2EDC3A16-B40C-44D0-BEDB-8EBEE9671B58"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_segment_central:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.11","matchCriteriaId":"13A74D83-78CC-495E-AC56-90C472725477"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:unica_segment_central:*:*:*:*:*:*:*:*","versionStartIncluding":"25.1.0","versionEndExcluding":"25.1.1.0.1","matchCriteriaId":"5C9D635D-AB51-43CF-B5C5-6E013191A637"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460","source":"psirt@hcl.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4368","sourceIdentifier":"50a63c94-1ea7-4568-8c11-eb79e7c5a2b5","published":"2026-03-23T21:17:17.667","lastModified":"2026-05-10T14:16:50.953","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup"},{"lang":"es","value":"Condición de carrera en NetScaler ADC y NetScaler Gateway cuando el dispositivo está configurado como Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) o servidor virtual AAA, lo que lleva a la mezcla de sesiones de usuario."}],"metrics":{"cvssMetricV40":[{"source":"50a63c94-1ea7-4568-8c11-eb79e7c5a2b5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300","source":"50a63c94-1ea7-4568-8c11-eb79e7c5a2b5"}]}},{"cve":{"id":"CVE-2026-20684","sourceIdentifier":"product-security@apple.com","published":"2026-03-25T01:17:05.387","lastModified":"2026-05-10T14:16:46.587","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks."},{"lang":"es","value":"Se abordó un problema de permisos con restricciones adicionales. Este problema está corregido en macOS Tahoe 26.4. Una app puede eludir las comprobaciones de Gatekeeper."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.4","matchCriteriaId":"6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"}]}]}],"references":[{"url":"https://support.apple.com/en-us/126794","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28833","sourceIdentifier":"product-security@apple.com","published":"2026-03-25T01:17:08.383","lastModified":"2026-05-10T14:16:48.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps."},{"lang":"es","value":"Se abordó un problema de permisos con restricciones adicionales. Este problema está corregido en iOS 26.4 y iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Una aplicación podría enumerar las aplicaciones instaladas de un usuario."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"F813DB63-2B55-4E0B-9073-5465C65F69D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"01612D13-BE5B-43F8-B53E-5BF57F2A5B0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.4","matchCriteriaId":"6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"113B9705-BFF0-4357-B1AB-F57052F32361"}]}]}],"references":[{"url":"https://support.apple.com/en-us/126792","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126794","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126799","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28838","sourceIdentifier":"product-security@apple.com","published":"2026-03-25T01:17:08.787","lastModified":"2026-05-10T14:16:48.787","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox."},{"lang":"es","value":"Se abordó un problema de permisos con restricciones de sandbox adicionales. Este problema está solucionado en macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Una aplicación podría escapar de su sandbox."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.8.5","matchCriteriaId":"D66288AF-23BD-407A-81F5-F1DFBF84C622"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.7.5","matchCriteriaId":"DD21D2C9-BBEC-4E8E-B8D2-C92B7E6155E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.4","matchCriteriaId":"6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"}]}]}],"references":[{"url":"https://support.apple.com/en-us/126794","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126795","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126796","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28861","sourceIdentifier":"product-security@apple.com","published":"2026-03-25T01:17:10.130","lastModified":"2026-05-10T14:16:48.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins."},{"lang":"es","value":"Se abordó un problema de lógica con una gestión de estado mejorada. Este problema se solucionó en Safari 26.4, iOS 18.7.7 y iPadOS 18.7.7, iOS 26.4 y iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Un sitio web malicioso podría acceder a manejadores de mensajes de script destinados a otros orígenes."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"993386B4-0570-414F-B4A6-3E65F5704903"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"18.7.7","matchCriteriaId":"118313FD-8CF6-4412-B1A8-4BC3D5C2F519"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.4","matchCriteriaId":"F201257D-2F7C-43AA-BD51-ED5EC98F99E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"18.7.7","matchCriteriaId":"684E10EB-D01A-4E80-8764-B48B554B0B5E"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.4","matchCriteriaId":"F7F08C35-7A60-4FEC-8D44-533902F43EDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"DCFD15D9-91CA-4342-9F7E-A219B459B755"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"113B9705-BFF0-4357-B1AB-F57052F32361"}]}]}],"references":[{"url":"https://support.apple.com/en-us/126792","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126793","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126794","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126799","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126800","source":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28863","sourceIdentifier":"product-security@apple.com","published":"2026-03-25T01:17:10.347","lastModified":"2026-05-10T14:16:49.100","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user."},{"lang":"es","value":"Se abordó un problema de permisos con restricciones adicionales. Este problema está solucionado en iOS 26.4 y iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Una aplicación podría tomar la huella digital del usuario."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"F813DB63-2B55-4E0B-9073-5465C65F69D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"01612D13-BE5B-43F8-B53E-5BF57F2A5B0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"A906E2B7-B83B-4AD0-B00F-BEDEF2EDB844"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"113B9705-BFF0-4357-B1AB-F57052F32361"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4","matchCriteriaId":"F6EAF0A5-7CFF-4EF6-9BC7-DB25B213F753"}]}]}],"references":[{"url":"https://support.apple.com/en-us/126792","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126797","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126798","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/en-us/126799","source":"product-security@apple.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30587","sourceIdentifier":"cve@mitre.org","published":"2026-03-25T18:16:31.793","lastModified":"2026-05-10T14:16:49.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows authenticated remote attackers to inject malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags"},{"lang":"es","value":"Múltiples vulnerabilidades de XSS Almacenado existen en Seafile Servidor versión 13.0.15, 13.0.16-pro, 12.0.14 y anteriores, y fueron corregidas en 13.0.17, 13.0.17-pro y 12.0.20-pro, a través del editor Seadoc (sdoc). La aplicación no logra sanear correctamente los mensajes de WebSocket relacionados con las actualizaciones de la estructura del documento. Esto permite a atacantes remotos autenticados inyectar cargas útiles maliciosas de JavaScript a través del atributo src de las pizarras blancas incrustadas de Excalidraw o el atributo href de las etiquetas de anclaje."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:seafile:seafile_server:*:*:*:*:professional:*:*:*","versionEndExcluding":"12.0.20","matchCriteriaId":"79197CA1-6A7E-4165-AD57-982C8824B82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:seafile:seafile_server:13.0.15:*:*:*:community:*:*:*","matchCriteriaId":"ECCCED4B-9663-4BC1-BD35-995B3DCDAC95"},{"vulnerable":true,"criteria":"cpe:2.3:a:seafile:seafile_server:13.0.16:*:*:*:professional:*:*:*","matchCriteriaId":"880080C5-9A1A-4D9B-83AB-33D8C21FCF38"}]}]}],"references":[{"url":"https://gist.github.com/gabdevele/1b7e30ab367b26042fa32f45aa12ce2f","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/haiwen/seadoc-editor/commit/8fa988aaede072b2ae073d1b2edcb2fc691423b2","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/haiwen/seahub/commit/4c5301747bdb84c64b2f2b3230417df2d1cc8987","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://manual.seafile.com/12.0/changelog/changelog-for-seafile-professional-server/","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://manual.seafile.com/13.0/changelog/changelog-for-seafile-professional-server/","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://manual.seafile.com/13.0/changelog/server-changelog/","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-29934","sourceIdentifier":"cve@mitre.org","published":"2026-03-26T15:16:36.017","lastModified":"2026-05-10T14:16:49.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header."},{"lang":"es","value":"Una vulnerabilidad de cross-site scripting (XSS) reflejada en el componente /admin/menus de Lightcms v2.0 permite a los atacantes ejecutar Javascript arbitrario en el contexto del navegador del usuario mediante la modificación del valor del referer en la cabecera de la solicitud."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lightcms_project:lightcms:2.0:*:*:*:*:*:*:*","matchCriteriaId":"188FCA72-D81E-48AA-8C49-58CB4BCD877F"}]}]}],"references":[{"url":"https://github.com/eddy8/LightCMS/issues/38","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Mitigation"]}]}},{"cve":{"id":"CVE-2026-0966","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:00.783","lastModified":"2026-05-11T17:16:11.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process."},{"lang":"es","value":"La función API 'ssh_get_hexa()' es vulnerable cuando se proporciona una entrada de longitud 0 a esta función. Esta función se utiliza internamente en 'ssh_get_fingerprint_hash()' y 'ssh_print_hexa()' (obsoleta), la cual es vulnerable a la misma entrada (la longitud es proporcionada por la aplicación que realiza la llamada).\n\nLa función también se utiliza internamente en el código gssapi para registrar los OID recibidos por el servidor durante la autenticación GSSAPI. Esto podría activarse de forma remota cuando el servidor permite la autenticación GSSAPI y la verbosidad del registro se establece al menos en SSH_LOG_PACKET (3). Esto podría causar un auto-DoS del proceso demonio por conexión."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-124"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndExcluding":"0.11.4","matchCriteriaId":"68C64024-6979-46E1-A57F-5C0228DC8DAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:7067","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-0966","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433121","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/","source":"secalert@redhat.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-22738","sourceIdentifier":"security@vmware.com","published":"2026-03-27T06:16:37.663","lastModified":"2026-05-10T14:16:48.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected.\nThis issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-917"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.5","matchCriteriaId":"28BAEC64-E23B-478B-B206-5580BB00516F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.4","matchCriteriaId":"E3774C35-AE82-486B-8E13-8FCC34D3CA30"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-22738","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22742","sourceIdentifier":"security@vmware.com","published":"2026-03-27T06:16:37.833","lastModified":"2026-05-10T14:16:48.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.\nThis issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.5","matchCriteriaId":"28BAEC64-E23B-478B-B206-5580BB00516F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.4","matchCriteriaId":"E3774C35-AE82-486B-8E13-8FCC34D3CA30"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-22742","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27877","sourceIdentifier":"security@grafana.com","published":"2026-03-27T15:16:51.050","lastModified":"2026-05-10T14:16:48.383","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.\n\nNo passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionEndExcluding":"9.3.0","matchCriteriaId":"0714C0DD-B9B9-4400-AE9C-C2C60BF57743"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.14","versionEndExcluding":"12.0.0","matchCriteriaId":"5845D5E9-8631-4F0B-B100-24DCDE4C8C1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.10","versionEndExcluding":"12.2.0","matchCriteriaId":"AE3F977F-FF94-4A15-918C-54241EC49560"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.8","versionEndExcluding":"12.3.0","matchCriteriaId":"CB499815-0B44-4BF9-AB14-F7272EF0173F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.6","versionEndExcluding":"12.4.0","matchCriteriaId":"7F2B145A-24E0-4C0F-BF82-FFD2B1301B51"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-27877","source":"security@grafana.com","tags":["Vendor Advisory"]},{"url":"https://grafana.com/security/security-advisories/cve-2026-27877","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27880","sourceIdentifier":"security@grafana.com","published":"2026-03-27T15:16:51.323","lastModified":"2026-05-10T14:16:48.510","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.0","matchCriteriaId":"004E77E1-58B9-4F05-B788-5C52FBB8A25E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.10","versionEndExcluding":"12.2.0","matchCriteriaId":"AE3F977F-FF94-4A15-918C-54241EC49560"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.8","versionEndExcluding":"12.3.0","matchCriteriaId":"CB499815-0B44-4BF9-AB14-F7272EF0173F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.3.6","versionEndExcluding":"12.4.0","matchCriteriaId":"7F2B145A-24E0-4C0F-BF82-FFD2B1301B51"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-27880","source":"security@grafana.com","tags":["Vendor Advisory"]},{"url":"https://grafana.com/security/security-advisories/cve-2026-27880","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4984","sourceIdentifier":"vulnreport@tenable.com","published":"2026-03-27T15:17:03.953","lastModified":"2026-05-10T14:16:51.070","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.\n\nWhen processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integration's Twilio credentials in the 'Authorization' header.\n\nAn attacker can forge a webhook payload pointing to their own server and receive the victim's 'accountSID' and 'authToken' in plaintext (base64-encoded Basic Auth), leading to full compromise of the Twilio account."}],"metrics":{"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2026-22","source":"vulnreport@tenable.com"}]}},{"cve":{"id":"CVE-2026-30567","sourceIdentifier":"cve@mitre.org","published":"2026-03-27T18:16:05.083","lastModified":"2026-05-10T14:16:49.697","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the \"limit\" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ahsanriaz26gmailcom:inventory_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"D4A61A9C-F969-4CD2-8A33-1A36DFFDEB8E"}]}]}],"references":[{"url":"https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewProduct-limit.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewProduct-limit.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-34046","sourceIdentifier":"security-advisories@github.com","published":"2026-03-27T21:17:27.753","lastModified":"2026-05-11T14:23:34.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check — the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user to read any other user's flow, including embedded plaintext API keys; modify the logic of another user's AI agents, and/or delete flows belonging to other users. The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter. The fix in version 1.5.1 removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.0","matchCriteriaId":"A2B9A67D-F960-425C-B4EB-99EC59D6B425"},{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:1.5.0:dev0:*:*:*:*:*:*","matchCriteriaId":"433E1411-65A6-4938-B8EE-983C07145FC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:1.5.0:dev1:*:*:*:*:*:*","matchCriteriaId":"85F6671F-A02B-4B74-AA22-09EA710B7130"},{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow-base:*:*:*:*:*:python:*:*","versionEndExcluding":"0.5.1","matchCriteriaId":"C364A228-0EEC-47C5-90A8-07A12DCF48D7"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/pull/8956","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-8c4j-f57c-35cf","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21712","sourceIdentifier":"support@hackerone.com","published":"2026-03-30T16:16:03.510","lastModified":"2026-05-10T14:16:47.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process."},{"lang":"es","value":"Una falla en el procesamiento de URL de Node.js causa una falla de aserción en código nativo cuando se llama a 'url.format()' con un nombre de dominio internacionalizado (IDN) malformado que contiene caracteres no válidos, colapsando el proceso de Node.js."}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://hackerone.com/reports/3546390","source":"support@hackerone.com"},{"url":"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-21713","sourceIdentifier":"support@hackerone.com","published":"2026-03-30T20:16:19.397","lastModified":"2026-05-10T14:16:47.507","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**."},{"lang":"es","value":"Un fallo en la verificación HMAC de Node.js utiliza una comparación de tiempo no constante al validar firmas proporcionadas por el usuario, filtrando potencialmente información de temporización proporcional al número de bytes coincidentes. Bajo ciertos modelos de amenaza donde las mediciones de temporización de alta resolución son posibles, este comportamiento podría ser explotado como un oráculo de temporización para inferir valores HMAC.\n\nNode.js ya proporciona primitivas de comparación seguras contra ataques de temporización utilizadas en otras partes de la base de código, lo que indica que esto es un descuido en lugar de una decisión de diseño intencional.\n\nEsta vulnerabilidad afecta 20.x, 22.x, 24.x y 25.x."}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-21717","sourceIdentifier":"support@hackerone.com","published":"2026-03-30T20:16:20.010","lastModified":"2026-05-10T14:16:47.620","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**."},{"lang":"es","value":"Un fallo en el mecanismo de hash de cadenas de V8 hace que las cadenas similares a enteros se les aplique hash a su valor numérico, haciendo que las colisiones de hash sean trivialmente predecibles. Al elaborar una solicitud que causa muchas de estas colisiones en la tabla interna de cadenas de V8, un atacante puede degradar significativamente el rendimiento del proceso de Node.js.\n\nEl desencadenante más común es cualquier punto final que llama a `JSON.parse()` en la entrada controlada por el atacante, ya que el análisis JSON internaliza automáticamente cadenas cortas en la tabla hash afectada.\n\nEsta vulnerabilidad afecta a 20.x, 22.x, 24.x y 25.x."}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-22561","sourceIdentifier":"support@hackerone.com","published":"2026-03-31T16:16:28.850","lastModified":"2026-05-10T14:16:47.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer."}],"metrics":{"cvssMetricV40":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anthropic:claude:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.3363","matchCriteriaId":"A807B059-FBC1-44F4-A6C4-86EA1A4136B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://trust.anthropic.com/resources?s=1cvig6ldp3zvuj1yffzr11&name=cve-2026-22561-dll-search-order-hijacking-in-claude-for-windows-installer","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30526","sourceIdentifier":"cve@mitre.org","published":"2026-04-01T15:22:59.277","lastModified":"2026-05-10T14:16:49.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding or sanitization. This allows remote attackers to inject arbitrary web script or HTML via a crafted URL."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pushpam02:zoo_management_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"BE938678-CB95-443D-BD7B-0F526B65A074"}]}]}],"references":[{"url":"https://github.com/meifukun/Web-Security-PoCs/blob/main/Zoo-Management-System/Reflected-XSS-Login-msg.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-67805","sourceIdentifier":"cve@mitre.org","published":"2026-04-01T16:23:48.177","lastModified":"2026-05-10T14:16:45.980","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*","matchCriteriaId":"633B447B-E044-4548-9D21-E82129683125"}]}]}],"references":[{"url":"https://pastebin.com/Tk4LgMG2","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.sagedpw.at/","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2025-67806","sourceIdentifier":"cve@mitre.org","published":"2026-04-01T16:23:48.323","lastModified":"2026-05-10T14:16:46.130","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sagedpw:sage_dpw:2025_06_004:*:*:*:*:*:*:*","matchCriteriaId":"633B447B-E044-4548-9D21-E82129683125"}]}]}],"references":[{"url":"https://pastebin.com/Tk4LgMG2","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.sagedpw.at/","source":"cve@mitre.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-34760","sourceIdentifier":"security-advisories@github.com","published":"2026-04-02T20:16:25.437","lastModified":"2026-05-11T13:24:40.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.5.5","versionEndExcluding":"0.18.0","matchCriteriaId":"B8A23C5E-0560-4C39-AF88-AA055348DC8B"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/c7f98b4d0a63b32ed939e2b6dfaa8a626e9b46c4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/37058","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/vllm-project/vllm/releases/tag/v0.18.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6c4r-fmh3-7rh8","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35404","sourceIdentifier":"security-advisories@github.com","published":"2026-04-06T22:16:21.360","lastModified":"2026-05-11T18:16:32.343","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openedx:openedx:*:*:*:*:*:*:*:*","versionEndIncluding":"2026-04-02","matchCriteriaId":"06A17A40-548D-40D0-BD7F-CC30B7EA25DA"}]}]}],"references":[{"url":"https://github.com/openedx/openedx-platform/commit/76462f1e5fa9b37d2621ad7ad19514b403908970","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openedx/openedx-platform/security/advisories/GHSA-2843-x998-f8r2","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5735","sourceIdentifier":"security@mozilla.org","published":"2026-04-07T13:16:47.763","lastModified":"2026-05-10T21:16:29.483","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionEndExcluding":"149.0.2","matchCriteriaId":"CF910B3C-C241-48B5-9066-260750E8E7ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionEndExcluding":"149.0.2","matchCriteriaId":"5FB6BDEF-D9FC-4C5C-9098-03DCA98223D3"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=2025475%2C2025477","source":"security@mozilla.org","tags":["Broken Link","Issue Tracking"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-25/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-28/","source":"security@mozilla.org"}]}},{"cve":{"id":"CVE-2026-5863","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-04-08T22:16:25.817","lastModified":"2026-05-10T21:16:29.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"147.0.7727.55","matchCriteriaId":"9A68673A-1331-48AF-8860-53064F0AF310"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/484527367","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-5911","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-04-08T22:16:31.010","lastModified":"2026-05-10T21:16:29.847","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"147.0.7727.55","matchCriteriaId":"9A68673A-1331-48AF-8860-53064F0AF310"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/485785246","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-1502","sourceIdentifier":"cna@python.org","published":"2026-04-10T18:16:40.970","lastModified":"2026-05-10T21:16:28.247","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host."}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/146211","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/146212","source":"cna@python.org"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/","source":"cna@python.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/11/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-36874","sourceIdentifier":"cve@mitre.org","published":"2026-04-13T13:16:41.673","lastModified":"2026-05-10T21:16:29.007","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:razormist:basic_library_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"7F93EAAD-3EF5-4565-8C51-7AEBA905A0CD"}]}]}],"references":[{"url":"https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-3.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-36946","sourceIdentifier":"cve@mitre.org","published":"2026-04-13T14:16:13.883","lastModified":"2026-05-10T14:16:50.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"E67CA652-A839-4363-98A3-59009A27A755"}]}]}],"references":[{"url":"https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-36942","sourceIdentifier":"cve@mitre.org","published":"2026-04-13T15:17:34.290","lastModified":"2026-05-10T14:16:50.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/online-resort-management-system/SQL-4.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-31280","sourceIdentifier":"cve@mitre.org","published":"2026-04-13T21:16:24.143","lastModified":"2026-05-10T21:16:28.683","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://amoebatech.gitbook.io/amoebatech-docs/cve-2026-31280-insecure-bluetooth-rfcomm-leading-to-device-crash-in-parani-m10-intercom","source":"cve@mitre.org"},{"url":"https://nvd.nist.gov/vuln/detail/cve-2023-4586","source":"cve@mitre.org"},{"url":"https://nvd.nist.gov/vuln/detail/cve-2025-20701","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2025-65134","sourceIdentifier":"cve@mitre.org","published":"2026-04-14T16:16:34.383","lastModified":"2026-05-10T21:16:27.240","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-6312","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-04-15T20:16:40.940","lastModified":"2026-05-10T14:16:51.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"147.0.7727.101","matchCriteriaId":"571DC362-C7E4-4FA4-A493-9DD22A4DACC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","source":"chrome-cve-admin@google.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498269651","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-21733","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-04-17T17:16:35.220","lastModified":"2026-05-10T21:16:28.363","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- \nRESERVED"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":5.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-40948","sourceIdentifier":"security@apache.org","published":"2026-04-18T14:16:10.897","lastModified":"2026-05-11T15:09:48.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's browser and cause the victim to be logged into the attacker's Airflow session (login-CSRF / session fixation), where any credentials the victim subsequently stored in Airflow Connections would be harvestable by the attacker. Users are advised to upgrade `apache-airflow-providers-keycloak` to 0.7.0 or later."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apache-airflow-providers-keycloak:*:*:*:*:*:*:*:*","versionStartIncluding":"0.0.1","versionEndExcluding":"0.7.0","matchCriteriaId":"AA33FD2D-B2AE-43EE-B962-46CAFD5C0B1F"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/64114","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/kc0odpr70hbqhdb9ksnz42fkqz2xld9q","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-13480","sourceIdentifier":"cvd@cert.pl","published":"2026-04-20T10:16:16.060","lastModified":"2026-05-11T16:54:56.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.\nThis vulnerability has been fixed in version 5.6.3"}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fudosecurity:fudo_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.6.3","matchCriteriaId":"C973DECA-7589-4C6C-BE49-24BB0D4BA09C"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2025-13480","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5.6.3.pdf","source":"cvd@cert.pl","tags":["Release Notes"]},{"url":"https://www.fudosecurity.com/product/enterprise","source":"cvd@cert.pl","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-35154","sourceIdentifier":"security_alert@emc.com","published":"2026-04-20T17:16:34.263","lastModified":"2026-05-11T09:16:25.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability.\n A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation."}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.13.1.0","versionEndExcluding":"7.13.1.70","matchCriteriaId":"A9BE0E5A-02D6-49B9-BC84-F4A35F932D16"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0.0","versionEndExcluding":"8.3.1.30","matchCriteriaId":"A9BBC4B6-D52D-4F76-8444-05061DDB7002"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.0","matchCriteriaId":"749DB068-EDFA-402A-91EB-66575CA10EDD"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31368","sourceIdentifier":"3836d913-7555-4dd0-a509-f5667fdf5fe4","published":"2026-04-21T07:16:07.923","lastModified":"2026-05-10T20:16:27.510","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability."}],"metrics":{"cvssMetricV31":[{"source":"3836d913-7555-4dd0-a509-f5667fdf5fe4","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://www.honor.com/global/security/cve-2026-31368/","source":"3836d913-7555-4dd0-a509-f5667fdf5fe4"}]}},{"cve":{"id":"CVE-2026-31370","sourceIdentifier":"3836d913-7555-4dd0-a509-f5667fdf5fe4","published":"2026-04-21T07:16:09.437","lastModified":"2026-05-10T20:16:28.280","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality."}],"metrics":{"cvssMetricV31":[{"source":"3836d913-7555-4dd0-a509-f5667fdf5fe4","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.honor.com/global/security/CVE-2026-31370/","source":"3836d913-7555-4dd0-a509-f5667fdf5fe4"}]}},{"cve":{"id":"CVE-2026-34314","sourceIdentifier":"secalert_us@oracle.com","published":"2026-04-21T21:16:36.917","lastModified":"2026-05-10T20:16:28.387","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform).  Supported versions that are affected are 8.0.7.9, 8.0.8.7 and  8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as  unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9.0:*:*:*:*:*:*:*","matchCriteriaId":"01413F8D-9A00-4D47-AEFC-B214F24DF7E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7.0:*:*:*:*:*:*:*","matchCriteriaId":"99758374-009C-4AD2-8402-F8F0ACE6B289"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"93333ABD-DCF3-46E6-8053-36B62D7431A3"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3007","sourceIdentifier":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","published":"2026-04-23T04:16:07.980","lastModified":"2026-05-10T20:16:28.850","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature."}],"metrics":{"cvssMetricV31":[{"source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-042/","source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}]}},{"cve":{"id":"CVE-2026-1949","sourceIdentifier":"759f5e80-c8e1-4224-bead-956d7b33c98b","published":"2026-04-24T06:16:03.883","lastModified":"2026-05-11T17:42:32.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service."}],"metrics":{"cvssMetricV31":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16","matchCriteriaId":"BC2A0FA6-0941-49B4-BBDD-D4D7E886D4E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*","matchCriteriaId":"207554E0-1FF1-4F4A-AE19-C8F77D3A38D9"}]}]}],"references":[{"url":"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf","source":"759f5e80-c8e1-4224-bead-956d7b33c98b","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1950","sourceIdentifier":"759f5e80-c8e1-4224-bead-956d7b33c98b","published":"2026-04-24T07:16:08.523","lastModified":"2026-05-11T17:42:40.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Delta Electronics AS320T has \nNo checking of the length of the buffer with the file name vulnerability."}],"metrics":{"cvssMetricV31":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16","matchCriteriaId":"BC2A0FA6-0941-49B4-BBDD-D4D7E886D4E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*","matchCriteriaId":"207554E0-1FF1-4F4A-AE19-C8F77D3A38D9"}]}]}],"references":[{"url":"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf","source":"759f5e80-c8e1-4224-bead-956d7b33c98b","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1951","sourceIdentifier":"759f5e80-c8e1-4224-bead-956d7b33c98b","published":"2026-04-24T07:16:09.520","lastModified":"2026-05-11T17:42:30.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability."}],"metrics":{"cvssMetricV31":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.12","matchCriteriaId":"4A7A1AC8-9920-4CA3-8B25-6DC5E20AFCDD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*","matchCriteriaId":"207554E0-1FF1-4F4A-AE19-C8F77D3A38D9"}]}]}],"references":[{"url":"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf","source":"759f5e80-c8e1-4224-bead-956d7b33c98b","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1952","sourceIdentifier":"759f5e80-c8e1-4224-bead-956d7b33c98b","published":"2026-04-24T07:16:09.627","lastModified":"2026-05-11T17:42:47.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability."}],"metrics":{"cvssMetricV31":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"759f5e80-c8e1-4224-bead-956d7b33c98b","type":"Secondary","description":[{"lang":"en","value":"CWE-912"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16","matchCriteriaId":"BC2A0FA6-0941-49B4-BBDD-D4D7E886D4E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*","matchCriteriaId":"207554E0-1FF1-4F4A-AE19-C8F77D3A38D9"}]}]}],"references":[{"url":"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf","source":"759f5e80-c8e1-4224-bead-956d7b33c98b","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41907","sourceIdentifier":"security-advisories@github.com","published":"2026-04-24T19:17:14.490","lastModified":"2026-05-11T13:53:19.343","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"},{"lang":"en","value":"CWE-823"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uuidjs:uuid:*:*:*:*:*:node.js:*:*","versionEndExcluding":"11.1.1","matchCriteriaId":"B8AA79D0-36C1-44C8-BB22-29113130D2DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:uuidjs:uuid:12.0.0:*:*:*:*:node.js:*:*","matchCriteriaId":"989A818E-3B12-4BA1-8311-C2C4237B3E47"},{"vulnerable":true,"criteria":"cpe:2.3:a:uuidjs:uuid:13.0.0:*:*:*:*:node.js:*:*","matchCriteriaId":"88125146-C07D-4469-86AC-447F215418F1"}]}]}],"references":[{"url":"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-3323","sourceIdentifier":"info@cert.vde.com","published":"2026-04-28T11:16:05.967","lastModified":"2026-05-11T14:58:48.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes."}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:vega:vegapuls_6x_firmware:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"DA4A5882-65D9-44A6-9A9B-2A0B1F644CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:vega:vegapuls_6x_firmware:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"F505C3EA-1CD8-4219-9756-2E74D83EEA4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:vega:vegapuls_6x:-:*:*:*:*:*:*:*","matchCriteriaId":"191D2BDC-D3D4-494B-9FFA-C808FAA3298F"}]}]}],"references":[{"url":"https://certvde.com/en/advisories/VDE-2026-016","source":"info@cert.vde.com","tags":["Third Party Advisory"]},{"url":"https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json","source":"info@cert.vde.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-38949","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T19:37:38.937","lastModified":"2026-05-10T20:16:28.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Chittu13/cve-research/blob/main/CVE-2026-38949/README.md","source":"cve@mitre.org"},{"url":"https://github.com/danpros/htmly","source":"cve@mitre.org"},{"url":"https://youtu.be/3e-tzUMCox8","source":"cve@mitre.org"},{"url":"https://github.com/Chittu13/cve-research/blob/main/CVE-2026-38949/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-3340","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T21:16:32.463","lastModified":"2026-05-11T17:05:34.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.8.4","matchCriteriaId":"83CB6A3F-0146-4A7A-9FDF-7F49CCBBC143"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271096","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3346","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T21:16:32.610","lastModified":"2026-05-11T17:06:09.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndIncluding":"1.8.4","matchCriteriaId":"826FDA9F-F22A-49AC-96F1-7EDD14D90261"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271095","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4502","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T21:16:33.533","lastModified":"2026-05-11T17:06:21.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndIncluding":"1.8.4","matchCriteriaId":"4B9C49D8-B198-43A9-ACF6-ADEB4BA58A96"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271097","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4503","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T21:16:33.667","lastModified":"2026-05-11T17:06:27.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.8.4","matchCriteriaId":"83CB6A3F-0146-4A7A-9FDF-7F49CCBBC143"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271099","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1577","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T22:16:25.017","lastModified":"2026-05-10T14:16:46.437","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1284"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*","versionStartIncluding":"11.5.0","versionEndIncluding":"11.5.9","matchCriteriaId":"ECAF5576-B4A5-4DB7-94F0-942F656F0461"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*","versionStartIncluding":"11.5.0","versionEndIncluding":"11.5.9","matchCriteriaId":"B1E165E8-F11B-4F13-B54A-90D29CA2ABF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*","versionStartIncluding":"11.5.0","versionEndIncluding":"11.5.9","matchCriteriaId":"727E2804-2D3D-4C31-A3E5-F99107D02A27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"1E004F72-3A78-4548-AB21-E048C5E79536"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"83BC943C-4CB3-4751-9E03-B8BB18113DF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.4","matchCriteriaId":"B5327C79-7D77-4435-8FC3-B6568C1DE2B1"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7269434","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3345","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T22:16:25.337","lastModified":"2026-05-11T17:05:14.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.4","matchCriteriaId":"8A5CBB9F-3D40-4752-AF98-A6B303F8690D"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271094","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6543","sourceIdentifier":"psirt@us.ibm.com","published":"2026-04-30T22:16:26.467","lastModified":"2026-05-11T17:04:58.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.8.4","matchCriteriaId":"83CB6A3F-0146-4A7A-9FDF-7F49CCBBC143"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7271092","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31765","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:39.633","lastModified":"2026-05-11T17:48:57.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB\n\nCurrently, AMDGPU_VA_RESERVED_TRAP_SIZE is hardcoded to 8KB, while\nKFD_CWSR_TBA_TMA_SIZE is defined as 2 * PAGE_SIZE. On systems with\n4K pages, both values match (8KB), so allocation and reserved space\nare consistent.\n\nHowever, on 64K page-size systems, KFD_CWSR_TBA_TMA_SIZE becomes 128KB,\nwhile the reserved trap area remains 8KB. This mismatch causes the\nkernel to crash when running rocminfo or rccl unit tests.\n\nKernel attempted to read user page (2) - exploit attempt? (uid: 1001)\nBUG: Kernel NULL pointer dereference on read at 0x00000002\nFaulting instruction address: 0xc0000000002c8a64\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\nCPU: 34 UID: 1001 PID: 9379 Comm: rocminfo Tainted: G E\n6.19.0-rc4-amdgpu-00320-gf23176405700 #56 VOLUNTARY\nTainted: [E]=UNSIGNED_MODULE\nHardware name: IBM,9105-42A POWER10 (architected) 0x800200 0xf000006\nof:IBM,FW1060.30 (ML1060_896) hv:phyp pSeries\nNIP:  c0000000002c8a64 LR: c00000000125dbc8 CTR: c00000000125e730\nREGS: c0000001e0957580 TRAP: 0300 Tainted: G E\nMSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24008268\nXER: 00000036\nCFAR: c00000000125dbc4 DAR: 0000000000000002 DSISR: 40000000\nIRQMASK: 1\nGPR00: c00000000125d908 c0000001e0957820 c0000000016e8100\nc00000013d814540\nGPR04: 0000000000000002 c00000013d814550 0000000000000045\n0000000000000000\nGPR08: c00000013444d000 c00000013d814538 c00000013d814538\n0000000084002268\nGPR12: c00000000125e730 c000007e2ffd5f00 ffffffffffffffff\n0000000000020000\nGPR16: 0000000000000000 0000000000000002 c00000015f653000\n0000000000000000\nGPR20: c000000138662400 c00000013d814540 0000000000000000\nc00000013d814500\nGPR24: 0000000000000000 0000000000000002 c0000001e0957888\nc0000001e0957878\nGPR28: c00000013d814548 0000000000000000 c00000013d814540\nc0000001e0957888\nNIP [c0000000002c8a64] __mutex_add_waiter+0x24/0xc0\nLR [c00000000125dbc8] __mutex_lock.constprop.0+0x318/0xd00\nCall Trace:\n0xc0000001e0957890 (unreliable)\n__mutex_lock.constprop.0+0x58/0xd00\namdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x6fc/0xb60 [amdgpu]\nkfd_process_alloc_gpuvm+0x54/0x1f0 [amdgpu]\nkfd_process_device_init_cwsr_dgpu+0xa4/0x1a0 [amdgpu]\nkfd_process_device_init_vm+0xd8/0x2e0 [amdgpu]\nkfd_ioctl_acquire_vm+0xd0/0x130 [amdgpu]\nkfd_ioctl+0x514/0x670 [amdgpu]\nsys_ioctl+0x134/0x180\nsystem_call_exception+0x114/0x300\nsystem_call_vectored_common+0x15c/0x2ec\n\nThis patch changes AMDGPU_VA_RESERVED_TRAP_SIZE to 64 KB and\nKFD_CWSR_TBA_TMA_SIZE to the AMD GPU page size. This means we reserve\n64 KB for the trap in the address space, but only allocate 8 KB within\nit. With this approach, the allocation size never exceeds the reserved\narea.\n\n(cherry picked from commit 31b8de5e55666f26ea7ece5f412b83eab3f56dbb)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.81","matchCriteriaId":"6276F46A-4462-4160-9890-B059A6D60C74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4487571ef17a30d274600b3bd6965f497a881299","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6b2614a0ff05a2d2836311425091c8feca6f0c21","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77c918eaa4c916751769242567407f61c6af142a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3508cf822c4d96d3e492210314f8f6f2da7df58","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31766","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:39.763","lastModified":"2026-05-11T17:49:58.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate doorbell_offset in user queue creation\n\namdgpu_userq_get_doorbell_index() passes the user-provided\ndoorbell_offset to amdgpu_doorbell_index_on_bar() without bounds\nchecking. An arbitrarily large doorbell_offset can cause the\ncalculated doorbell index to fall outside the allocated doorbell BO,\npotentially corrupting kernel doorbell space.\n\nValidate that doorbell_offset falls within the doorbell BO before\ncomputing the BAR index, using u64 arithmetic to prevent overflow.\n\n(cherry picked from commit de1ef4ffd70e1d15f0bf584fd22b1f28cbd5e2ec)"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.22","matchCriteriaId":"B376ADEA-99DD-4C34-B0B2-7362FBE63A29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3543005a42d7e8e12b21897ef6798541bf7cbcd3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86b732fbc37ce4fb76cdd4af0fb7e30a6acdbce6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a018d1819f158991b7308e4f74609c6c029b670c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31767","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:39.870","lastModified":"2026-05-11T17:53:02.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode\n\nStop adjusting the horizontal timing values based on the\ncompression ratio in command mode. Bspec seems to be telling\nus to do this only in video mode, and this is also how the\nWindows driver does things.\n\nThis should also fix a div-by-zero on some machines because\nthe adjusted htotal ends up being so small that we end up with\nline_time_us==0 when trying to determine the vtotal value in\ncommand mode.\n\nNote that this doesn't actually make the display on the\nHuawei Matebook E work, but at least the kernel no longer\nexplodes when the driver loads.\n\n(cherry picked from commit 0b475e91ecc2313207196c6d7fd5c53e1a878525)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.12.81","matchCriteriaId":"D7C26F95-0187-4B01-A110-0643650CED29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/33b5336e4fd8ba0e40a12989cadb3f5534a0f9e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4dfce79e098915d8e5fc2b9e1d980bc3251dd32c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/55efe8402f46af8399c8b634a18b130a05fd7820","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86e926b108880c0109b8635e459450447156aeb7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31768","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:39.977","lastModified":"2026-05-11T17:54:28.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-adc161s626: use DMA-safe memory for spi_read()\n\nAdd a DMA-safe buffer and use it for spi_read() instead of a stack\nmemory. All SPI buffers must be DMA-safe.\n\nSince we only need up to 3 bytes, we just use a u8[] instead of __be16\nand __be32 and change the conversion functions appropriately."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.1.168","matchCriteriaId":"398FB001-08FB-43B5-927C-EF197FB74E3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/014c6d27878d3883f7bb065610768fd021de1a96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67b3a91bdc48220bfb67155ab528121b9c822782","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/768461517a28d80fe81ea4d5d03a90cd184ea6ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b3bb8faeca1a2ef7be95ee8a512b639f9ffce947","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d2d031b0786ea66ab0577c9d2d71435068d32199","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa64aab25aba47296aa8d12bb4c88ec3fecb2054","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31769","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:40.090","lastModified":"2026-05-11T17:56:52.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngpib: fix use-after-free in IO ioctl handlers\n\nThe IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpib_descriptor\npointer after board->big_gpib_mutex has been released.  A concurrent\nIBCLOSEDEV ioctl can free the descriptor via close_dev_ioctl() during\nthis window, causing a use-after-free.\n\nThe IO handlers (read_ioctl, write_ioctl, command_ioctl) explicitly\nrelease big_gpib_mutex before calling their handler.  wait_ioctl() is\ncalled with big_gpib_mutex held, but ibwait() releases it internally\nwhen wait_mask is non-zero.  In all four cases, the descriptor pointer\nobtained from handle_to_descriptor() becomes unprotected.\n\nFix this by introducing a kernel-only descriptor_busy reference count\nin struct gpib_descriptor.  Each handler atomically increments\ndescriptor_busy under file_priv->descriptors_mutex before releasing the\nlock, and decrements it when done.  close_dev_ioctl() checks\ndescriptor_busy under the same lock and rejects the close with -EBUSY\nif the count is non-zero.\n\nA reference count rather than a simple flag is necessary because\nmultiple handlers can operate on the same descriptor concurrently\n(e.g. IBRD and IBWAIT on the same handle from different threads).\n\nA separate counter is needed because io_in_progress can be cleared from\nunprivileged userspace via the IBWAIT ioctl (through general_ibstatus()\nwith set_mask containing CMPL), which would allow an attacker to bypass\na check based solely on io_in_progress.  The new descriptor_busy\ncounter is only modified by the kernel IO paths.\n\nThe lock ordering is consistent (big_gpib_mutex -> descriptors_mutex)\nand the handlers only hold descriptors_mutex briefly during the lookup,\nso there is no deadlock risk and no impact on IO throughput."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28c75dd143ead62e0dfac564c79d251e21d5d74b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cae26eff1b56d78bed7873cf3e60a2b1bdd4da6c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d1857f8296dceb75d00ab857fc3c61bc00c7f5c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31770","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:40.200","lastModified":"2026-05-11T17:58:07.823","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (occ) Fix division by zero in occ_show_power_1()\n\nIn occ_show_power_1() case 1, the accumulator is divided by\nupdate_tag without checking for zero. If no samples have been\ncollected yet (e.g. during early boot when the sensor block is\nincluded but hasn't been updated), update_tag is zero, causing\na kernel divide-by-zero crash.\n\nThe 2019 fix in commit 211186cae14d (\"hwmon: (occ) Fix division by\nzero issue\") only addressed occ_get_powr_avg() used by\nocc_show_power_2() and occ_show_power_a0(). This separate code\npath in occ_show_power_1() was missed.\n\nFix this by reusing the existing occ_get_powr_avg() helper, which\nalready handles the zero-sample case and uses mul_u64_u32_div()\nto multiply before dividing for better precision. Move the helper\nabove occ_show_power_1() so it is visible at the call site.\n\n[groeck: Fix alignment problems reported by checkpatch]"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.253","matchCriteriaId":"A58C0269-40CC-43D7-8F8A-B2C38025D165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/243d55bd3f08cb15eee9d63f4716d4d4cdd760f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2502684b9e835de9a992ec47c3e6c6faabe3858d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37ae8fadc74ed68e5bc364ffd17746d88e449ae3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/39e2a5bf970402a8530a319cf06122e216ba57b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53e6175756b8c474b6247bbcea0aad3d68357475","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7b89ce0c98bf3015f493ca4285b2d1056cd8c733","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bbbefc48f6617cfb738dcff7f44beb50b5dfeb38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7d3712362c8ab8f82f441b649d9e446e7b9aa9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31771","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:40.337","lastModified":"2026-05-11T18:00:00.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: move wake reason storage into validated event handlers\n\nhci_store_wake_reason() is called from hci_event_packet() immediately\nafter stripping the HCI event header but before hci_event_func()\nenforces the per-event minimum payload length from hci_ev_table.\nThis means a short HCI event frame can reach bacpy() before any bounds\ncheck runs.\n\nRather than duplicating skb parsing and per-event length checks inside\nhci_store_wake_reason(), move wake-address storage into the individual\nevent handlers after their existing event-length validation has\nsucceeded. Convert hci_store_wake_reason() into a small helper that only\nstores an already-validated bdaddr while the caller holds hci_dev_lock().\nUse the same helper after hci_event_func() with a NULL address to\npreserve the existing unexpected-wake fallback semantics when no\nvalidated event handler records a wake address.\n\nAnnotate the helper with __must_hold(&hdev->lock) and add\nlockdep_assert_held(&hdev->lock) so future call paths keep the lock\ncontract explicit.\n\nCall the helper from hci_conn_request_evt(), hci_conn_complete_evt(),\nhci_sync_conn_complete_evt(), le_conn_complete_evt(),\nhci_le_adv_report_evt(), hci_le_ext_adv_report_evt(),\nhci_le_direct_adv_report_evt(), hci_le_pa_sync_established_evt(), and\nhci_le_past_received_evt()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.19.12","matchCriteriaId":"5C6630F4-82C7-43EE-A9AC-FF59BBAEEDD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b2bf47cd75518c36fa2d41380e4a40641cc89cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86c8d07a64d553c41e213b52650020010f9ef23e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31778","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:41.190","lastModified":"2026-05-11T18:05:22.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: caiaq: fix stack out-of-bounds read in init_card\n\nThe loop creates a whitespace-stripped copy of the card shortname\nwhere `len < sizeof(card->id)` is used for the bounds check. Since\nsizeof(card->id) is 16 and the local id buffer is also 16 bytes,\nwriting 16 non-space characters fills the entire buffer,\noverwriting the terminating nullbyte.\n\nWhen this non-null-terminated string is later passed to\nsnd_card_set_id() -> copy_valid_id_string(), the function scans\nforward with `while (*nid && ...)` and reads past the end of the\nstack buffer, reading the contents of the stack.\n\nA USB device with a product name containing many non-ASCII, non-space\ncharacters (e.g. multibyte UTF-8) will reliably trigger this as follows:\n\n  BUG: KASAN: stack-out-of-bounds in copy_valid_id_string\n       sound/core/init.c:696 [inline]\n  BUG: KASAN: stack-out-of-bounds in snd_card_set_id_no_lock+0x698/0x74c\n       sound/core/init.c:718\n\nThe off-by-one has been present since commit bafeee5b1f8d (\"ALSA:\nsnd_usb_caiaq: give better shortname\") from June 2009 (v2.6.31-rc1),\nwhich first introduced this whitespace-stripping loop. The original\ncode never accounted for the null terminator when bounding the copy.\n\nFix this by changing the loop bound to `sizeof(card->id) - 1`,\nensuring at least one byte remains as the null terminator."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.10.253","matchCriteriaId":"B50E0851-B870-41D9-8E6F-BA8182EF6CCB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02d9c5b0b5553a391448b6d655262bd829f90234","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3178b62e2e31bab39f63d4c8e54bf4ee0a425627","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3afa2e67f3523a980a2f90fd63c22322ac2b9ce0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3f7f8bae0d52cbd07ab04b76b6aac89ef98ee9f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45424e871abf2a152e247a9cff78359f18dd95c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/66194c2575a4f567577ae70b1d7561163ce791a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7594a6464873d90fd229e5b94cdd3b92c9feabed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a82c1bce2d1299dd3c686a8fe48cf75b79a403c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-31779","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-01T15:16:41.330","lastModified":"2026-05-11T18:02:49.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()\n\nThe memcpy function assumes the dynamic array notif->matches is at least\nas large as the number of bytes to copy. Otherwise, results->matches may\ncontain unwanted data. To guarantee safety, extend the validation in one\nof the checks to ensure sufficient packet length.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.168","matchCriteriaId":"D160CC79-0918-4708-9668-A084BD88B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/744fabc338e87b95c4d1ff7c95bc8c0f834c6d99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca0e9491b98ca4c5b44204b0b3dd8062a3b5fba2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd90880eb5ec5442b37eb2b95688f4a63f4883e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e67d8c626ace80b0fa2b48c8ec0a46b508c93442","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f6abac936a0dfd31d6c3e49205ec0ee75a8f887f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ffbed27ba15ef80d1c622eeedbfef03e501ae134","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-42477","sourceIdentifier":"cve@mitre.org","published":"2026-05-01T15:16:43.737","lastModified":"2026-05-10T14:16:50.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*","versionEndIncluding":"7.9.3","matchCriteriaId":"13B8FE30-EAE8-4F3E-8F5C-E81BD438FF6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"0B51DDC9-FDA5-4701-8CA3-5B589D72FA88"},{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"57733587-FB01-4201-8509-E81B6AE94AE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"86CF4B98-CCD3-4463-9A24-231128DDF85A"},{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F3987B9C-2448-4281-9A5C-FB6AF0336C3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*","matchCriteriaId":"632D1594-AD1F-4F80-86F7-F8850F3574EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*","matchCriteriaId":"267468E1-F54F-44AF-B74F-DFD29354243B"}]}]}],"references":[{"url":"https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-7482","sourceIdentifier":"abd028dc-c042-4c4d-9749-38d0f850af89","published":"2026-05-04T13:16:01.727","lastModified":"2026-05-11T12:27:11.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may include environment variables, API keys, system prompts, and concurrent users' conversation data, and can be exfiltrated by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. The /api/create and /api/push endpoints have no authentication in the upstream distribution. Default deployments bind to 127.0.0.1, but the documented OLLAMA_HOST=0.0.0.0 configuration is widely used in practice (large public-internet exposure observed)."}],"metrics":{"cvssMetricV40":[{"source":"abd028dc-c042-4c4d-9749-38d0f850af89","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:L/U:Red","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"abd028dc-c042-4c4d-9749-38d0f850af89","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"abd028dc-c042-4c4d-9749-38d0f850af89","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*","versionEndExcluding":"0.17.1","matchCriteriaId":"18CE34C3-1F67-46CE-8B8D-5B54FC3996EF"}]}]}],"references":[{"url":"https://github.com/ollama/ollama/commit/88d57d0483cca907e0b23a968c83627a20b21047","source":"abd028dc-c042-4c4d-9749-38d0f850af89","tags":["Patch"]},{"url":"https://github.com/ollama/ollama/pull/14406","source":"abd028dc-c042-4c4d-9749-38d0f850af89","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ollama/ollama/releases/tag/v0.17.1","source":"abd028dc-c042-4c4d-9749-38d0f850af89","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-42151","sourceIdentifier":"security-advisories@github.com","published":"2026-05-04T19:16:04.220","lastModified":"2026-05-11T17:22:07.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the /-/config HTTP API endpoint. Because the field was a plain string, the Azure OAuth client secret was exposed in plaintext to any user or process with access to that endpoint. This issue has been patched in versions 3.5.3 and 3.11.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*","versionStartIncluding":"2.48.0","versionEndExcluding":"3.5.3","matchCriteriaId":"59F27955-13C7-4DD7-85E8-3D1C62BFF82E"},{"vulnerable":true,"criteria":"cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.11.3","matchCriteriaId":"26BB9EEC-D049-4268-953C-E90B253745CE"}]}]}],"references":[{"url":"https://github.com/prometheus/prometheus/pull/18587","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/prometheus/prometheus/pull/18590","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/prometheus/prometheus/releases/tag/v3.11.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/prometheus/prometheus/releases/tag/v3.5.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42154","sourceIdentifier":"security-advisories@github.com","published":"2026-05-04T19:16:04.397","lastModified":"2026-05-11T17:22:42.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process. This issue has been patched in versions 3.5.3 and 3.11.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.3","matchCriteriaId":"36FDEDDF-199E-43DA-93AF-51C8E40BF389"},{"vulnerable":true,"criteria":"cpe:2.3:a:prometheus:prometheus:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.11.3","matchCriteriaId":"26BB9EEC-D049-4268-953C-E90B253745CE"}]}]}],"references":[{"url":"https://github.com/prometheus/prometheus/pull/18584","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/prometheus/prometheus/pull/18585","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/prometheus/prometheus/releases/tag/v3.11.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/prometheus/prometheus/releases/tag/v3.5.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-61669","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T16:16:10.133","lastModified":"2026-05-11T13:01:45.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"E0B6C703-7E28-4F23-9878-E157975C32A4"}]}]}],"references":[{"url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31835","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T19:16:21.733","lastModified":"2026-05-11T16:59:34.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1backup_eligible1 and 1backup_state flags1) based on unverified `authenticatorData` before signature validation is performed. An attacker who knows a user's password but cannot produce a valid WebAuthn signature can permanently modify the stored backup flags for that user's credential. If signature verification fails, the database update is not rolled back. This can result in a persistent denial of service of WebAuthn two-factor authentication for affected credentials. This issue has been fixed in version 1.35.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*","versionEndExcluding":"1.35.5","matchCriteriaId":"84C9FEC4-49EA-4F83-9E8F-9DA52A9A987E"}]}]}],"references":[{"url":"https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-x7g7-cgx5-jhx2","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-x7g7-cgx5-jhx2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40110","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T22:16:00.663","lastModified":"2026-05-11T12:59:21.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-777"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"E0B6C703-7E28-4F23-9878-E157975C32A4"}]}]}],"references":[{"url":"https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jupyter-server/jupyter_server/pull/603","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-40934","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T22:16:00.820","lastModified":"2026-05-11T13:00:39.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"E0B6C703-7E28-4F23-9878-E157975C32A4"}]}]}],"references":[{"url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2025-71251","sourceIdentifier":"security@unisoc.com","published":"2026-05-06T02:16:03.400","lastModified":"2026-05-11T15:13:47.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}],"metrics":{"cvssMetricV31":[{"source":"security@unisoc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*","matchCriteriaId":"AC867249-B767-4802-868D-6D0E356C8294"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*","matchCriteriaId":"25BBD3C5-E87C-4730-970C-19DF855AC3A2"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*","matchCriteriaId":"DE00DFDE-97DD-4D33-B580-73FEF677C71B"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*","matchCriteriaId":"F20E00D8-2F00-4FA3-9455-37DC89908D96"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*","matchCriteriaId":"CDC980D6-B797-4AE1-B553-35395AE80D07"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*","matchCriteriaId":"39002ECE-636A-4FEB-9A0B-8127E8AAC844"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*","matchCriteriaId":"814A8ADD-9AFB-43AD-A341-E6475F4150ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*","matchCriteriaId":"02739649-98EC-45CC-8CF4-404A55FAE398"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*","matchCriteriaId":"855F9E13-B4E4-4E74-85C2-F6F9EF4DA916"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*","matchCriteriaId":"E51D591C-58C5-4F75-B631-58275E3F5776"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*","matchCriteriaId":"1B0FDCBD-BC38-4C7E-94ED-29F5EA852F39"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*","matchCriteriaId":"04D97A60-C848-4948-A84D-80332B1D5BBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*","matchCriteriaId":"F2DA04F2-5351-4043-A330-5397E627A222"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*","matchCriteriaId":"FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*","matchCriteriaId":"DC7743D5-B187-48D4-BC77-D8DCDF263166"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}],"references":[{"url":"https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466","source":"security@unisoc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71252","sourceIdentifier":"security@unisoc.com","published":"2026-05-06T02:16:04.733","lastModified":"2026-05-11T15:13:05.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}],"metrics":{"cvssMetricV31":[{"source":"security@unisoc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*","matchCriteriaId":"AC867249-B767-4802-868D-6D0E356C8294"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*","matchCriteriaId":"25BBD3C5-E87C-4730-970C-19DF855AC3A2"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*","matchCriteriaId":"DE00DFDE-97DD-4D33-B580-73FEF677C71B"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*","matchCriteriaId":"F20E00D8-2F00-4FA3-9455-37DC89908D96"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*","matchCriteriaId":"CDC980D6-B797-4AE1-B553-35395AE80D07"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*","matchCriteriaId":"39002ECE-636A-4FEB-9A0B-8127E8AAC844"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*","matchCriteriaId":"814A8ADD-9AFB-43AD-A341-E6475F4150ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*","matchCriteriaId":"02739649-98EC-45CC-8CF4-404A55FAE398"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*","matchCriteriaId":"855F9E13-B4E4-4E74-85C2-F6F9EF4DA916"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*","matchCriteriaId":"E51D591C-58C5-4F75-B631-58275E3F5776"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*","matchCriteriaId":"1B0FDCBD-BC38-4C7E-94ED-29F5EA852F39"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*","matchCriteriaId":"04D97A60-C848-4948-A84D-80332B1D5BBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*","matchCriteriaId":"F2DA04F2-5351-4043-A330-5397E627A222"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*","matchCriteriaId":"FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*","matchCriteriaId":"DC7743D5-B187-48D4-BC77-D8DCDF263166"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}],"references":[{"url":"https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466","source":"security@unisoc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71253","sourceIdentifier":"security@unisoc.com","published":"2026-05-06T02:16:04.857","lastModified":"2026-05-11T15:11:54.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}],"metrics":{"cvssMetricV31":[{"source":"security@unisoc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*","matchCriteriaId":"AC867249-B767-4802-868D-6D0E356C8294"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*","matchCriteriaId":"25BBD3C5-E87C-4730-970C-19DF855AC3A2"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*","matchCriteriaId":"DE00DFDE-97DD-4D33-B580-73FEF677C71B"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*","matchCriteriaId":"F20E00D8-2F00-4FA3-9455-37DC89908D96"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*","matchCriteriaId":"CDC980D6-B797-4AE1-B553-35395AE80D07"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*","matchCriteriaId":"39002ECE-636A-4FEB-9A0B-8127E8AAC844"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*","matchCriteriaId":"814A8ADD-9AFB-43AD-A341-E6475F4150ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*","matchCriteriaId":"02739649-98EC-45CC-8CF4-404A55FAE398"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*","matchCriteriaId":"855F9E13-B4E4-4E74-85C2-F6F9EF4DA916"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*","matchCriteriaId":"E51D591C-58C5-4F75-B631-58275E3F5776"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*","matchCriteriaId":"1B0FDCBD-BC38-4C7E-94ED-29F5EA852F39"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*","matchCriteriaId":"04D97A60-C848-4948-A84D-80332B1D5BBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*","matchCriteriaId":"F2DA04F2-5351-4043-A330-5397E627A222"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*","matchCriteriaId":"FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*","matchCriteriaId":"DC7743D5-B187-48D4-BC77-D8DCDF263166"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}],"references":[{"url":"https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466","source":"security@unisoc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71254","sourceIdentifier":"security@unisoc.com","published":"2026-05-06T02:16:04.983","lastModified":"2026-05-11T15:10:36.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}],"metrics":{"cvssMetricV31":[{"source":"security@unisoc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*","matchCriteriaId":"AC867249-B767-4802-868D-6D0E356C8294"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*","matchCriteriaId":"25BBD3C5-E87C-4730-970C-19DF855AC3A2"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*","matchCriteriaId":"DE00DFDE-97DD-4D33-B580-73FEF677C71B"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*","matchCriteriaId":"F20E00D8-2F00-4FA3-9455-37DC89908D96"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*","matchCriteriaId":"CDC980D6-B797-4AE1-B553-35395AE80D07"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*","matchCriteriaId":"39002ECE-636A-4FEB-9A0B-8127E8AAC844"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*","matchCriteriaId":"814A8ADD-9AFB-43AD-A341-E6475F4150ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*","matchCriteriaId":"02739649-98EC-45CC-8CF4-404A55FAE398"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*","matchCriteriaId":"855F9E13-B4E4-4E74-85C2-F6F9EF4DA916"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*","matchCriteriaId":"E51D591C-58C5-4F75-B631-58275E3F5776"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*","matchCriteriaId":"1B0FDCBD-BC38-4C7E-94ED-29F5EA852F39"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*","matchCriteriaId":"04D97A60-C848-4948-A84D-80332B1D5BBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*","matchCriteriaId":"F2DA04F2-5351-4043-A330-5397E627A222"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*","matchCriteriaId":"FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*","matchCriteriaId":"DC7743D5-B187-48D4-BC77-D8DCDF263166"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}],"references":[{"url":"https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466","source":"security@unisoc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71255","sourceIdentifier":"security@unisoc.com","published":"2026-05-06T02:16:05.093","lastModified":"2026-05-11T15:09:47.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}],"metrics":{"cvssMetricV31":[{"source":"security@unisoc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*","matchCriteriaId":"AC867249-B767-4802-868D-6D0E356C8294"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*","matchCriteriaId":"25BBD3C5-E87C-4730-970C-19DF855AC3A2"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*","matchCriteriaId":"DE00DFDE-97DD-4D33-B580-73FEF677C71B"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*","matchCriteriaId":"F20E00D8-2F00-4FA3-9455-37DC89908D96"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*","matchCriteriaId":"CDC980D6-B797-4AE1-B553-35395AE80D07"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*","matchCriteriaId":"39002ECE-636A-4FEB-9A0B-8127E8AAC844"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*","matchCriteriaId":"814A8ADD-9AFB-43AD-A341-E6475F4150ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*","matchCriteriaId":"02739649-98EC-45CC-8CF4-404A55FAE398"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*","matchCriteriaId":"855F9E13-B4E4-4E74-85C2-F6F9EF4DA916"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*","matchCriteriaId":"E51D591C-58C5-4F75-B631-58275E3F5776"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*","matchCriteriaId":"1B0FDCBD-BC38-4C7E-94ED-29F5EA852F39"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*","matchCriteriaId":"04D97A60-C848-4948-A84D-80332B1D5BBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*","matchCriteriaId":"F2DA04F2-5351-4043-A330-5397E627A222"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*","matchCriteriaId":"FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*","matchCriteriaId":"DC7743D5-B187-48D4-BC77-D8DCDF263166"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}],"references":[{"url":"https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466","source":"security@unisoc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71256","sourceIdentifier":"security@unisoc.com","published":"2026-05-06T02:16:05.213","lastModified":"2026-05-11T15:06:21.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed."}],"metrics":{"cvssMetricV31":[{"source":"security@unisoc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","matchCriteriaId":"879FFD0C-9B38-4CAA-B057-1086D794D469"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*","matchCriteriaId":"F2DA04F2-5351-4043-A330-5397E627A222"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*","matchCriteriaId":"FC033D2C-ED1A-4EAB-A77B-8E1C88C74B0A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*","matchCriteriaId":"DC7743D5-B187-48D4-BC77-D8DCDF263166"},{"vulnerable":false,"criteria":"cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1F3B9D-142F-4E70-8477-E26D921EF19A"}]}]}],"references":[{"url":"https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466","source":"security@unisoc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43099","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.400","lastModified":"2026-05-11T17:36:29.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: fix null-ptr-deref in icmp_build_probe()\n\nipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the\nIPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing\nthis error pointer to dev_hold() will cause a kernel crash with\nnull-ptr-deref.\n\nInstead, silently discard the request. RFC 8335 does not appear to\ndefine a specific response for the case where an IPv6 interface\nidentifier is syntactically valid but the implementation cannot perform\nthe lookup at runtime, and silently dropping the request may safer than\nmisreporting \"No Such Interface\"."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"6.6.136","matchCriteriaId":"1CA556B4-5EB8-4B96-AEEA-6BDC9CC8BF90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/47a8bf52156ac7e7a581eca31c1f964ba4258d4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5b9911582d441f72fe6ccb15ffe3303bbc07f6f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6be325206850a0891896d38bcf83a09d8b54ec48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f91b3ed9e7fa82a70511b5f6901c88379acf2964","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43100","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.523","lastModified":"2026-05-11T17:35:52.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: guard local VLAN-0 FDB helpers against NULL vlan group\n\nWhen CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and\nnbp_vlan_group() return NULL (br_private.h stub definitions). The\nBR_BOOLOPT_FDB_LOCAL_VLAN_0 toggle code is compiled unconditionally and\nreaches br_fdb_delete_locals_per_vlan_port() and\nbr_fdb_insert_locals_per_vlan_port(), where the NULL vlan group pointer\nis dereferenced via list_for_each_entry(v, &vg->vlan_list, vlist).\n\nThe observed crash is in the delete path, triggered when creating a\nbridge with IFLA_BR_MULTI_BOOLOPT containing BR_BOOLOPT_FDB_LOCAL_VLAN_0\nvia RTM_NEWLINK. The insert helper has the same bug pattern.\n\n  Oops: general protection fault, probably for non-canonical address 0xdffffc0000000056: 0000 [#1] KASAN NOPTI\n  KASAN: null-ptr-deref in range [0x00000000000002b0-0x00000000000002b7]\n  RIP: 0010:br_fdb_delete_locals_per_vlan+0x2b9/0x310\n  Call Trace:\n   br_fdb_toggle_local_vlan_0+0x452/0x4c0\n   br_toggle_fdb_local_vlan_0+0x31/0x80 net/bridge/br.c:276\n   br_boolopt_toggle net/bridge/br.c:313\n   br_boolopt_multi_toggle net/bridge/br.c:364\n   br_changelink net/bridge/br_netlink.c:1542\n   br_dev_newlink net/bridge/br_netlink.c:1575\n\nAdd NULL checks for the vlan group pointer in both helpers, returning\nearly when there are no VLANs to iterate. This matches the existing\npattern used by other bridge FDB functions such as br_fdb_add() and\nbr_fdb_delete()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.24","matchCriteriaId":"4C4EAA6A-7949-4B29-BD69-5BB05C4D1A6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1979645e1842cb7017525a61a0e0e0beb924d02a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ddf0ec2d600e7dad62b89692749534d7900a732a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb612d436ff0317659e45a91c25fd7d9516f5b1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43101","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.637","lastModified":"2026-05-11T17:35:21.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()\n\nWe need to check __in6_dev_get() for possible NULL value, as\nsuggested by Yiming Qian.\n\nAlso add skb_dst_dev_rcu() instead of skb_dst_dev(),\nand two missing READ_ONCE().\n\nNote that @dev can't be NULL."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.18.24","matchCriteriaId":"802EA115-7C28-4222-914F-60C63F721E7D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3719c234fa94c37c955b1ecd3742ef280ec135e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4198aab6f000b4febb18ea820fea20634dd789c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e65a8b8daa18d63255ec58964dd192c7fdd9f8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43102","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.750","lastModified":"2026-05-11T17:34:42.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: Fix memory leak in airoha_qdma_rx_process()\n\nIf an error occurs on the subsequents buffers belonging to the\nnon-linear part of the skb (e.g. due to an error in the payload length\nreported by the NIC or if we consumed all the available fragments for\nthe skb), the page_pool fragment will not be linked to the skb so it will\nnot return to the pool in the airoha_qdma_rx_process() error path. Fix the\nmemory leak partially reverting commit 'd6d2b0e1538d (\"net: airoha: Fix\npage recycling in airoha_qdma_rx_process()\")' and always running\npage_pool_put_full_page routine in the airoha_qdma_rx_process() error\npath."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.1","versionEndExcluding":"6.18.24","matchCriteriaId":"050491AB-682C-426A-A38E-B956530C4C20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:-:*:*:*:*:*:*","matchCriteriaId":"A1ECC65A-EE37-4479-8E99-4BB68A22A31F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/285fa6b1e03cff78ead0383e1b259c44b95faf90","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4429b761874fb9c7767d12d98913a467ef2654f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ee0063fbab8aea8f4e4e3165f541bf898b77b80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43103","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.867","lastModified":"2026-05-11T17:33:50.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lapbether: handle NETDEV_PRE_TYPE_CHANGE\n\nlapbeth_data_transmit() expects the underlying device type\nto be ARPHRD_ETHER.\n\nReturning NOTIFY_BAD from lapbeth_device_event() makes sure\nbonding driver can not break this expectation."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24","versionEndExcluding":"6.6.136","matchCriteriaId":"17EDA983-F673-4AC3-9681-5368A09E90AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/328bb2cff5c2ed973f595ded769e15f4b7a117be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/363a38044b8cd5b496d241651a1fb666e7c5fe3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/63851f60781aa89258c8f0952cd13940aab0888e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b117056768ab7deb434e7d72065e48d2083a0c2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b120e4432f9f56c7103133d6a11245e617695adb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43104","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:23.980","lastModified":"2026-05-11T17:32:55.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix a memory leak in hang state error path\n\nWhen vc4_save_hang_state() encounters an early return condition, it\nreturns without freeing the previously allocated `kernel_state`,\nleaking memory.\n\nAdd the missing kfree() calls by consolidating the early return paths\ninto a single place."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"6.6.136","matchCriteriaId":"FCEFD340-4D12-4082-8086-2A113C4D3AAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3eb7dd55021d0f4308fbea0bea21d2118984d8e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9525d169e5fd481538cf8c663cc5839e54f2e481","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d8fdd6adc07b78ad3e9ee0004876d90cb59ca941","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd5c49787a32da96a2b154427eb17cbf12a83c28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e352e9adc9f6df54d63150ff832f71c04e30744b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43105","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:24.097","lastModified":"2026-05-11T17:32:11.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix memory leak of BO array in hang state\n\nThe hang state's BO array is allocated separately with kzalloc() in\nvc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the\nmissing kfree() for the BO array before freeing the hang state struct."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"6.6.136","matchCriteriaId":"FCEFD340-4D12-4082-8086-2A113C4D3AAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0d3c014a84396a147705f523a8fd6fc873e76502","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/421cea4f71f7cf65abaae878562ee4aa2b684628","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a812008fe3a0aebb778d277b35717f64e23d0302","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b8138567c4a80fd76a647849ebd4284996cf4b17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f4dfd6847b3e5d24e336bca6057485116d17aea4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43106","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:24.213","lastModified":"2026-05-11T17:31:12.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix incorrect dentry refcount in cachefiles_cull()\n\nThe patch mentioned below changed cachefiles_bury_object() to expect 2\nreferences to the 'rep' dentry.  Three of the callers were changed to\nuse start_removing_dentry() which takes an extra reference so in those\ncases the call gets the expected references.\n\nHowever there is another call to cachefiles_bury_object() in\ncachefiles_cull() which did not need to be changed to use\nstart_removing_dentry() and so was not properly considered.\nIt still passed the dentry with just one reference so the net result is\nthat a reference is lost.\n\nTo meet the expectations of cachefiles_bury_object(), cachefiles_cull()\nmust take an extra reference before the call.  It will be dropped by\ncachefiles_bury_object()."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1635c2acdde86c4f555b627aec873c8677c421ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6577df7dc7a7de128442b6192c7a32195c923480","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43107","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:24.330","lastModified":"2026-05-11T17:30:05.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: account XFRMA_IF_ID in aevent size calculation\n\nxfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then\nbuild_aevent() appends attributes including XFRMA_IF_ID when x->if_id is\nset.\n\nxfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states\nwith if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err < 0)\nin xfrm_get_ae(), turning a malformed netlink interaction into a kernel\npanic.\n\nAccount XFRMA_IF_ID in the size calculation unconditionally and replace\nthe BUG_ON with normal error unwinding."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.12.83","matchCriteriaId":"201624C3-F55D-45F1-B112-5C2CD4BEE5A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2c41283d94af943a05f7f2cc1a01f0c872f3cf43","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/58e5735d1a5373652f405a0c16e54ac04aaab0ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7081d46d32312f1a31f0e0e99c6835a394037599","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e62e322ea20be78e346e4b49f9a6b9f03313af4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43108","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:24.460","lastModified":"2026-05-11T17:27:25.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei\n\nIt looks element length declared in servreg_loc_pfr_req_ei for reason\nnot matching servreg_loc_pfr_req's reason field due which we could\nobserve decoding error on PD crash.\n\n  qmi_decode_string_elem: String len 81 >= Max Len 65\n\nFix this by matching with servreg_loc_pfr_req's reason field."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.83","matchCriteriaId":"ABF3F6D0-27D6-43E7-BF38-1B493B03EC1F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/641f6fda143b879da1515f821ee475073678cf2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d75145672cf2ec7c5417e3243af72c48314f7bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c93ca7c5a72e23a83a0b96f7f5c41a7a72f1dc47","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cba84132c2ac7c08b215ce4962bc6f522c08a88c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43129","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:29.963","lastModified":"2026-05-11T13:08:54.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: verify the previous kernel's IMA buffer lies in addressable RAM\n\nPatch series \"Address page fault in ima_restore_measurement_list()\", v3.\n\nWhen the second-stage kernel is booted via kexec with a limiting command\nline such as \"mem=<size>\" we observe a pafe fault that happens.\n\n    BUG: unable to handle page fault for address: ffff97793ff47000\n    RIP: ima_restore_measurement_list+0xdc/0x45a\n    #PF: error_code(0x0000)  not-present page\n\nThis happens on x86_64 only, as this is already fixed in aarch64 in\ncommit: cbf9c4b9617b (\"of: check previous kernel's ima-kexec-buffer\nagainst memory bounds\")\n\n\nThis patch (of 3):\n\nWhen the second-stage kernel is booted with a limiting command line (e.g. \n\"mem=<size>\"), the IMA measurement buffer handed over from the previous\nkernel may fall outside the addressable RAM of the new kernel.  Accessing\nsuch a buffer can fault during early restore.\n\nIntroduce a small generic helper, ima_validate_range(), which verifies\nthat a physical [start, end] range for the previous-kernel IMA buffer lies\nwithin addressable memory:\n\t- On x86, use pfn_range_is_mapped().\n\t- On OF based architectures, use page_is_ram()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.12.77","matchCriteriaId":"08247D85-C56B-439D-A2E8-1570C7CF83AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/10d1c75ed4382a8e79874379caa2ead8952734f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5366ec7d2f793ce703c403d7fd4c25a3db365b9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e1f51c1ad57cc76a0e8b5eb27038f8973fff4fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f11d7d088f5ed54b31c6735854c12845eb60eb4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43240","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:44.330","lastModified":"2026-05-11T14:27:36.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: add a sanity check on previous kernel's ima kexec buffer\n\nWhen the second-stage kernel is booted via kexec with a limiting command\nline such as \"mem=<size>\", the physical range that contains the carried\nover IMA measurement list may fall outside the truncated RAM leading to a\nkernel panic.\n\n    BUG: unable to handle page fault for address: ffff97793ff47000\n    RIP: ima_restore_measurement_list+0xdc/0x45a\n    #PF: error_code(0x0000) – not-present page\n\nOther architectures already validate the range with page_is_ram(), as done\nin commit cbf9c4b9617b (\"of: check previous kernel's ima-kexec-buffer\nagainst memory bounds\") do a similar check on x86.\n\nWithout carrying the measurement list across kexec, the attestation\nwould fail."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.165","matchCriteriaId":"CCAEAB8E-BC62-4F74-ABC0-E38788A92B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/22e460b6333a5f818b042ac89201f8e735556f4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37f18915a261afe84dab462624ed829cddb77a9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4d7a8f5f28187e3d2958b2a134473da2665207e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5489d04337b47e93c0623e8145fcba3f5739efd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d4a132f121c591b60dbaf57ea91f1faf11631fbc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8f73bf0f8a57ee9b86792456bd42079bc98c6b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43241","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:44.460","lastModified":"2026-05-11T14:26:10.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access\n\nNumber of MW LUTs depends on NTB configuration and can be set to MAX_MWS,\nThis patch protects against invalid index out of bounds access to mw_sizes\nWhen invalid access print message to user that configuration is not valid."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.252","matchCriteriaId":"0DACC27E-2C7E-4A63-8C6D-D02E7C1191F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e930420945106151c6eb3d7837b4e6154e9b144","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2346856b74823a2a78109002e479a3d02526a9ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/348e1ac9ad983ed7e62de14e1daf47f1695a4ce9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47ce292dd45dc689747c40603222691638919189","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/740945de896021b9a859e71f38f6aea72a6393cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85c9daa1f8319bbb3dfee71dc6a2f969cd3b4c92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c8ba7ad2cc1c7b90570aa347b8ebbe279f1eface","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee02c4f980c91820845dd8e469ec7dc670ab6d9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43242","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:44.590","lastModified":"2026-05-11T14:22:05.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: k3-socinfo: Fix regmap leak on probe failure\n\nThe mmio regmap allocated during probe is never freed.\n\nSwitch to using the device managed allocator so that the regmap is\nreleased on probe failures (e.g. probe deferral) and on driver unbind."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.238","versionEndExcluding":"5.10.252","matchCriteriaId":"9C5D1E7E-BF70-4891-9B61-C507B0379598"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.185","versionEndExcluding":"5.15.202","matchCriteriaId":"7030EAF8-EA1D-4206-B91E-1A418F295D82"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.141","versionEndExcluding":"6.1.165","matchCriteriaId":"DE214410-BB18-43F4-BD7A-E74B04620CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.93","versionEndExcluding":"6.6.128","matchCriteriaId":"4F231973-97E1-4413-BA16-F7FCB9861055"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.31","versionEndExcluding":"6.12.75","matchCriteriaId":"18F2ACF6-2B62-41B0-8311-210B7C5F95D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.9","versionEndExcluding":"6.18.16","matchCriteriaId":"7435C2DE-89BB-45A0-B6B9-F9A502974D94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/458136527fe127fd051c1c9537f4540849780d70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab1ac24c407e4df326d7154a4deadd444e9209d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1006b5892ec8a95d039a89b47e6fd69cf607405","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bbaa9e615608c204d384a7d4b1a434580a142d4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c933138d45176780fabbbe7da263e04d5b3e525d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c97c21d342838b2a7787b0f1d6ad417e85c906f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d451bf970a0c54b586f8b3161261bdf35d463c99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eaa16059f9af26d8b8a6f3e887649f58e8ca96c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43243","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:44.720","lastModified":"2026-05-11T14:16:58.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add signal type check for dcn401 get_phyd32clk_src\n\nTrying to access link enc on a dpia link will cause a crash otherwise"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/23e7150afc70da615857f9f07b494ec58540f096","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/486b2909ac284185900c06f05ffc6eca895f38b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c979d8db7b0f293111f2e83795ea353c8ed75de9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e332112255afbce02db67760f5743a1b13aa8541","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43244","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:44.873","lastModified":"2026-05-11T14:12:18.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix zero-frag skb in frag_list on partial sendmsg error\n\nSyzkaller reported a warning in kcm_write_msgs() when processing a\nmessage with a zero-fragment skb in the frag_list.\n\nWhen kcm_sendmsg() fills MAX_SKB_FRAGS fragments in the current skb,\nit allocates a new skb (tskb) and links it into the frag_list before\ncopying data. If the copy subsequently fails (e.g. -EFAULT from\nuser memory), tskb remains in the frag_list with zero fragments:\n\n  head skb (msg being assembled, NOT yet in sk_write_queue)\n  +-----------+\n  | frags[17] |  (MAX_SKB_FRAGS, all filled with data)\n  | frag_list-+--> tskb\n  +-----------+    +----------+\n                   | frags[0] |  (empty! copy failed before filling)\n                   +----------+\n\nFor SOCK_SEQPACKET with partial data already copied, the error path\nsaves this message via partial_message for later completion. For\nSOCK_SEQPACKET, sock_write_iter() automatically sets MSG_EOR, so a\nsubsequent zero-length write(fd, NULL, 0) completes the message and\nqueues it to sk_write_queue. kcm_write_msgs() then walks the\nfrag_list and hits:\n\n  WARN_ON(!skb_shinfo(skb)->nr_frags)\n\nTCP has a similar pattern where skbs are enqueued before data copy\nand cleaned up on failure via tcp_remove_empty_skb(). KCM was\nmissing the equivalent cleanup.\n\nFix this by tracking the predecessor skb (frag_prev) when allocating\na new frag_list entry. On error, if the tail skb has zero frags,\nuse frag_prev to unlink and free it in O(1) without walking the\nsingly-linked frag_list. frag_prev is safe to dereference because\nthe entire message chain is only held locally (or in kcm->seq_skb)\nand is not added to sk_write_queue until MSG_EOR, so the send path\ncannot free it underneath us.\n\nAlso change the WARN_ON to WARN_ON_ONCE to avoid flooding the log\nif the condition is somehow hit repeatedly.\n\nThere are currently no KCM selftests in the kernel tree; a simple\nreproducer is available at [1].\n\n[1] https://gist.github.com/mrpre/a94d431c757e8d6f168f4dd1a3749daa"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.12.75","matchCriteriaId":"BF0012BC-1AAF-4F0D-B9C8-FC13D91F000E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7af58f76e4b404a74c836881a845e6652db8a09f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ea3671d70ee07480d80bebe86696397c4e99fb7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1e3edf688a88c1a3ac41657055d9c136a08cd25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca220141fa8ebae09765a242076b2b77338106b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43245","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:44.997","lastModified":"2026-05-11T13:34:25.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: ->d_compare() must not block\n\n... so don't use __getname() there.  Switch it (and ntfs_d_hash(), while\nwe are at it) to kmalloc(PATH_MAX, GFP_NOWAIT).  Yes, ntfs_d_hash()\nalmost certainly can do with smaller allocations, but let ntfs folks\ndeal with that - keep the allocation size as-is for now.\n\nStop abusing names_cachep in ntfs, period - various uses of that thing\nin there have nothing to do with pathnames; just use k[mz]alloc() and\nbe done with that.  For now let's keep sizes as-in, but AFAICS none of\nthe users actually want PATH_MAX."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.16","matchCriteriaId":"40E6DAD9-881B-4BD4-B3F0-5D58086379A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/142c444a395f4d26055c8a4473e228bb86283f1e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca2a04e84af79596e5cd9cfe697d5122ec39c8ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb4b1f969ba01fa1d4088467a02fc1e5f0806710","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43246","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:45.103","lastModified":"2026-05-11T13:32:06.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c/tw9906: Fix potential memory leak in tw9906_probe()\n\nIn one of the error paths in tw9906_probe(), the memory allocated in\nv4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that\nby calling v4l2_ctrl_handler_free() on the handler in that error path."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.252","matchCriteriaId":"FC824489-530D-444B-A3EF-B0BEC674899B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c33338514d8246280533a77091e6b6ee548c606","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/377a7756914364d72550fc86ca0f404ef1d96141","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/59420d5d9c46b084e21f9ea6ce79fc79ae9e414c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9548a8bbf511a252a9848f96220c6b95c9a3b918","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cad237b6c875fbee5d353a2b289e98d240d17ec8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ccb92def042a3636ed47f25a30bd553788e5191e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9a490937942f18205dac7b6b192975ef1369ae1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb09d8b80046216646f1a344410cfa9cfa6c6c7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43247","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:45.237","lastModified":"2026-05-11T13:28:31.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix SError of kernel panic when closed\n\nSError of kernel panic rarely happened while testing fluster.\nThe root cause was to enter suspend mode because timeout of autosuspend\ndelay happened.\n\n[   48.834439] SError Interrupt on CPU0, code 0x00000000bf000000 -- SError\n[   48.834455] CPU: 0 UID: 0 PID: 1067 Comm: v4l2h265dec0:sr Not tainted 6.12.9-gc9e21a1ebd75-dirty #7\n[   48.834461] Hardware name: ti Texas Instruments J721S2 EVM/Texas Instruments J721S2 EVM, BIOS 2025.01-00345-gbaf3aaa8ecfa 01/01/2025\n[   48.834464] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   48.834468] pc : wave5_dec_clr_disp_flag+0x40/0x80 [wave5]\n[   48.834488] lr : wave5_dec_clr_disp_flag+0x40/0x80 [wave5]\n[   48.834495] sp : ffff8000856e3a30\n[   48.834497] x29: ffff8000856e3a30 x28: ffff0008093f6010 x27: ffff000809158130\n[   48.834504] x26: 0000000000000000 x25: ffff00080b625000 x24: ffff000804a9ba80\n[   48.834509] x23: ffff000802343028 x22: ffff000809158150 x21: ffff000802218000\n[   48.834513] x20: ffff0008093f6000 x19: ffff0008093f6000 x18: 0000000000000000\n[   48.834518] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff74009618\n[   48.834523] x14: 000000010000000c x13: 0000000000000000 x12: 0000000000000000\n[   48.834527] x11: ffffffffffffffff x10: ffffffffffffffff x9 : ffff000802343028\n[   48.834532] x8 : ffff00080b6252a0 x7 : 0000000000000038 x6 : 0000000000000000\n[   48.834536] x5 : ffff00080b625060 x4 : 0000000000000000 x3 : 0000000000000000\n[   48.834541] x2 : 0000000000000000 x1 : ffff800084bf0118 x0 : ffff800084bf0000\n[   48.834547] Kernel panic - not syncing: Asynchronous SError Interrupt\n[   48.834549] CPU: 0 UID: 0 PID: 1067 Comm: v4l2h265dec0:sr Not tainted 6.12.9-gc9e21a1ebd75-dirty #7\n[   48.834554] Hardware name: ti Texas Instruments J721S2 EVM/Texas Instruments J721S2 EVM, BIOS 2025.01-00345-gbaf3aaa8ecfa 01/01/2025\n[   48.834556] Call trace:\n[   48.834559]  dump_backtrace+0x94/0xec\n[   48.834574]  show_stack+0x18/0x24\n[   48.834579]  dump_stack_lvl+0x38/0x90\n[   48.834585]  dump_stack+0x18/0x24\n[   48.834588]  panic+0x35c/0x3e0\n[   48.834592]  nmi_panic+0x40/0x8c\n[   48.834595]  arm64_serror_panic+0x64/0x70\n[   48.834598]  do_serror+0x3c/0x78\n[   48.834601]  el1h_64_error_handler+0x34/0x4c\n[   48.834605]  el1h_64_error+0x64/0x68\n[   48.834608]  wave5_dec_clr_disp_flag+0x40/0x80 [wave5]\n[   48.834615]  wave5_vpu_dec_clr_disp_flag+0x54/0x80 [wave5]\n[   48.834622]  wave5_vpu_dec_buf_queue+0x19c/0x1a0 [wave5]\n[   48.834628]  __enqueue_in_driver+0x3c/0x74 [videobuf2_common]\n[   48.834639]  vb2_core_qbuf+0x508/0x61c [videobuf2_common]\n[   48.834646]  vb2_qbuf+0xa4/0x168 [videobuf2_v4l2]\n[   48.834656]  v4l2_m2m_qbuf+0x80/0x238 [v4l2_mem2mem]\n[   48.834666]  v4l2_m2m_ioctl_qbuf+0x18/0x24 [v4l2_mem2mem]\n[   48.834673]  v4l_qbuf+0x48/0x5c [videodev]\n[   48.834704]  __video_do_ioctl+0x180/0x3f0 [videodev]\n[   48.834725]  video_usercopy+0x2ec/0x68c [videodev]\n[   48.834745]  video_ioctl2+0x18/0x24 [videodev]\n[   48.834766]  v4l2_ioctl+0x40/0x60 [videodev]\n[   48.834786]  __arm64_sys_ioctl+0xa8/0xec\n[   48.834793]  invoke_syscall+0x44/0x100\n[   48.834800]  el0_svc_common.constprop.0+0xc0/0xe0\n[   48.834804]  do_el0_svc+0x1c/0x28\n[   48.834809]  el0_svc+0x30/0xd0\n[   48.834813]  el0t_64_sync_handler+0xc0/0xc4\n[   48.834816]  el0t_64_sync+0x190/0x194\n[   48.834820] SMP: stopping secondary CPUs\n[   48.834831] Kernel Offset: disabled\n[   48.834833] CPU features: 0x08,00002002,80200000,4200421b\n[   48.834837] Memory Limit: none\n[   49.161404] ---[ end Kernel panic - not syncing: Asynchronous SError Interrupt ]---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/27cb12b7dc88c51582094eeb2b65b0e94603e411","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5da55243fe190c2165ed34e77091a43c0ff74f10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cbb9c0d50e471483cced55f5b7db4569dcd959a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43248","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:45.380","lastModified":"2026-05-11T13:14:40.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: move vdpa group bound check to vhost_vdpa\n\nRemove duplication by consolidating these here.  This reduces the\nposibility of a parent driver missing them.\n\nWhile we're at it, fix a bug in vdpa_sim where a valid ASID can be\nassigned to a group equal to ngroups, causing an out of bound write."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.12.75","matchCriteriaId":"CB25F456-468E-423D-B234-D169351C7208"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/406db68f9cb976a8ddfafd631197264f2307e9c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7441d35d14d9a3d66d925d90cb73c75394e6d454","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd025c1e876b4e262e71398236a1550486a73ede","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ddb57354634b6ba851b79da45f1de42c646f27d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43249","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:45.493","lastModified":"2026-05-11T13:10:20.973","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\n9p/xen: protect xen_9pfs_front_free against concurrent calls\n\nThe xenwatch thread can race with other back-end change notifications\nand call xen_9pfs_front_free() twice, hitting the observed general\nprotection fault due to a double-free. Guard the teardown path so only\none caller can release the front-end state at a time, preventing the\ncrash.\n\nThis is a fix for the following double-free:\n\n[   27.052347] Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[   27.052357] CPU: 0 UID: 0 PID: 32 Comm: xenwatch Not tainted 6.18.0-02087-g51ab33fc0a8b-dirty #60 PREEMPT(none)\n[   27.052363] RIP: e030:xen_9pfs_front_free+0x1d/0x150\n[   27.052368] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 41 55 41 54 55 48 89 fd 48 c7 c7 48 d0 92 85 53 e8 cb cb 05 00 48 8b 45 08 48 8b 55 00 <48> 3b 28 0f 85 f9 28 35 fe 48 3b 6a 08 0f 85 ef 28 35 fe 48 89 42\n[   27.052377] RSP: e02b:ffffc9004016fdd0 EFLAGS: 00010246\n[   27.052381] RAX: 6b6b6b6b6b6b6b6b RBX: ffff88800d66e400 RCX: 0000000000000000\n[   27.052385] RDX: 6b6b6b6b6b6b6b6b RSI: 0000000000000000 RDI: 0000000000000000\n[   27.052389] RBP: ffff88800a887040 R08: 0000000000000000 R09: 0000000000000000\n[   27.052393] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888009e46b68\n[   27.052397] R13: 0000000000000200 R14: 0000000000000000 R15: ffff88800a887040\n[   27.052404] FS:  0000000000000000(0000) GS:ffff88808ca57000(0000) knlGS:0000000000000000\n[   27.052408] CS:  e030 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   27.052412] CR2: 00007f9714004360 CR3: 0000000004834000 CR4: 0000000000050660\n[   27.052418] Call Trace:\n[   27.052420]  <TASK>\n[   27.052422]  xen_9pfs_front_changed+0x5d5/0x720\n[   27.052426]  ? xenbus_otherend_changed+0x72/0x140\n[   27.052430]  ? __pfx_xenwatch_thread+0x10/0x10\n[   27.052434]  xenwatch_thread+0x94/0x1c0\n[   27.052438]  ? __pfx_autoremove_wake_function+0x10/0x10\n[   27.052442]  kthread+0xf8/0x240\n[   27.052445]  ? __pfx_kthread+0x10/0x10\n[   27.052449]  ? __pfx_kthread+0x10/0x10\n[   27.052452]  ret_from_fork+0x16b/0x1a0\n[   27.052456]  ? __pfx_kthread+0x10/0x10\n[   27.052459]  ret_from_fork_asm+0x1a/0x30\n[   27.052463]  </TASK>\n[   27.052465] Modules linked in:\n[   27.052471] ---[ end trace 0000000000000000 ]---"}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.308","versionEndExcluding":"6.12.75","matchCriteriaId":"9E08C858-E25B-40F9-B5B6-344EFFDB2285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/59e7707492576bdbfa8c1dbe7d90791df31e4773","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5d00dff97118a32fcf5fec7a4c3f864c4620c4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf841d43f7a33d75675ba7f4e214ac1c67913065","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce8ded2e61f47747e31eeefb44dc24a2160a7e32","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43256","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:46.397","lastModified":"2026-05-11T18:16:48.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()\n\nvfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) as the loop\nbound and passes the index to vfe_isr_reg_update(). However,\nvfe->line[] array is defined with VFE_LINE_NUM_MAX(4):\n\n    struct vfe_line line[VFE_LINE_NUM_MAX];\n\nWhen index is 4, 5, 6, the access to vfe->line[line_id] exceeds\nthe array bounds and resulting in out-of-bounds memory access.\n\nFix this by using separate loops for output lines and write masters."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.167","matchCriteriaId":"25D24035-467E-4E84-987E-DA8067ECEAC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c074e80921fd18984b75836730d76c768c84f65","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1b103307df6d461a0731be25aca69ad0335b0933","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d965919af524e68cb2ab1a685872050ad2ee933d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6cbf765686fb6c1d8f2530b3daf6c66efc92f5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7a38ecda2498e7ce998793ac2a46ca47317635d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fade67c88870f497a13ed450ba01f7236c92dd9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43257","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:46.520","lastModified":"2026-05-11T18:16:01.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx88: Add missing unmap in snd_cx88_hw_params()\n\nIn error path, add cx88_alsa_dma_unmap() to release\nresource acquired by cx88_alsa_dma_map()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"5.10.252","matchCriteriaId":"217AE240-3291-4820-A433-3776CA507BED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/10ab64f8efc2f479293dce929fde326c285fc96f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1ce8c2a8f050a23240553c8bae628ac623f9dbc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24f3dabeb97bd0bec8c1c926c97e3eb6a8129225","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3baefeeb7b85e1e34eebef399ffa312be7179e30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbc527d980f7ba8559de38f8c1e4158c71a78915","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc911fccc6e08ef46a66b2a42a764252b001ee3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3fb15aadfc8643203bbdf97ace0396e4586fa64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0d7f735eba963742009b0706e19dd0bed91537a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43258","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:46.650","lastModified":"2026-05-11T18:10:27.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nalpha: fix user-space corruption during memory compaction\n\nAlpha systems can suffer sporadic user-space crashes and heap\ncorruption when memory compaction is enabled.\n\nSymptoms include SIGSEGV, glibc allocator failures (e.g. \"unaligned\ntcache chunk\"), and compiler internal errors. The failures disappear\nwhen compaction is disabled or when using global TLB invalidation.\n\nThe root cause is insufficient TLB shootdown during page migration.\nAlpha relies on ASN-based MM context rollover for instruction cache\ncoherency, but this alone is not sufficient to prevent stale data or\ninstruction translations from surviving migration.\n\nFix this by introducing a migration-specific helper that combines:\n  - MM context invalidation (ASN rollover),\n  - immediate per-CPU TLB invalidation (TBI),\n  - synchronous cross-CPU shootdown when required.\n\nThe helper is used only by migration/compaction paths to avoid changing\nglobal TLB semantics.\n\nAdditionally, update flush_tlb_other(), pte_clear(), to use\nREAD_ONCE()/WRITE_ONCE() for correct SMP memory ordering.\n\nThis fixes observed crashes on both UP and SMP Alpha systems."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.16.1","versionEndExcluding":"6.12.75","matchCriteriaId":"B61C2D7F-08C5-489E-8C29-2AFB211FF84B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*","matchCriteriaId":"EBF2513D-8F4F-4ED5-ADCE-9933F34F1BFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*","matchCriteriaId":"CC3639E1-B5E4-4DD6-80D4-BA07D192C42D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*","matchCriteriaId":"54393D69-B368-4296-9798-D81570495C6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*","matchCriteriaId":"6791A801-9E06-47DD-912F-D8594E2F6B3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*","matchCriteriaId":"AE90CCED-3A5B-46E3-A6B0-4865AB786289"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*","matchCriteriaId":"CBFF6DE7-6D7C-469A-9B2D-2F6E915F55B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.16:rc7:*:*:*:*:*:*","matchCriteriaId":"D0CD4E4B-E756-4401-A352-871EBA5B8680"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03e42b5f7ad4c2c3db8bd384bab7990d5d53c90f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bab8d762a8dbb816b10011e13b87d1bca91e5f77","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d4ca6ca2c6f5a1d19d9014c5b36d96637846b5d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd5712f3379cfe760267cdd28ff957d9ab4e51c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-40562","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-06T13:16:09.110","lastModified":"2026-05-11T15:04:24.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.\n\nGazelle incorrectly prioritizes \"Content-Length\" over \"Transfer-Encoding: chunked\" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.\n\nAn attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kazeburo:gazelle:*:*:*:*:*:perl:*:*","versionEndExcluding":"0.50","matchCriteriaId":"F2360CF4-CAB8-4DC7-B595-C7501D7EC17C"}]}]}],"references":[{"url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://metacpan.org/release/KAZEBURO/Gazelle-0.50/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://security.metacpan.org/patches/G/Gazelle/0.49/CVE-2026-40562-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/06/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-29080","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T17:16:22.457","lastModified":"2026-05-11T15:07:20.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). On Oracle deployments attacker-controlled filter keys and values are interpolated directly into `sqlalchemy.text()` via Python `.format()`, completely bypassing parameterization. This enables full database compromise including extraction of authentication tokens, password hashes, and all managed data identifiers. This affects versions 1.27.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1.\n\nThe vulnerability exists in `lib/rucio/core/did_meta_plugins/filter_engine.py` within the `create_sqla_query()` method. When the database dialect is Oracle, filter expressions for JSON metadata columns are constructed using `text()` with Python string formatting. Both `key` and `value` are attacker-controlled strings derived from HTTP query parameters. The `text()` function creates a raw SQL fragment — it does **not** escape or parameterize its contents.\n\nAny authenticated Rucio user can exploit this through the DID search API to execute arbitrary SQL against the backend database. This can expose all managed data identifiers and sensitive tables such as identities, tokens, accounts, rse_settings, and rules, and may allow modification of database contents. The issue affects Oracle deployments using the default json_meta plugin and does not affect PostgreSQL or MySQL deployments using that plugin. \n\nThis vulnerability has been fixed in versions 35.8.5, 38.5.5, 39.4.2, and 40.1.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"1.27.0","versionEndExcluding":"35.8.5","matchCriteriaId":"B48ED4BE-0C47-4371-BC91-A51537341CB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"36.0.0","versionEndExcluding":"38.5.5","matchCriteriaId":"9569D0A4-E71A-4808-85F3-F342B63564AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"39.0.0","versionEndExcluding":"39.4.2","matchCriteriaId":"500B49AA-C85E-4124-B66F-B1DE39D075BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"40.0.0","versionEndExcluding":"40.1.1","matchCriteriaId":"865FB585-4C3B-4D49-A332-CA76C9B3C763"}]}]}],"references":[{"url":"https://github.com/rucio/rucio/security/advisories/GHSA-vjr5-c9qv-hgm3","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-29090","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T18:16:02.953","lastModified":"2026-05-11T15:00:58.143","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"### Summary\n\nA SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoint (`GET /dids/<scope>/dids/search`). When the `postgres_meta` metadata plugin is configured, attacker-controlled filter keys and values are interpolated directly into raw SQL strings via Python `.format()`, then passed to `psycopg3`'s `sql.SQL()` which treats the string as trusted SQL syntax. \n\nDepending on the database privileges assigned to the service account, exploitation can expose sensitive tables, modify or delete metadata, access server-side files, or achieve code execution through PostgreSQL features such as COPY ... FROM PROGRAM. This issue affects deployments that explicitly use the postgres_meta metadata plugin. This vulnerability has been fixed in versions 35.8.5, 38.5.5, 39.4.2, and 40.1.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"1.30.0","versionEndExcluding":"35.8.5","matchCriteriaId":"D5B90A2B-9818-4D18-9393-A5F929A8BABC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"36.0.0","versionEndExcluding":"38.5.5","matchCriteriaId":"9569D0A4-E71A-4808-85F3-F342B63564AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"39.0.0","versionEndExcluding":"39.4.2","matchCriteriaId":"500B49AA-C85E-4124-B66F-B1DE39D075BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cern:rucio:*:*:*:*:*:*:*:*","versionStartIncluding":"40.0.0","versionEndExcluding":"40.1.1","matchCriteriaId":"865FB585-4C3B-4D49-A332-CA76C9B3C763"}]}]}],"references":[{"url":"https://github.com/rucio/rucio/security/advisories/GHSA-6j7p-qjhg-9947","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-31974","sourceIdentifier":"psirt@hcl.com","published":"2026-05-06T19:16:35.593","lastModified":"2026-05-11T13:51:22.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow\n\nunintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:*","matchCriteriaId":"4D915AC1-7C2B-497D-9A77-9726954B2282"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7902","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-06T19:16:38.503","lastModified":"2026-05-10T14:16:51.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.96","matchCriteriaId":"5E9416A8-4333-4195-983C-78F521AF6245"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/502030575","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-7915","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-06T19:16:39.787","lastModified":"2026-05-10T14:16:51.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"148.0.7778.96","matchCriteriaId":"5E9416A8-4333-4195-983C-78F521AF6245"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/498454478","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-40076","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T20:16:31.727","lastModified":"2026-05-11T14:55:45.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod archives in `WebModuleUtil.startModule()`, ZIP entries under web/module/ are checked only to see whether the full entry path starts with `..,` and the remaining path is then concatenated into the destination path without normalization or a boundary check. A crafted archive can therefore include entries such as `web/module/../../../../malicious.jsp` and cause files to be written outside the intended module directory.\n\nAn authenticated attacker with module upload access can write arbitrary files to locations such as the web application root and achieve remote code execution by uploading a JSP file and then requesting it. The issue is compounded by the fact that the module.allow_web_admin runtime property is enforced in the legacy UI controller but not in the REST API upload path, so deployments relying on that property to block web-based module administration remain exposed through the REST endpoint. This issue has been fixed in versions after 2.7.8 in the 2.7.x line and in version 2.8.6 and later."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.8","matchCriteriaId":"36ECEBBA-4717-41A7-9BA3-A3F91085CC7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.0","versionEndIncluding":"2.8.5","matchCriteriaId":"3ECCD1F7-883D-47F2-A8F7-939CD497EC86"}]}]}],"references":[{"url":"https://github.com/openmrs/openmrs-core/security/advisories/GHSA-78fc-9688-w8xw","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit","Mitigation"]},{"url":"https://github.com/openmrs/openmrs-core/security/advisories/GHSA-78fc-9688-w8xw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory","Exploit","Mitigation"]}]}},{"cve":{"id":"CVE-2026-40281","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T21:16:01.353","lastModified":"2026-05-11T14:46:07.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate arguments, allowing injection of arbitrary ExifTool pseudo-tags such as -FileName, -Directory, -SymLink, and -HardLink. This is a bypass of the incomplete key-sanitization fix introduced in v8.30.1. An unauthenticated attacker can rename or move any PDF being processed to an arbitrary path in the container filesystem, overwrite arbitrary files, or create symlinks and hard links at arbitrary paths."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*","versionEndExcluding":"8.31.0","matchCriteriaId":"953D4808-E728-472B-94E3-9714C1E2EA1C"}]}]}],"references":[{"url":"https://github.com/gotenberg/gotenberg/commit/405f1069c026bb08f319fb5a44e5c67c33208318","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-q7r4-hc83-hf2q","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-q7r4-hc83-hf2q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3291","sourceIdentifier":"hp-security-alert@hp.com","published":"2026-05-06T22:16:25.367","lastModified":"2026-05-11T14:43:00.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities."}],"metrics":{"cvssMetricV40":[{"source":"hp-security-alert@hp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"hp-security-alert@hp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-926"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:samsung_print_service_plugin:*:*:*:*:*:android:*:*","versionEndExcluding":"3.12.260420","matchCriteriaId":"E43F5A2B-B91A-47C7-A800-3C4BC1E9EB74"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_14864662-14864690-16/hpsbgn04093","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40296","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T22:16:25.510","lastModified":"2026-05-11T14:42:03.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal characters (for example \". @\", \"@ \", or \"x@\"), the formatter replaces @ with the cell value and adds the extra characters, causing the formatted value to differ from the original and bypassing HTML escaping entirely. An attacker who can control the cell value and number format of an uploaded spreadsheet that is later converted to HTML and displayed to other users can achieve stored cross-site scripting. This issue is fixed in versions 5.7.0, 3.10.5, 2.4.5, 2.1.16, and 1.30.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionEndExcluding":"1.30.4","matchCriteriaId":"21F2C6F6-C903-4A65-BCB4-4549FE752ED5"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.1.16","matchCriteriaId":"E27B01CE-562C-4746-A7F5-E402B25F0B47"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.4.5","matchCriteriaId":"46FF2D5E-816F-481B-AA45-41BA6EDCFEA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.10.5","matchCriteriaId":"DF58DF5C-8F1B-4B1B-80A0-001B47751D9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.7.0","matchCriteriaId":"DD7DEDE3-C624-4524-9B08-08B92F28C40C"}]}]}],"references":[{"url":"https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-hrmw-qprp-wgmc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-hrmw-qprp-wgmc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41310","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T22:16:25.643","lastModified":"2026-05-11T14:40:45.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans could experience avoidable memory growth under sustained unique remote endpoint values, increasing process memory usage over time and degrading availability. This issue is fixed in version 1.15.3, which introduces a bounded, thread-safe LRU cache for remote endpoints with a fixed maximum size."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:*:*:*:*:*:.net:*:*","versionEndExcluding":"1.15.3","matchCriteriaId":"88FCC724-04D2-4E6A-9E07-8375E9E862DB"}]}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-dotnet/pull/7081","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-88hf-wf7h-7w4m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41417","sourceIdentifier":"security-advisories@github.com","published":"2026-05-06T22:16:25.780","lastModified":"2026-05-11T14:29:48.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same validation. `HttpRequestEncoder` and `RtspEncoder` then write the URI into the request line verbatim. If attacker-controlled input reaches `setUri()`, this enables CRLF injection and insertion of additional HTTP or RTSP requests, leading to HTTP request smuggling or desynchronization on the HTTP side and request injection on the RTSP side. This issue is fixed in versions 4.2.13.Final and 4.1.133.Final."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.133","matchCriteriaId":"DFE205A5-2C43-40C9-A2FF-CF6759B8D861"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.13","matchCriteriaId":"D94A720F-9CED-4BE9-8C37-FD9E2FD28472"}]}]}],"references":[{"url":"https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8063","sourceIdentifier":"cna@mongodb.com","published":"2026-05-07T06:16:05.723","lastModified":"2026-05-11T15:26:42.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.\n\nWhen resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads the first element on each stage’s input pipeline array without first verifying that the array is non-empty. Supplying an empty pipeline causes a null pointer dereference and crashes the server.\n\nThis issue affects MongoDB Server 8.2 versions prior to 8.2.7."}],"metrics":{"cvssMetricV40":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.7","matchCriteriaId":"CF1B1FE1-C793-450F-9C44-DDBBAE764723"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/SERVER-121851","source":"cna@mongodb.com","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2024-43384","sourceIdentifier":"info@cert.vde.com","published":"2026-05-07T09:16:24.873","lastModified":"2026-05-11T15:20:42.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer."}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-212"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.1","matchCriteriaId":"AAC77981-EC77-4273-AAAA-0D715F6C75C6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_2102:-:*:*:*:*:*:*:*","matchCriteriaId":"3E3DCBF6-F308-4B53-A3CA-5A799A82F579"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.1","matchCriteriaId":"CEA88A13-7425-4EDB-89EC-BC68E6985FFA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_2105:-:*:*:*:*:*:*:*","matchCriteriaId":"B5DF8E58-5E12-4214-B659-5FC6CEB18879"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.1","matchCriteriaId":"72C5CD24-7FB6-4482-A9C6-22B35B3DFE47"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_4102_pci:-:*:*:*:*:*:*:*","matchCriteriaId":"AF36E8F0-08B9-46B2-B5E1-E207C70A0447"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.1","matchCriteriaId":"73C34979-43F9-4D09-B8DD-64B741247AE5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_4102_pcie:-:*:*:*:*:*:*:*","matchCriteriaId":"ADCA6B7B-1420-4B75-8AF1-245C48A0809C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.1","matchCriteriaId":"16F72A3C-1E6A-4642-94C4-C2EA14C67A31"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_4302:-:*:*:*:*:*:*:*","matchCriteriaId":"5C68D03F-E473-4F34-85FA-F7C81859E976"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.1","matchCriteriaId":"65B7E551-0057-48E6-AEA8-33588AA4C54C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_4305:-:*:*:*:*:*:*:*","matchCriteriaId":"31D36718-F7F5-40E4-9A01-58475943AB8E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_centerport_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"86FE6251-CF92-4D0C-ADE3-FA4A3BB984C0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_centerport:-:*:*:*:*:*:*:*","matchCriteriaId":"7BEE92D8-7DBB-4AC1-9448-EEB22978582D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"29581AAB-05BC-43F2-9527-1377413529E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_centerport_vpn-1000:-:*:*:*:*:*:*:*","matchCriteriaId":"20459672-988A-403E-9073-37F3B38F972E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"A091DE68-F0CE-480D-BD5E-90BD582ED1AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_core_tx:-:*:*:*:*:*:*:*","matchCriteriaId":"B549B2C1-42A9-4D05-B32D-6E08A2BECBEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"050BE7DC-F22E-4022-A113-8A951170617A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_core_tx_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"577E14AD-C198-4E8B-AC31-FF89F3EB97C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"E28ED34B-2510-48B6-A2A8-55EB0937ABCE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_delta_tx\\/tx:-:*:*:*:*:*:*:*","matchCriteriaId":"9FBF005C-9157-49E2-820F-C75B3828EDA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"EAC710BB-60A5-4F43-AEF3-4BFCA13846F5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"EA9CB765-BEE4-4318-ADBD-EE241CA9FA31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"6CF8B1A6-81B0-4A50-A340-2BA68922F614"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_gt\\/gt:-:*:*:*:*:*:*:*","matchCriteriaId":"12FBC961-F834-4334-948A-9FC9E613301D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"72335756-555D-413F-955B-02F57C6B8C01"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_gt\\/gt_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"8C3B0286-BD27-4032-B4FF-0A7481356039"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"2B608EB3-6BA1-4D4F-B3E4-31B984CD0B0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_pci4000:-:*:*:*:*:*:*:*","matchCriteriaId":"24EB7394-6BE3-44F4-A184-BA438200F532"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"D8775CE8-282C-498C-9EA2-542338025F1B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_pci4000_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFEEEAD-22B2-49FC-8B2B-583D9DFFB291"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"B4A8A58D-90BC-4E6B-9CAD-7B8A72ACE990"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_pcie4000:-:*:*:*:*:*:*:*","matchCriteriaId":"ADB6EF67-BB61-4661-977B-A4968641E9BD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"DD719D49-5D66-4E3F-896C-97D0BCF0C2C6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_pcie4000_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"1A698B47-3DF4-4FAB-9AA6-425FF823F303"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"7F1794B6-B631-488C-B7DC-7D3E79C0D9CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"3051DBA5-8D2B-4630-8FA7-602AC7CB4576"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"ABBD929B-2E97-48F6-835E-9B217C846DE8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b:-:*:*:*:*:*:*:*","matchCriteriaId":"428D6C77-0592-4031-933E-2CFE0AB58BA7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"4DDAE7BE-54B1-472F-80D6-A5B3BC4F9035"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs2005_tx_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"A9887CEB-57EA-49A0-9CFD-910DAFE4A09D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"9BA76759-0346-4978-B865-4C11D733A381"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx:-:*:*:*:*:*:*:*","matchCriteriaId":"0EEEC9DE-5CF5-4596-B64C-6CAA32110FA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"EC86EA88-023D-477B-9138-6F16DC173EB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"1726B1D9-3CAF-4C11-BB25-C7677B2CEE33"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"732BF960-A8C6-4BF3-B58E-A142D1349560"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m:-:*:*:*:*:*:*:*","matchCriteriaId":"9A87B204-19D0-4E12-B462-EB4BB25D196E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"CADDBA01-FB75-4B02-B100-28E7BE105C80"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p:-:*:*:*:*:*:*:*","matchCriteriaId":"F88246FF-5453-4473-992B-AEEFE88ED41D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"5E7D20EC-CBAA-48C2-91A9-7964A64C5F51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\\/dtx:-:*:*:*:*:*:*:*","matchCriteriaId":"FA35CCC1-2FE0-4FA7-A360-C2F9849476B0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"FF284D31-EA9B-48F3-A261-78672D3A8BF3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"4E62C758-015E-4178-BA37-D463F95BD468"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"1E3AAE8C-4A1C-4DA7-B710-F1458E9E472E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_smart2:-:*:*:*:*:*:*:*","matchCriteriaId":"50690731-FA99-45B3-AF4C-C1DAD881CAEE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"74CBDC4F-31FE-430A-BD2B-95985E2B8959"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:fl_mguard_smart2_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"37A2DC0B-6B50-4E38-9585-B131DBCB9F51"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"0D64F7DC-B719-46CF-8D6D-0E9CE24E5F31"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_3g_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"6F287F24-13AD-4628-B724-E58A9F44E48B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"428076C7-97EC-47C9-B409-C1C9379A6E29"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_att_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"40F4219D-1822-471E-88C0-7B6F5FB56A00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"234CD8A4-BA72-47A5-8BAF-B449315A2202"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"56CE797B-2D4B-41CC-888E-467F64BDB19C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"6DB61681-FE91-4EA7-A431-446579A511C1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"3FD37990-FF75-4323-A8B1-7BEF9A0001D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"053DB989-17D5-49E1-BF0A-814F80D0FF62"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"B8861227-5A7F-49CA-B0E6-5806C746B5B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"FDEE0407-9473-4810-BC8D-F9AC44C69219"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_att_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"BA0DA3D1-0599-4364-AF1A-2DAD50382A15"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"0702823F-52B6-40D3-B598-AA6F8745DB85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"0910CB6C-8716-4A79-B43C-EB02B22AB632"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.9.3","matchCriteriaId":"CD02CC05-860D-442A-B973-643B51E13613"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"5D624EC2-7CEE-4ADC-A1D2-B0688AE23873"}]}]}],"references":[{"url":"https://certvde.com/en/advisories/VDE-2024-039","source":"info@cert.vde.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44407","sourceIdentifier":"psirt@zte.com.cn","published":"2026-05-07T09:16:27.617","lastModified":"2026-05-11T16:41:40.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service."}],"metrics":{"cvssMetricV31":[{"source":"psirt@zte.com.cn","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@zte.com.cn","type":"Secondary","description":[{"lang":"en","value":"CWE-134"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:*","versionStartIncluding":"7.23.20","versionEndExcluding":"7.25.43","matchCriteriaId":"C6E53081-879B-41EE-AAEA-1D5EC10B8721"}]}]}],"references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4783596796997009530","source":"psirt@zte.com.cn","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6805","sourceIdentifier":"psirt@thalesgroup.com","published":"2026-05-07T10:16:06.340","lastModified":"2026-05-11T16:37:56.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link."}],"metrics":{"cvssMetricV40":[{"source":"psirt@thalesgroup.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@thalesgroup.com","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thalesgroup:ercom_cryptobox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.37.248","versionEndExcluding":"4.38.0","matchCriteriaId":"6EF9BC6A-F681-4C66-AE8B-1C93BD61F134"}]}]}],"references":[{"url":"https://info.cryptobox.com/doc/v4.40/4.40.en/","source":"psirt@thalesgroup.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-41644","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T12:16:17.810","lastModified":"2026-05-11T16:40:30.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream responses reflected back in the API error message. This issue has been patched in version 1.12.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-209"},{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:monetr:monetr:*:*:*:*:*:*:*:*","versionEndExcluding":"1.12.5","matchCriteriaId":"EFDFB59D-CA61-476A-B1B7-E142CE32BD0E"}]}]}],"references":[{"url":"https://github.com/monetr/monetr/commit/c260caa3c573a4a396ec2d264c7641a5d958385b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/monetr/monetr/pull/3122","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/monetr/monetr/releases/tag/v1.12.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/monetr/monetr/security/advisories/GHSA-29v9-frvh-c426","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42285","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T12:16:18.180","lastModified":"2026-05-11T15:22:48.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly handles the internal state transition to a \"withdraw\" action, leading to a nil pointer dereference in the AdjRib.Update function. This causes the entire GoBGP process to crash, resulting in a complete loss of service availability. This issue has been patched in version 4.5.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osrg:gobgp:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"6EF1E97F-CA8A-45E6-B115-E9BD4EC8B36F"}]}]}],"references":[{"url":"https://github.com/osrg/gobgp/releases/tag/v4.5.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/osrg/gobgp/security/advisories/GHSA-p3w2-64xm-833j","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/osrg/gobgp/security/advisories/GHSA-p3w2-64xm-833j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8080","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-07T12:16:18.467","lastModified":"2026-05-11T15:21:05.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.\n\n\n\n\n\n\nThis issue affects MISP before 2.5.37.\n\n\n\n\nA stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted arbitrary values for the TemplateElementAttribute type and category fields without validating them against the known MISP attribute type and category definitions. An attacker with permission to create or modify template element attributes could store a crafted type value.\n\n\nThis affects the old templating (not more accessible in 2.5.37) engine from MISP which will be removed in 2.5.38"}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.37","matchCriteriaId":"7642E00D-57E6-4888-9369-5C21250ECF56"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/62824e5ca0056d01b195f70466ea0d382cca06d0","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-5791","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-05-07T13:16:13.647","lastModified":"2026-05-10T16:16:07.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.\n\nThis issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2."}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0182","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-8091","sourceIdentifier":"security@mozilla.org","published":"2026-05-07T13:16:14.087","lastModified":"2026-05-11T15:20:21.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.35.2","matchCriteriaId":"AF96A878-0508-42AF-A345-ACBC2FE28DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.10.1","matchCriteriaId":"7CBA9163-28E7-42A3-BB54-EBEF7BBB3485"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.10.1","matchCriteriaId":"BD593FD4-736A-4AA7-848A-B6FD3E89FDCE"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2029301","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-36/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-39/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-42/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8092","sourceIdentifier":"security@mozilla.org","published":"2026-05-07T13:16:14.203","lastModified":"2026-05-11T15:16:40.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"115.35.2","matchCriteriaId":"AF96A878-0508-42AF-A345-ACBC2FE28DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.10.2","matchCriteriaId":"3BBAB7A3-2FBF-440E-88B4-8C6FB332F790"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","versionStartIncluding":"150.0","versionEndExcluding":"150.0.2","matchCriteriaId":"667A6A10-6C88-472B-9CF0-108744732F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionStartIncluding":"140.0","versionEndExcluding":"140.10.2","matchCriteriaId":"239DA52B-4EB1-4294-9FBB-88F26B6C74F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*","versionStartIncluding":"150.0","versionEndExcluding":"150.0.2","matchCriteriaId":"2279D441-7CD1-4BCB-8D17-B889225EA2E7"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516","source":"security@mozilla.org","tags":["Broken Link"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-40/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-41/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-42/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-43/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-44/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8093","sourceIdentifier":"security@mozilla.org","published":"2026-05-07T13:16:14.317","lastModified":"2026-05-11T15:12:48.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.2","matchCriteriaId":"E9A26BD7-6C9D-4FB0-A8CF-F70669481B9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.2","matchCriteriaId":"867B7793-191D-435B-BD69-8789184748C7"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1981270%2C2027154%2C2028332%2C2029327%2C2029428%2C2029894%2C2032189%2C2034837%2C2035968%2C2036256","source":"security@mozilla.org","tags":["Broken Link"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-40/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-43/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8094","sourceIdentifier":"security@mozilla.org","published":"2026-05-07T13:16:14.430","lastModified":"2026-05-11T15:12:23.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","versionEndExcluding":"140.10.2","matchCriteriaId":"5B8D4D01-7F7A-4D2F-99B3-29568F385D58"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"140.10.2","matchCriteriaId":"3A9A22C6-2E6B-4DE6-923D-A7BA854A1261"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2035939","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-41/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-44/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41519","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T15:16:07.160","lastModified":"2026-05-11T17:00:55.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via \"cycle_session_keys()\", but DRF API tokens (\"wlu_*\" prefix) stored in \"authtoken_token\" are not revoked. This issue has been patched in version 5.17.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17.1","matchCriteriaId":"883115A9-8BF0-460B-B711-BDC6C4FCBE10"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/commit/649a2da81700542f95c0807b3c625fc3bb0eaf95","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/19057","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6j8j-4qp3-36p2","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41654","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T15:16:07.907","lastModified":"2026-05-11T15:30:11.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed scheme (e.g. file://, git://). Weblate persists the component via Component.objects.bulk_create([component])[0], which bypasses Django's full_clean() and therefore never runs the validate_repo_url validator. The URL is subsequently written verbatim into .git/config by configure_repo(pull=False). This issue has been patched in version 5.17.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17.1","matchCriteriaId":"883115A9-8BF0-460B-B711-BDC6C4FCBE10"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/commit/e1eff1f517c1ee315d69581910baaabb724e5ef0","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/commit/e4b67a76d95d5165ecb9937f7485fd79223b7f14","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/19061","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/19062","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-cwcx-382v-8m9g","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44263","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T15:16:10.613","lastModified":"2026-05-11T17:24:45.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17.1","matchCriteriaId":"883115A9-8BF0-460B-B711-BDC6C4FCBE10"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/19258","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44264","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T15:16:10.760","lastModified":"2026-05-11T14:50:31.097","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17.1","matchCriteriaId":"883115A9-8BF0-460B-B711-BDC6C4FCBE10"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/commit/85abc9df88b7464f4c0e794aef752e45f4230f75","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/19259","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5cmv-3rc4-7279","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42215","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T19:16:01.640","lastModified":"2026-05-11T17:45:39.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False. This issue has been patched in version 3.1.47."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*","versionStartIncluding":"3.1.30","versionEndExcluding":"3.1.47","matchCriteriaId":"701208D3-FB36-4DB9-9553-7325AA3B3B9F"}]}]}],"references":[{"url":"https://github.com/gitpython-developers/GitPython/releases/tag/3.1.47","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44244","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T19:16:02.357","lastModified":"2026-05-11T17:44:36.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \\n becomes \\n\\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*","versionEndExcluding":"3.1.49","matchCriteriaId":"70BE59C2-ACE5-4E12-AC75-DCCE43007E3F"}]}]}],"references":[{"url":"https://github.com/gitpython-developers/GitPython/releases/tag/3.1.49","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-v87r-6q3f-2j67","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-v87r-6q3f-2j67","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8097","sourceIdentifier":"cna@vuldb.com","published":"2026-05-07T21:16:30.727","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://github.com/suze233/CVE/issues/1","source":"cna@vuldb.com"},{"url":"https://codeastro.com/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808115","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/361849","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/361849/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8098","sourceIdentifier":"cna@vuldb.com","published":"2026-05-07T21:16:30.900","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://code-projects.org/","source":"cna@vuldb.com"},{"url":"https://github.com/redshadowword-cell/CVE/issues/3","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808126","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/361851","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/361851/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-6736","sourceIdentifier":"product-cna@github.com","published":"2026-05-07T22:16:36.753","lastModified":"2026-05-11T17:20:51.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce the authentication restriction, allowing account creation and session establishment without identity provider validation. The created account was limited to the default base permissions configured on the instance. Exploitation required network access to a GHES instance configured with an external authentication provider. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.2, 3.19.6, 3.18.9, 3.17.15, and 3.16.18."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionEndExcluding":"3.16.18","matchCriteriaId":"30904527-43B5-453A-A669-7845C2643965"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17.0","versionEndExcluding":"3.17.15","matchCriteriaId":"D594E173-80DE-4EC9-9E6C-8C78A80D1402"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.0","versionEndExcluding":"3.18.9","matchCriteriaId":"2501EC91-4CD0-49F5-B76A-558EB5A5946C"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19.0","versionEndExcluding":"3.19.6","matchCriteriaId":"F2D6ABE3-EF68-4DDC-9846-9A891C859477"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.20.0","versionEndExcluding":"3.20.2","matchCriteriaId":"FC8A09E8-5FFE-43F1-BC1A-14A298264D80"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.18","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.15","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.9","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.6","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.2","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7541","sourceIdentifier":"product-cna@github.com","published":"2026-05-07T22:16:36.917","lastModified":"2026-05-11T17:19:36.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodies without size or depth limits, causing excessive CPU and memory consumption. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.2, 3.19.6, 3.18.9, 3.17.15, and 3.16.18. This vulnerability was reported via the GitHub Bug Bounty program."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionEndExcluding":"3.16.18","matchCriteriaId":"30904527-43B5-453A-A669-7845C2643965"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17.0","versionEndExcluding":"3.17.15","matchCriteriaId":"D594E173-80DE-4EC9-9E6C-8C78A80D1402"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.0","versionEndExcluding":"3.18.9","matchCriteriaId":"2501EC91-4CD0-49F5-B76A-558EB5A5946C"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19.0","versionEndExcluding":"3.19.6","matchCriteriaId":"F2D6ABE3-EF68-4DDC-9846-9A891C859477"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.20.0","versionEndExcluding":"3.20.2","matchCriteriaId":"FC8A09E8-5FFE-43F1-BC1A-14A298264D80"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.18","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.15","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.9","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.6","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.2","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8034","sourceIdentifier":"product-cna@github.com","published":"2026-05-07T22:16:37.230","lastModified":"2026-05-11T17:18:27.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a different URL parser than the request library, enabling a crafted URL to pass validation while directing the request to an unintended host. Exploitation required network access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.16.18, 3.17.15, 3.18.9, 3.19.6, and 3.20.2. This vulnerability was reported via the GitHub Bug Bounty program."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionEndExcluding":"3.16.18","matchCriteriaId":"30904527-43B5-453A-A669-7845C2643965"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17.0","versionEndExcluding":"3.17.15","matchCriteriaId":"D594E173-80DE-4EC9-9E6C-8C78A80D1402"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.0","versionEndExcluding":"3.18.9","matchCriteriaId":"2501EC91-4CD0-49F5-B76A-558EB5A5946C"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19.0","versionEndExcluding":"3.19.6","matchCriteriaId":"F2D6ABE3-EF68-4DDC-9846-9A891C859477"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.20.0","versionEndExcluding":"3.20.2","matchCriteriaId":"FC8A09E8-5FFE-43F1-BC1A-14A298264D80"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.18","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.15","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.9","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.6","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.2","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8106","sourceIdentifier":"product-cna@github.com","published":"2026-05-07T22:16:37.377","lastModified":"2026-05-11T17:12:47.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an attacker to inject a form element that could capture administrator credentials. Exploitation required an administrator to click a crafted link and enter their credentials. This vulnerability affected GitHub Enterprise Server versions 3.19.1 through 3.19.5 and 3.20.0 through 3.20.1, and was fixed in versions 3.19.6 and 3.20.2. This vulnerability was reported via the GitHub Bug Bounty program."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19.1","versionEndExcluding":"3.19.6","matchCriteriaId":"F71305E0-C008-45FF-8EDC-46D14F07DD51"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.20.0","versionEndExcluding":"3.20.2","matchCriteriaId":"FC8A09E8-5FFE-43F1-BC1A-14A298264D80"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.6","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.2","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42880","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T23:16:32.450","lastModified":"2026-05-11T17:46:18.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-212"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.11","matchCriteriaId":"7D45D78D-37C6-4090-849B-BE4B9F873741"},{"vulnerable":true,"criteria":"cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.9","matchCriteriaId":"8A57863A-48B6-4926-87C7-6FBBE3E30A4B"}]}]}],"references":[{"url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8119","sourceIdentifier":"cna@vuldb.com","published":"2026-05-08T01:16:08.367","lastModified":"2026-05-11T14:29:35.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.7","matchCriteriaId":"0A46BC99-08E7-4D40-A908-76121E4AFCD5"}]}]}],"references":[{"url":"https://github.com/open5gs/open5gs/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/open5gs/open5gs/issues/4431","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking"]},{"url":"https://vuldb.com/submit/808420","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry","Exploit"]},{"url":"https://vuldb.com/vuln/361906","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361906/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8120","sourceIdentifier":"cna@vuldb.com","published":"2026-05-08T01:16:09.643","lastModified":"2026-05-11T14:28:27.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.7","matchCriteriaId":"0A46BC99-08E7-4D40-A908-76121E4AFCD5"}]}]}],"references":[{"url":"https://github.com/open5gs/open5gs/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/open5gs/open5gs/issues/4432","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking"]},{"url":"https://vuldb.com/submit/808421","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry","Exploit"]},{"url":"https://vuldb.com/vuln/361907","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361907/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/submit/808421","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","VDB Entry","Exploit"]}]}},{"cve":{"id":"CVE-2026-8121","sourceIdentifier":"cna@vuldb.com","published":"2026-05-08T01:16:09.860","lastModified":"2026-05-11T14:26:39.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.7","matchCriteriaId":"0A46BC99-08E7-4D40-A908-76121E4AFCD5"}]}]}],"references":[{"url":"https://github.com/open5gs/open5gs/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/open5gs/open5gs/issues/4433","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking"]},{"url":"https://vuldb.com/submit/808422","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry","Exploit"]},{"url":"https://vuldb.com/submit/808424","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361908","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361908/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8122","sourceIdentifier":"cna@vuldb.com","published":"2026-05-08T01:16:10.053","lastModified":"2026-05-11T14:00:25.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.7","matchCriteriaId":"0A46BC99-08E7-4D40-A908-76121E4AFCD5"}]}]}],"references":[{"url":"https://github.com/open5gs/open5gs/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/open5gs/open5gs/issues/4435","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking"]},{"url":"https://vuldb.com/submit/808425","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry","Exploit"]},{"url":"https://vuldb.com/vuln/361909","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361909/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8123","sourceIdentifier":"cna@vuldb.com","published":"2026-05-08T02:16:07.803","lastModified":"2026-05-11T13:39:21.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.7","matchCriteriaId":"0A46BC99-08E7-4D40-A908-76121E4AFCD5"}]}]}],"references":[{"url":"https://github.com/open5gs/open5gs/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/open5gs/open5gs/issues/4436","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking"]},{"url":"https://vuldb.com/submit/808426","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry","Exploit"]},{"url":"https://vuldb.com/vuln/361910","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361910/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-8138","sourceIdentifier":"cna@vuldb.com","published":"2026-05-08T05:16:11.833","lastModified":"2026-05-11T13:00:50.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:cx12l_firmware:16.03.53.12:*:*:*:*:*:*:*","matchCriteriaId":"29A51177-6DA7-402C-A044-90E0A6233460"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:cx12l:-:*:*:*:*:*:*:*","matchCriteriaId":"1BDC7968-7172-486D-9D64-76288E9FBDE9"}]}]}],"references":[{"url":"https://github.com/cve-a/lvdan/issues/6","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory","Issue Tracking"]},{"url":"https://vuldb.com/submit/808867","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361927","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361927/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-8148","sourceIdentifier":"cve@navercorp.com","published":"2026-05-08T05:16:12.030","lastModified":"2026-05-11T12:59:38.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM via registry manipulation due to improper privilege checks."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@navercorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:navercorp:mybox:*:*:*:*:*:windows:*:*","versionEndExcluding":"3.0.11.160","matchCriteriaId":"7A973496-E862-482B-A240-D2E376822DF0"}]}]}],"references":[{"url":"https://cve.naver.com/detail/cve-2026-8148.html","source":"cve@navercorp.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-47268","sourceIdentifier":"cve@mitre.org","published":"2026-05-08T06:16:08.667","lastModified":"2026-05-11T12:58:54.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:prusa3d:prusaslicer:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.1","matchCriteriaId":"D2E1112B-142F-42E3-8235-FD5E37319549"}]}]}],"references":[{"url":"https://help.prusa3d.com/article/post-processing-scripts_283913","source":"cve@mitre.org","tags":["Product"]},{"url":"https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/local-exploits/39547.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://slic3r.org/download/","source":"cve@mitre.org","tags":["Not Applicable"]},{"url":"https://www.prusa3d.com/page/prusaslicer_424/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/local-exploits/39547.txt","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-8153","sourceIdentifier":"1b7e193f-2525-49a1-b171-84af8827c9eb","published":"2026-05-08T12:16:29.977","lastModified":"2026-05-11T10:16:15.380","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS."}],"metrics":{"cvssMetricV31":[{"source":"1b7e193f-2525-49a1-b171-84af8827c9eb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"1b7e193f-2525-49a1-b171-84af8827c9eb","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.universal-robots.com/developer/communication-protocol/dashboard-server/","source":"1b7e193f-2525-49a1-b171-84af8827c9eb"}]}},{"cve":{"id":"CVE-2025-66170","sourceIdentifier":"security@apache.org","published":"2026-05-08T13:16:35.360","lastModified":"2026-05-11T15:24:18.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment. This vulnerability does not allow them to see the contents of the backup.\n\nUsers are recommended to upgrade to version 4.22.0.1, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*","versionStartIncluding":"4.21.0.0","versionEndExcluding":"4.22.0.1","matchCriteriaId":"78690ED1-C4B3-4DC9-9B53-FB31D6D17125"}]}]}],"references":[{"url":"https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/09/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-66467","sourceIdentifier":"security@apache.org","published":"2026-05-08T13:16:35.720","lastModified":"2026-05-11T12:57:20.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys.\n\nUsers are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue."}],"metrics":{"cvssMetricV31":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0.0","versionEndExcluding":"4.20.3.0","matchCriteriaId":"C4510E55-3BB6-449E-B53C-62AF46245DF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*","versionStartIncluding":"4.21.0.0","versionEndExcluding":"4.22.0.1","matchCriteriaId":"78690ED1-C4B3-4DC9-9B53-FB31D6D17125"}]}]}],"references":[{"url":"https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/09/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-25077","sourceIdentifier":"security@apache.org","published":"2026-05-08T13:16:36.133","lastModified":"2026-05-10T15:16:27.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of the KVM-based infrastructure managed by CloudStack.\n\n\nUsers are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11.0.0","versionEndExcluding":"4.20.3.0","matchCriteriaId":"B26B4D15-F80A-4383-9960-DADA4363CE29"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*","versionStartIncluding":"4.21.0.0","versionEndExcluding":"4.22.0.1","matchCriteriaId":"78690ED1-C4B3-4DC9-9B53-FB31D6D17125"}]}]}],"references":[{"url":"https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/09/6","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41512","sourceIdentifier":"security-advisories@github.com","published":"2026-05-08T14:16:34.433","lastModified":"2026-05-11T17:20:02.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:0din_scanner:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.4.1","matchCriteriaId":"181C627F-1DB3-4C79-B6D4-3245A2663F2F"}]}]}],"references":[{"url":"https://github.com/0din-ai/ai-scanner/releases/tag/v1.4.1","source":"security-advisories@github.com","tags":["Patch","Product"]},{"url":"https://github.com/0din-ai/ai-scanner/security/advisories/GHSA-r27j-xxgx-f5vr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/0din-ai/ai-scanner/security/advisories/GHSA-r27j-xxgx-f5vr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7652","sourceIdentifier":"security@wordfence.com","published":"2026-05-09T03:16:15.117","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint customer's email address to its linked WordPress user account via wp_update_user() without any ownership verification, combined with the guest booking flow's ability to overwrite an existing customer's email through phone-based merge without authentication. This makes it possible for unauthenticated attackers to overwrite the email address of a non-super-admin WordPress user account that is not yet linked to a LatePoint customer, enabling full account takeover by subsequently triggering the standard WordPress password-reset flow to the attacker-controlled address granted the plugin is configured with WordPress user integration enabled, phone-based contact merging, and customer authentication disabled. Administrator accounts on single-site installs are not affected."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/latepoint.php#L1165","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/lib/helpers/customer_helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/lib/helpers/steps_helper.php#L1940","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/lib/helpers/steps_helper.php#L1972","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/latepoint.php#L1165","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/customer_helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/steps_helper.php#L1940","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/steps_helper.php#L1972","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/latepoint.php#L1165","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/customer_helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/steps_helper.php#L1940","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/steps_helper.php#L1972","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3522933/latepoint/trunk/latepoint.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Flatepoint/tags/5.5.0&new_path=%2Flatepoint/tags/5.5.1","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bdaa32cd-a148-4554-9fd5-f5b0a5b2d1c3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8185","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T11:16:28.203","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component. The vendor replied: \"We have successfully confirmed and reproduced the issue. We take this matter very seriously and have incorporated the fix into our development schedule. The issue is scheduled to be resolved in the release version coming in late April.\""}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P","baseScore":5.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://vuldb.com/submit/793588","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362337","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362337/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8198","sourceIdentifier":"security@wordfence.com","published":"2026-05-09T13:16:43.687","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an Authorization header skip Bearer token validation and fall through to an unconditional return true statement, bypassing all authentication checks. This makes it possible for unauthenticated attackers to access the /wp-json/logtivity/v1/options REST API endpoint and retrieve all plugin configuration options, including the logtivity_site_api_key which can be used to impersonate the site in API calls to the Logtivity service."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/logtivity/tags/3.3.6/Core/Services/Logtivity_Rest_Endpoints.php#L47","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logtivity/tags/3.3.6/Core/Services/Logtivity_Rest_Endpoints.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logtivity/tags/3.3.7/Core/Services/Logtivity_Rest_Endpoints.php#L47","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logtivity/tags/3.3.7/Core/Services/Logtivity_Rest_Endpoints.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3507386/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/65ca20b0-0831-4f60-9021-679be6c145ef?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8193","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T19:16:10.290","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://drive.google.com/file/d/1zC8gMYeIfZi3CsK6RXBQINU_mllXH_6n/view?usp=drive_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/800984","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362345","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362345/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8194","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T20:16:30.320","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through a pull request but has not reacted yet."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/az10b/security-advisories/blob/main/csrf_bypass_osTicket.md","source":"cna@vuldb.com"},{"url":"https://github.com/osTicket/osTicket/","source":"cna@vuldb.com"},{"url":"https://github.com/osTicket/osTicket/pull/6945","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/802755","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362346","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362346/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8195","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T20:16:30.517","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/xpp3901/CVE_APPLY/blob/main/V-006_SVG_Stored_XSS/README.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/803528","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362347","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362347/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8196","sourceIdentifier":"cna@vuldb.com","published":"2026-05-09T21:16:26.793","lastModified":"2026-05-11T15:11:48.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/xpp3901/CVE_APPLY/tree/main/V-009_mLogin_Captcha_Bypass","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/803529","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362348","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362348/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8214","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T01:16:07.907","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://gist.github.com/0xb1lal/3ef872a445310c5866d07d6a5b1803fa","source":"cna@vuldb.com"},{"url":"https://hawktrace.com/blog/caniaserp/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808238","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362431","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362431/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8215","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T01:16:08.090","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://gist.github.com/0xb1lal/3885c69998516685e3ea833403b9db2b","source":"cna@vuldb.com"},{"url":"https://hawktrace.com/blog/caniaserp/","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808242","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362432","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362432/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8216","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T01:16:08.263","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://hawktrace.com/blog/caniaserp","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808244","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362433","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362433/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8217","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T02:16:08.833","lastModified":"2026-05-11T16:17:40.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://gist.github.com/0xb1lal/6ccc2356e7e0a26f7b8a6bd6f0d84bbb","source":"cna@vuldb.com"},{"url":"https://hawktrace.com/blog/caniaserp","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808262","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362434","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362434/cti","source":"cna@vuldb.com"},{"url":"https://hawktrace.com/blog/caniaserp/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8218","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T02:16:10.110","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808252","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808259","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362435","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362435/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8219","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T02:16:10.307","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808257","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362436","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362436/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8220","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T03:16:07.703","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808261","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362437","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362437/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8221","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T03:16:08.523","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808263","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362438","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362438/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8241","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T09:16:31.840","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://gist.github.com/0xb1lal/6f3f050f08cff569ecbde586e63c6bea","source":"cna@vuldb.com"},{"url":"https://hawktrace.com/blog/caniaserp","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808270","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362457","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362457/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8242","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T09:16:32.027","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"},{"lang":"en","value":"CWE-204"}]}],"references":[{"url":"https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624","source":"cna@vuldb.com"},{"url":"https://hawktrace.com/blog/caniaserp","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808295","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362458","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362458/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8243","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T09:16:32.200","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-320"},{"lang":"en","value":"CWE-321"}]}],"references":[{"url":"https://vuldb.com/submit/808296","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362459","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362459/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8244","sourceIdentifier":"cna@vuldb.com","published":"2026-05-10T10:16:13.040","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://gist.github.com/0xb1lal/758bbc5e4d82efea248e675da934ac69","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808326","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362460","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362460/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8253","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T00:16:33.590","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808277","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362550","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362550/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8254","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T00:16:33.770","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808279","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362551","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362551/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8255","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T00:16:33.960","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808526","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362552","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362552/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8256","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T02:16:26.867","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/808527","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362553","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362553/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8259","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T02:16:27.417","lastModified":"2026-05-11T17:07:02.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*","matchCriteriaId":"D82FD30C-AF3C-4E3B-B674-002A5C9ED09D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*","matchCriteriaId":"E382AD7E-1450-40FC-AE9D-698B491805F0"}]}]}],"references":[{"url":"https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20TendaTelnet%20Command%20Injection.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/809877","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362556","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362556/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-8262","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T02:16:27.930","lastModified":"2026-05-11T15:08:09.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://olografix.org/acme/_poc/ERP_Online-POC1.gif","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/809930","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362559","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/362559/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-8264","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T04:16:17.023","lastModified":"2026-05-11T17:04:06.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*","matchCriteriaId":"D82FD30C-AF3C-4E3B-B674-002A5C9ED09D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*","matchCriteriaId":"E382AD7E-1450-40FC-AE9D-698B491805F0"}]}]}],"references":[{"url":"https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20formWifiApScan%20Command%20Injection%20via%20country%20parameter.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/810075","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362561","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362561/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-8265","sourceIdentifier":"cna@vuldb.com","published":"2026-05-11T04:16:19.860","lastModified":"2026-05-11T17:03:22.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*","matchCriteriaId":"D82FD30C-AF3C-4E3B-B674-002A5C9ED09D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*","matchCriteriaId":"E382AD7E-1450-40FC-AE9D-698B491805F0"}]}]}],"references":[{"url":"https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20get_log_file%20Command%20Injection%20via%20wans.flag.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/submit/810076","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362562","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/362562/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2025-63750","sourceIdentifier":"cve@mitre.org","published":"2026-05-11T16:17:28.850","lastModified":"2026-05-11T16:17:28.850","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."}],"metrics":{},"references":[]}}]}